Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Sirefef.P as well as Exploit:Java/CVE-2012-1723.A** [Solv


  • This topic is locked This topic is locked

#1
alexxx91

alexxx91

    Member

  • Member
  • PipPip
  • 15 posts
Hi, for the past month or two, Microsoft Security Essentials keeps detecting Sirefef.P and this weird Java exploit, CVE-2012-A**. So far it has begun to slow down my computer while browsing the internet and crashing my web browser. Aside from that I have had no bigger problems but I would very much like to get rid of this. I have attached a DDS text file with this message. Thank you very much.

Attached Files

  • Attached File  DDS.txt   23.78KB   96 downloads

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, thank you for the hasty reply. Having done everything according to your instructions, my computer seems to be running normally with no visible problems. Here is each report in order:

CHECKUP:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````


ADWCLEANER:


# AdwCleaner v2.004 - Logfile created 10/10/2012 at 00:22:55
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-HP
# Boot Mode : Normal
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

*************************

AdwCleaner[R1].txt - [1434 octets] - [10/10/2012 00:22:36]
AdwCleaner[S1].txt - [1231 octets] - [10/10/2012 00:22:55]

########## EOF - C:\AdwCleaner[S1].txt - [1291 octets] ##########

ROGUEKILLER:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 10/10/2012 00:27:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : PydcCCBGCsduGr.exe (C:\ProgramData\PydcCCBGCsduGr.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3792440707-1683516893-401844145-1001[...]\Run : PydcCCBGCsduGr.exe (C:\ProgramData\PydcCCBGCsduGr.exe) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b766001f-09b1-e46e-b8a5-cee22ae02655}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\User\AppData\Local\{b766001f-09b1-e46e-b8a5-cee22ae02655}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\User\AppData\Local\{b766001f-09b1-e46e-b8a5-cee22ae02655}\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST964032 0AS SATA Disk Device +++++
--- User ---
[MBR] 4f74f53e5847d360c195bfb8acb52d71
[BSP] 734ada28caf28e87245c2357477cd006 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 594349 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1217636352 | Size: 15827 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 26a9f055083a541132b0f264fee69524
[BSP] 734ada28caf28e87245c2357477cd006 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

While this last report was being generated, the following website popped up:
http://tigzyrk.blogs...access-max.html
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
While running Combofix, it detected Microsoft Security Essentials as still running despite having followed the links to deactivate all antivirus and antispyware defense on my computer. I'd rather not run Combofix until receiving confirmation from you.
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
yes go ahead and run it


gringo
  • 0

#7
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Combofix generated the report upon reboot, however whenever I now try to access any kind of program I get the message: C:\Program Files (x86)\******\***.exe Illegal operation attempted on a registry key that has been marked for deletion. I had to run Firefox as administrator but I cannot do this with a .txt file. My desktop background reverted to a previous background too as a side note. Internet is running smoothly however.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
restart the computer and send me the report


gringo
  • 0

#9
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ComboFix 12-10-09.01 - User 10/10/2012 1:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3835.2333 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 05:55 . 2012-10-10 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 05:35 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5949096C-8B3C-474B-BDB7-76A24C89E803}\mpengine.dll
2012-10-08 01:35 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 05:17 . 2012-10-02 05:17 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-09-25 23:51 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 21:33 . 2012-05-27 08:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:33 . 2011-06-27 02:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 00:00 . 2011-06-26 10:44 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 04:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-18 18:15 . 2012-08-16 00:41 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-12-01 1188616]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-12-01 52736]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-12-01 484224]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 187912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-26 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-09 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-12-01 679176]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-04-10 2424424]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-09 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-09 309760]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-12-01 4150864]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1028096]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-04-10 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:33]
.
2012-09-29 c:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-09 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 130.63.9.18 130.63.10.18
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg8bvb.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-10-10 02:03:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-10 06:03
.
Pre-Run: 307,389,677,568 bytes free
Post-Run: 309,459,963,904 bytes free
.
- - End Of File - - 3AFB1B658B090FC89EC36C002389C055

Upon restart, all programs now open normally.
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

Advertisements


#11
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
TDSSKiller:
02:55:40.0363 4688 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
02:55:40.0628 4688 ============================================================
02:55:40.0628 4688 Current date / time: 2012/10/10 02:55:40.0628
02:55:40.0628 4688 SystemInfo:
02:55:40.0628 4688
02:55:40.0628 4688 OS Version: 6.1.7601 ServicePack: 1.0
02:55:40.0628 4688 Product type: Workstation
02:55:40.0628 4688 ComputerName: USER-HP
02:55:40.0628 4688 UserName: User
02:55:40.0628 4688 Windows directory: C:\Windows
02:55:40.0628 4688 System windows directory: C:\Windows
02:55:40.0628 4688 Running under WOW64
02:55:40.0628 4688 Processor architecture: Intel x64
02:55:40.0628 4688 Number of processors: 4
02:55:40.0628 4688 Page size: 0x1000
02:55:40.0628 4688 Boot type: Normal boot
02:55:40.0628 4688 ============================================================
02:55:41.0892 4688 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:55:41.0907 4688 ============================================================
02:55:41.0907 4688 \Device\Harddisk0\DR0:
02:55:41.0907 4688 MBR partitions:
02:55:41.0907 4688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
02:55:41.0907 4688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x488D6800
02:55:41.0907 4688 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4893A800, BlocksNum 0x1EE9800
02:55:41.0907 4688 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
02:55:41.0907 4688 ============================================================
02:55:41.0923 4688 C: <-> \Device\Harddisk0\DR0\Partition2
02:55:41.0970 4688 D: <-> \Device\Harddisk0\DR0\Partition3
02:55:41.0985 4688 F: <-> \Device\Harddisk0\DR0\Partition4
02:55:41.0985 4688 ============================================================
02:55:41.0985 4688 Initialize success
02:55:41.0985 4688 ============================================================
02:55:44.0341 3976 ============================================================
02:55:44.0341 3976 Scan started
02:55:44.0341 3976 Mode: Manual;
02:55:44.0341 3976 ============================================================
02:55:45.0651 3976 ================ Scan system memory ========================
02:55:45.0651 3976 System memory - ok
02:55:45.0667 3976 ================ Scan services =============================
02:55:46.0057 3976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
02:55:46.0057 3976 1394ohci - ok
02:55:46.0119 3976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
02:55:46.0119 3976 ACPI - ok
02:55:46.0151 3976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
02:55:46.0166 3976 AcpiPmi - ok
02:55:46.0307 3976 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:55:46.0307 3976 AdobeFlashPlayerUpdateSvc - ok
02:55:46.0369 3976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:55:46.0385 3976 adp94xx - ok
02:55:46.0416 3976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:55:46.0431 3976 adpahci - ok
02:55:46.0463 3976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:55:46.0478 3976 adpu320 - ok
02:55:46.0509 3976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:55:46.0509 3976 AeLookupSvc - ok
02:55:46.0556 3976 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
02:55:46.0572 3976 AFD - ok
02:55:46.0619 3976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:55:46.0619 3976 agp440 - ok
02:55:46.0650 3976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
02:55:46.0650 3976 ALG - ok
02:55:46.0681 3976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
02:55:46.0681 3976 aliide - ok
02:55:46.0728 3976 [ E218B9F4BA3E147540096CF5948C4F93 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
02:55:46.0743 3976 AMD External Events Utility - ok
02:55:46.0775 3976 AMD FUEL Service - ok
02:55:46.0821 3976 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
02:55:46.0837 3976 AMD Reservation Manager - ok
02:55:46.0884 3976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
02:55:46.0884 3976 amdide - ok
02:55:46.0915 3976 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
02:55:46.0915 3976 amdiox64 - ok
02:55:46.0946 3976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:55:46.0946 3976 AmdK8 - ok
02:55:47.0211 3976 [ DD11112C9DE9F176A8EB3A1BED85F141 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
02:55:47.0492 3976 amdkmdag - ok
02:55:47.0523 3976 [ 5EBFFFF7A70FCE0670A3D632459E0AE5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
02:55:47.0539 3976 amdkmdap - ok
02:55:47.0570 3976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:55:47.0570 3976 AmdPPM - ok
02:55:47.0617 3976 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:55:47.0633 3976 amdsata - ok
02:55:47.0664 3976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:55:47.0679 3976 amdsbs - ok
02:55:47.0695 3976 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:55:47.0695 3976 amdxata - ok
02:55:47.0726 3976 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
02:55:47.0726 3976 amd_sata - ok
02:55:47.0757 3976 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
02:55:47.0757 3976 amd_xata - ok
02:55:47.0789 3976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
02:55:47.0804 3976 AppID - ok
02:55:47.0835 3976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:55:47.0835 3976 AppIDSvc - ok
02:55:47.0867 3976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
02:55:47.0867 3976 Appinfo - ok
02:55:47.0960 3976 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:55:47.0976 3976 Apple Mobile Device - ok
02:55:48.0038 3976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
02:55:48.0038 3976 arc - ok
02:55:48.0069 3976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:55:48.0085 3976 arcsas - ok
02:55:48.0116 3976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:55:48.0116 3976 AsyncMac - ok
02:55:48.0163 3976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
02:55:48.0163 3976 atapi - ok
02:55:48.0225 3976 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
02:55:48.0257 3976 athr - ok
02:55:48.0335 3976 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
02:55:48.0335 3976 AtiHdmiService - ok
02:55:48.0350 3976 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
02:55:48.0350 3976 AtiPcie - ok
02:55:48.0413 3976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:55:48.0444 3976 AudioEndpointBuilder - ok
02:55:48.0475 3976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
02:55:48.0491 3976 AudioSrv - ok
02:55:48.0537 3976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:55:48.0537 3976 AxInstSV - ok
02:55:48.0600 3976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
02:55:48.0615 3976 b06bdrv - ok
02:55:48.0662 3976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
02:55:48.0678 3976 b57nd60a - ok
02:55:48.0756 3976 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
02:55:48.0771 3976 BBSvc - ok
02:55:48.0787 3976 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
02:55:48.0803 3976 BBUpdate - ok
02:55:48.0834 3976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
02:55:48.0834 3976 BDESVC - ok
02:55:48.0881 3976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
02:55:48.0881 3976 Beep - ok
02:55:48.0943 3976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
02:55:48.0974 3976 BFE - ok
02:55:49.0021 3976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
02:55:49.0052 3976 BITS - ok
02:55:49.0083 3976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:55:49.0099 3976 blbdrive - ok
02:55:49.0224 3976 [ E7062088161C56BF42E7DBA53664E584 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
02:55:49.0349 3976 Bluetooth Device Manager - ok
02:55:49.0411 3976 [ 21B1CB06C0254BBC08B8C30D8F282E69 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
02:55:49.0442 3976 Bluetooth Media Service - ok
02:55:49.0473 3976 [ 0BC0DC720F22A9D6D721FD5B7D15E84F ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
02:55:49.0505 3976 Bluetooth OBEX Service - ok
02:55:49.0583 3976 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
02:55:49.0598 3976 Bonjour Service - ok
02:55:49.0629 3976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:55:49.0629 3976 bowser - ok
02:55:49.0661 3976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:55:49.0661 3976 BrFiltLo - ok
02:55:49.0692 3976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:55:49.0707 3976 BrFiltUp - ok
02:55:49.0739 3976 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:55:49.0739 3976 BridgeMP - ok
02:55:49.0770 3976 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
02:55:49.0785 3976 Browser - ok
02:55:49.0801 3976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:55:49.0817 3976 Brserid - ok
02:55:49.0832 3976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:55:49.0832 3976 BrSerWdm - ok
02:55:49.0863 3976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:55:49.0863 3976 BrUsbMdm - ok
02:55:49.0895 3976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:55:49.0895 3976 BrUsbSer - ok
02:55:49.0941 3976 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
02:55:49.0941 3976 BthEnum - ok
02:55:49.0988 3976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:55:49.0988 3976 BTHMODEM - ok
02:55:50.0019 3976 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
02:55:50.0019 3976 BthPan - ok
02:55:50.0082 3976 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
02:55:50.0113 3976 BTHPORT - ok
02:55:50.0160 3976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
02:55:50.0160 3976 bthserv - ok
02:55:50.0207 3976 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
02:55:50.0222 3976 BTHUSB - ok
02:55:50.0269 3976 [ 6D3FF2B480F7AB8DA103CBC7FBEACD48 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
02:55:50.0269 3976 BTMCOM - ok
02:55:50.0316 3976 [ 8515AA7DC5ECEBDFCC480D2001398BD7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
02:55:50.0347 3976 BTMUSB - ok
02:55:50.0378 3976 catchme - ok
02:55:50.0425 3976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:55:50.0425 3976 cdfs - ok
02:55:50.0487 3976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
02:55:50.0487 3976 cdrom - ok
02:55:50.0534 3976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
02:55:50.0534 3976 CertPropSvc - ok
02:55:50.0565 3976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:55:50.0565 3976 circlass - ok
02:55:50.0597 3976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
02:55:50.0597 3976 CLFS - ok
02:55:50.0675 3976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:55:50.0675 3976 clr_optimization_v2.0.50727_32 - ok
02:55:50.0721 3976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:55:50.0721 3976 clr_optimization_v2.0.50727_64 - ok
02:55:50.0815 3976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:55:50.0815 3976 clr_optimization_v4.0.30319_32 - ok
02:55:50.0846 3976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:55:50.0862 3976 clr_optimization_v4.0.30319_64 - ok
02:55:50.0893 3976 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
02:55:50.0893 3976 clwvd - ok
02:55:50.0924 3976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:55:50.0971 3976 CmBatt - ok
02:55:51.0002 3976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:55:51.0018 3976 cmdide - ok
02:55:51.0049 3976 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
02:55:51.0065 3976 CNG - ok
02:55:51.0111 3976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:55:51.0111 3976 Compbatt - ok
02:55:51.0158 3976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
02:55:51.0174 3976 CompositeBus - ok
02:55:51.0189 3976 COMSysApp - ok
02:55:51.0221 3976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:55:51.0221 3976 crcdisk - ok
02:55:51.0283 3976 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:55:51.0283 3976 CryptSvc - ok
02:55:51.0361 3976 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:55:51.0377 3976 cvhsvc - ok
02:55:51.0423 3976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:55:51.0455 3976 DcomLaunch - ok
02:55:51.0501 3976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
02:55:51.0501 3976 defragsvc - ok
02:55:51.0533 3976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:55:51.0548 3976 DfsC - ok
02:55:51.0595 3976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
02:55:51.0595 3976 Dhcp - ok
02:55:51.0626 3976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
02:55:51.0626 3976 discache - ok
02:55:51.0657 3976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:55:51.0673 3976 Disk - ok
02:55:51.0704 3976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:55:51.0704 3976 Dnscache - ok
02:55:51.0735 3976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:55:51.0751 3976 dot3svc - ok
02:55:51.0782 3976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
02:55:51.0782 3976 DPS - ok
02:55:51.0829 3976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:55:51.0845 3976 drmkaud - ok
02:55:51.0891 3976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:55:51.0907 3976 DXGKrnl - ok
02:55:51.0938 3976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
02:55:51.0938 3976 EapHost - ok
02:55:52.0047 3976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
02:55:52.0125 3976 ebdrv - ok
02:55:52.0172 3976 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
02:55:52.0172 3976 EFS - ok
02:55:52.0250 3976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:55:52.0281 3976 ehRecvr - ok
02:55:52.0313 3976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
02:55:52.0313 3976 ehSched - ok
02:55:52.0359 3976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:55:52.0391 3976 elxstor - ok
02:55:52.0406 3976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:55:52.0406 3976 ErrDev - ok
02:55:52.0469 3976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
02:55:52.0484 3976 EventSystem - ok
02:55:52.0515 3976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
02:55:52.0515 3976 exfat - ok
02:55:52.0547 3976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:55:52.0547 3976 fastfat - ok
02:55:52.0609 3976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
02:55:52.0640 3976 Fax - ok
02:55:52.0671 3976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:55:52.0687 3976 fdc - ok
02:55:52.0703 3976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
02:55:52.0703 3976 fdPHost - ok
02:55:52.0718 3976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
02:55:52.0734 3976 FDResPub - ok
02:55:52.0749 3976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:55:52.0749 3976 FileInfo - ok
02:55:52.0765 3976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:55:52.0765 3976 Filetrace - ok
02:55:52.0827 3976 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:55:52.0843 3976 FLEXnet Licensing Service - ok
02:55:52.0905 3976 [ 52C0312AB35EB7187015FB6A99136BB5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:55:52.0952 3976 FLEXnet Licensing Service 64 - ok
02:55:52.0983 3976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:55:52.0983 3976 flpydisk - ok
02:55:53.0015 3976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:55:53.0030 3976 FltMgr - ok
02:55:53.0077 3976 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
02:55:53.0124 3976 FontCache - ok
02:55:53.0186 3976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:55:53.0186 3976 FontCache3.0.0.0 - ok
02:55:53.0217 3976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:55:53.0233 3976 FsDepends - ok
02:55:53.0264 3976 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:55:53.0264 3976 Fs_Rec - ok
02:55:53.0311 3976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:55:53.0311 3976 fvevol - ok
02:55:53.0358 3976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:55:53.0358 3976 gagp30kx - ok
02:55:53.0420 3976 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
02:55:53.0420 3976 GameConsoleService - ok
02:55:53.0467 3976 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:55:53.0467 3976 GEARAspiWDM - ok
02:55:53.0514 3976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
02:55:53.0545 3976 gpsvc - ok
02:55:53.0576 3976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:55:53.0576 3976 hcw85cir - ok
02:55:53.0639 3976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:55:53.0654 3976 HdAudAddService - ok
02:55:53.0670 3976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
02:55:53.0685 3976 HDAudBus - ok
02:55:53.0701 3976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:55:53.0701 3976 HidBatt - ok
02:55:53.0732 3976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:55:53.0732 3976 HidBth - ok
02:55:53.0748 3976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:55:53.0748 3976 HidIr - ok
02:55:53.0779 3976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
02:55:53.0779 3976 hidserv - ok
02:55:53.0810 3976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:55:53.0810 3976 HidUsb - ok
02:55:53.0857 3976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:55:53.0857 3976 hkmsvc - ok
02:55:53.0888 3976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:55:53.0904 3976 HomeGroupListener - ok
02:55:53.0919 3976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:55:53.0935 3976 HomeGroupProvider - ok
02:55:54.0044 3976 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
02:55:54.0044 3976 HP Support Assistant Service - ok
02:55:54.0091 3976 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
02:55:54.0107 3976 HP Wireless Assistant Service - ok
02:55:54.0138 3976 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
02:55:54.0138 3976 HPClientSvc - ok
02:55:54.0231 3976 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
02:55:54.0231 3976 HPDrvMntSvc.exe - ok
02:55:54.0278 3976 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
02:55:54.0325 3976 hpqwmiex - ok
02:55:54.0387 3976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
02:55:54.0403 3976 HpSAMD - ok
02:55:54.0450 3976 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
02:55:54.0450 3976 HPWMISVC - ok
02:55:54.0497 3976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:55:54.0528 3976 HTTP - ok
02:55:54.0543 3976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:55:54.0543 3976 hwpolicy - ok
02:55:54.0606 3976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:55:54.0606 3976 i8042prt - ok
02:55:54.0637 3976 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:55:54.0668 3976 iaStorV - ok
02:55:54.0793 3976 [ 634BCD82FB1CE4B475B3D64935F3D2CC ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
02:55:54.0871 3976 IconMan_R - ok
02:55:54.0933 3976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:55:54.0980 3976 idsvc - ok
02:55:55.0167 3976 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
02:55:55.0323 3976 igfx - ok
02:55:55.0355 3976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:55:55.0355 3976 iirsp - ok
02:55:55.0417 3976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
02:55:55.0448 3976 IKEEXT - ok
02:55:55.0464 3976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
02:55:55.0479 3976 intelide - ok
02:55:55.0511 3976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:55:55.0526 3976 intelppm - ok
02:55:55.0557 3976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:55:55.0557 3976 IPBusEnum - ok
02:55:55.0589 3976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:55:55.0589 3976 IpFilterDriver - ok
02:55:55.0635 3976 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:55:55.0667 3976 iphlpsvc - ok
02:55:55.0713 3976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
02:55:55.0713 3976 IPMIDRV - ok
02:55:55.0729 3976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:55:55.0745 3976 IPNAT - ok
02:55:55.0791 3976 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:55:55.0823 3976 iPod Service - ok
02:55:55.0854 3976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:55:55.0854 3976 IRENUM - ok
02:55:55.0869 3976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:55:55.0885 3976 isapnp - ok
02:55:55.0932 3976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
02:55:55.0932 3976 iScsiPrt - ok
02:55:55.0963 3976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
02:55:55.0963 3976 kbdclass - ok
02:55:56.0010 3976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
02:55:56.0010 3976 kbdhid - ok
02:55:56.0025 3976 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
02:55:56.0041 3976 KeyIso - ok
02:55:56.0072 3976 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:55:56.0072 3976 KSecDD - ok
02:55:56.0103 3976 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:55:56.0103 3976 KSecPkg - ok
02:55:56.0135 3976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
02:55:56.0150 3976 ksthunk - ok
02:55:56.0181 3976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
02:55:56.0213 3976 KtmRm - ok
02:55:56.0259 3976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
02:55:56.0275 3976 LanmanServer - ok
02:55:56.0306 3976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:55:56.0322 3976 LanmanWorkstation - ok
02:55:56.0369 3976 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
02:55:56.0369 3976 LightScribeService - ok
02:55:56.0415 3976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:55:56.0415 3976 lltdio - ok
02:55:56.0447 3976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:55:56.0447 3976 lltdsvc - ok
02:55:56.0462 3976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:55:56.0478 3976 lmhosts - ok
02:55:56.0509 3976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:55:56.0525 3976 LSI_FC - ok
02:55:56.0556 3976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:55:56.0556 3976 LSI_SAS - ok
02:55:56.0587 3976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:55:56.0587 3976 LSI_SAS2 - ok
02:55:56.0603 3976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:55:56.0603 3976 LSI_SCSI - ok
02:55:56.0649 3976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
02:55:56.0649 3976 luafv - ok
02:55:56.0696 3976 [ 066991E50A5CBBEEFB2EC6880069CDB5 ] MAUSBFASTTRACKPRO C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
02:55:56.0696 3976 MAUSBFASTTRACKPRO - ok
02:55:56.0743 3976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:55:56.0743 3976 Mcx2Svc - ok
02:55:56.0774 3976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:55:56.0774 3976 megasas - ok
02:55:56.0805 3976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:55:56.0821 3976 MegaSR - ok
02:55:56.0852 3976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
02:55:56.0852 3976 MMCSS - ok
02:55:56.0883 3976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
02:55:56.0883 3976 Modem - ok
02:55:56.0915 3976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:55:56.0915 3976 monitor - ok
02:55:56.0961 3976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:55:56.0961 3976 mouclass - ok
02:55:56.0993 3976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:55:56.0993 3976 mouhid - ok
02:55:57.0024 3976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:55:57.0024 3976 mountmgr - ok
02:55:57.0086 3976 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:55:57.0086 3976 MozillaMaintenance - ok
02:55:57.0164 3976 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
02:55:57.0164 3976 MpFilter - ok
02:55:57.0211 3976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
02:55:57.0227 3976 mpio - ok
02:55:57.0258 3976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:55:57.0258 3976 mpsdrv - ok
02:55:57.0336 3976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
02:55:57.0367 3976 MpsSvc - ok
02:55:57.0414 3976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:55:57.0414 3976 MRxDAV - ok
02:55:57.0445 3976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:55:57.0445 3976 mrxsmb - ok
02:55:57.0507 3976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:55:57.0507 3976 mrxsmb10 - ok
02:55:57.0539 3976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:55:57.0539 3976 mrxsmb20 - ok
02:55:57.0585 3976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
02:55:57.0585 3976 msahci - ok
02:55:57.0632 3976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:55:57.0632 3976 msdsm - ok
02:55:57.0648 3976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
02:55:57.0663 3976 MSDTC - ok
02:55:57.0695 3976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:55:57.0710 3976 Msfs - ok
02:55:57.0726 3976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:55:57.0726 3976 mshidkmdf - ok
02:55:57.0741 3976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:55:57.0757 3976 msisadrv - ok
02:55:57.0788 3976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:55:57.0788 3976 MSiSCSI - ok
02:55:57.0804 3976 msiserver - ok
02:55:57.0819 3976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:55:57.0835 3976 MSKSSRV - ok
02:55:57.0913 3976 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:55:57.0913 3976 MsMpSvc - ok
02:55:57.0944 3976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:55:57.0944 3976 MSPCLOCK - ok
02:55:57.0960 3976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:55:57.0960 3976 MSPQM - ok
02:55:57.0991 3976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:55:58.0007 3976 MsRPC - ok
02:55:58.0053 3976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
02:55:58.0053 3976 mssmbios - ok
02:55:58.0085 3976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:55:58.0085 3976 MSTEE - ok
02:55:58.0100 3976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:55:58.0100 3976 MTConfig - ok
02:55:58.0131 3976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
02:55:58.0131 3976 Mup - ok
02:55:58.0178 3976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
02:55:58.0194 3976 napagent - ok
02:55:58.0241 3976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:55:58.0241 3976 NativeWifiP - ok
02:55:58.0303 3976 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:55:58.0334 3976 NDIS - ok
02:55:58.0350 3976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:55:58.0350 3976 NdisCap - ok
02:55:58.0381 3976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:55:58.0397 3976 NdisTapi - ok
02:55:58.0443 3976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:55:58.0443 3976 Ndisuio - ok
02:55:58.0475 3976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:55:58.0475 3976 NdisWan - ok
02:55:58.0506 3976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:55:58.0506 3976 NDProxy - ok
02:55:58.0521 3976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:55:58.0521 3976 NetBIOS - ok
02:55:58.0553 3976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:55:58.0553 3976 NetBT - ok
02:55:58.0584 3976 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
02:55:58.0584 3976 Netlogon - ok
02:55:58.0631 3976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
02:55:58.0646 3976 Netman - ok
02:55:58.0677 3976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
02:55:58.0709 3976 netprofm - ok
02:55:58.0771 3976 [ 2F06E01DE7A3E366185E65C41C9DEBF7 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
02:55:58.0802 3976 netr28x - ok
02:55:58.0849 3976 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:55:58.0849 3976 NetTcpPortSharing - ok
02:55:59.0021 3976 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
02:55:59.0177 3976 netw5v64 - ok
02:55:59.0223 3976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:55:59.0223 3976 nfrd960 - ok
02:55:59.0426 3976 [ 503C365AA11A0E42A110A6C20632A1E8 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
02:55:59.0567 3976 NIHardwareService - ok
02:55:59.0645 3976 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:55:59.0645 3976 NisDrv - ok
02:55:59.0676 3976 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
02:55:59.0691 3976 NisSrv - ok
02:55:59.0723 3976 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:55:59.0738 3976 NlaSvc - ok
02:55:59.0769 3976 [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
02:55:59.0769 3976 nmwcdnsux64 - ok
02:55:59.0816 3976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:55:59.0816 3976 Npfs - ok
02:55:59.0832 3976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
02:55:59.0847 3976 nsi - ok
02:55:59.0863 3976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:55:59.0863 3976 nsiproxy - ok
02:55:59.0957 3976 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:55:59.0988 3976 Ntfs - ok
02:56:00.0003 3976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
02:56:00.0019 3976 Null - ok
02:56:00.0066 3976 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:56:00.0066 3976 nvraid - ok
02:56:00.0097 3976 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:56:00.0097 3976 nvstor - ok
02:56:00.0128 3976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:56:00.0128 3976 nv_agp - ok
02:56:00.0175 3976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
02:56:00.0175 3976 ohci1394 - ok
02:56:00.0222 3976 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:56:00.0222 3976 ose - ok
02:56:00.0378 3976 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:56:00.0518 3976 osppsvc - ok
02:56:00.0565 3976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:56:00.0581 3976 p2pimsvc - ok
02:56:00.0612 3976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
02:56:00.0643 3976 p2psvc - ok
02:56:00.0659 3976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:56:00.0674 3976 Parport - ok
02:56:00.0690 3976 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:56:00.0690 3976 partmgr - ok
02:56:00.0721 3976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:56:00.0737 3976 PcaSvc - ok
02:56:00.0752 3976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
02:56:00.0768 3976 pci - ok
02:56:00.0799 3976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
02:56:00.0799 3976 pciide - ok
02:56:00.0830 3976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:56:00.0846 3976 pcmcia - ok
02:56:00.0877 3976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
02:56:00.0877 3976 pcw - ok
02:56:00.0908 3976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:56:00.0939 3976 PEAUTH - ok
02:56:01.0033 3976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
02:56:01.0033 3976 PerfHost - ok
02:56:01.0111 3976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
02:56:01.0158 3976 pla - ok
02:56:01.0205 3976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:56:01.0236 3976 PlugPlay - ok
02:56:01.0251 3976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:56:01.0267 3976 PNRPAutoReg - ok
02:56:01.0283 3976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:56:01.0298 3976 PNRPsvc - ok
02:56:01.0345 3976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:56:01.0361 3976 PolicyAgent - ok
02:56:01.0392 3976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
02:56:01.0407 3976 Power - ok
02:56:01.0439 3976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:56:01.0439 3976 PptpMiniport - ok
02:56:01.0470 3976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:56:01.0470 3976 Processor - ok
02:56:01.0517 3976 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
02:56:01.0532 3976 ProfSvc - ok
02:56:01.0548 3976 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:56:01.0548 3976 ProtectedStorage - ok
02:56:01.0595 3976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:56:01.0595 3976 Psched - ok
02:56:01.0657 3976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:56:01.0704 3976 ql2300 - ok
02:56:01.0735 3976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:56:01.0735 3976 ql40xx - ok
02:56:01.0782 3976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
02:56:01.0782 3976 QWAVE - ok
02:56:01.0797 3976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:56:01.0813 3976 QWAVEdrv - ok
02:56:01.0829 3976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:56:01.0829 3976 RasAcd - ok
02:56:01.0860 3976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:56:01.0860 3976 RasAgileVpn - ok
02:56:01.0891 3976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
02:56:01.0891 3976 RasAuto - ok
02:56:01.0922 3976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:56:01.0938 3976 Rasl2tp - ok
02:56:01.0953 3976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
02:56:01.0969 3976 RasMan - ok
02:56:02.0000 3976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:56:02.0000 3976 RasPppoe - ok
02:56:02.0031 3976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:56:02.0031 3976 RasSstp - ok
02:56:02.0063 3976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:56:02.0078 3976 rdbss - ok
02:56:02.0094 3976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:56:02.0109 3976 rdpbus - ok
02:56:02.0125 3976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:56:02.0125 3976 RDPCDD - ok
02:56:02.0156 3976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:56:02.0156 3976 RDPENCDD - ok
02:56:02.0172 3976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:56:02.0172 3976 RDPREFMP - ok
02:56:02.0219 3976 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:56:02.0219 3976 RDPWD - ok
02:56:02.0265 3976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:56:02.0265 3976 rdyboost - ok
02:56:02.0312 3976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:56:02.0312 3976 RemoteAccess - ok
02:56:02.0359 3976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:56:02.0359 3976 RemoteRegistry - ok
02:56:02.0406 3976 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
02:56:02.0406 3976 RFCOMM - ok
02:56:02.0437 3976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:56:02.0437 3976 RpcEptMapper - ok
02:56:02.0453 3976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
02:56:02.0468 3976 RpcLocator - ok
02:56:02.0499 3976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
02:56:02.0515 3976 RpcSs - ok
02:56:02.0562 3976 [ C897D551EE0DFCD8E638BF78E21D4D7F ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
02:56:02.0562 3976 RSPCIESTOR - ok
02:56:02.0593 3976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:56:02.0609 3976 rspndr - ok
02:56:02.0640 3976 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
02:56:02.0655 3976 RTL8167 - ok
02:56:02.0671 3976 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
02:56:02.0671 3976 SamSs - ok
02:56:02.0718 3976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:56:02.0718 3976 sbp2port - ok
02:56:02.0765 3976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:56:02.0765 3976 SCardSvr - ok
02:56:02.0811 3976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:56:02.0811 3976 scfilter - ok
02:56:02.0858 3976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
02:56:02.0905 3976 Schedule - ok
02:56:02.0921 3976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
02:56:02.0921 3976 SCPolicySvc - ok
02:56:02.0983 3976 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
02:56:02.0983 3976 sdbus - ok
02:56:03.0014 3976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:56:03.0030 3976 SDRSVC - ok
02:56:03.0061 3976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:56:03.0061 3976 secdrv - ok
02:56:03.0092 3976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
02:56:03.0092 3976 seclogon - ok
02:56:03.0123 3976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
02:56:03.0139 3976 SENS - ok
02:56:03.0155 3976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:56:03.0155 3976 SensrSvc - ok
02:56:03.0186 3976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:56:03.0201 3976 Serenum - ok
02:56:03.0217 3976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:56:03.0217 3976 Serial - ok
02:56:03.0248 3976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:56:03.0248 3976 sermouse - ok
02:56:03.0295 3976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
02:56:03.0311 3976 SessionEnv - ok
02:56:03.0357 3976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:56:03.0357 3976 sffdisk - ok
02:56:03.0373 3976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:56:03.0373 3976 sffp_mmc - ok
02:56:03.0389 3976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:56:03.0389 3976 sffp_sd - ok
02:56:03.0420 3976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:56:03.0420 3976 sfloppy - ok
02:56:03.0482 3976 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
02:56:03.0498 3976 Sftfs - ok
02:56:03.0560 3976 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
02:56:03.0576 3976 sftlist - ok
02:56:03.0607 3976 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
02:56:03.0607 3976 Sftplay - ok
02:56:03.0638 3976 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
02:56:03.0638 3976 Sftredir - ok
02:56:03.0669 3976 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
02:56:03.0669 3976 Sftvol - ok
02:56:03.0716 3976 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
02:56:03.0716 3976 sftvsa - ok
02:56:03.0810 3976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:56:03.0825 3976 SharedAccess - ok
02:56:03.0872 3976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:56:03.0888 3976 ShellHWDetection - ok
02:56:03.0919 3976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:56:03.0919 3976 SiSRaid2 - ok
02:56:03.0950 3976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:56:03.0950 3976 SiSRaid4 - ok
02:56:03.0997 3976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:56:03.0997 3976 Smb - ok
02:56:04.0044 3976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:56:04.0044 3976 SNMPTRAP - ok
02:56:04.0059 3976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
02:56:04.0059 3976 spldr - ok
02:56:04.0106 3976 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
02:56:04.0122 3976 Spooler - ok
02:56:04.0247 3976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
02:56:04.0356 3976 sppsvc - ok
02:56:04.0403 3976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:56:04.0403 3976 sppuinotify - ok
02:56:04.0449 3976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
02:56:04.0481 3976 srv - ok
02:56:04.0512 3976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:56:04.0527 3976 srv2 - ok
02:56:04.0559 3976 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:56:04.0574 3976 SrvHsfHDA - ok
02:56:04.0621 3976 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:56:04.0699 3976 SrvHsfV92 - ok
02:56:04.0746 3976 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:56:04.0777 3976 SrvHsfWinac - ok
02:56:04.0808 3976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:56:04.0824 3976 srvnet - ok
02:56:04.0855 3976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:56:04.0871 3976 SSDPSRV - ok
02:56:04.0886 3976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:56:04.0902 3976 SstpSvc - ok
02:56:04.0980 3976 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
02:56:04.0995 3976 STacSV - ok
02:56:05.0027 3976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:56:05.0027 3976 stexstor - ok
02:56:05.0073 3976 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
02:56:05.0105 3976 STHDA - ok
02:56:05.0136 3976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
02:56:05.0167 3976 stisvc - ok
02:56:05.0214 3976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
02:56:05.0214 3976 swenum - ok
02:56:05.0261 3976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
02:56:05.0276 3976 swprv - ok
02:56:05.0354 3976 [ CC13EE4AF170ABB99F6449CBB62AB219 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:56:05.0385 3976 SynTP - ok
02:56:05.0448 3976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
02:56:05.0510 3976 SysMain - ok
02:56:05.0541 3976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:56:05.0541 3976 TabletInputService - ok
02:56:05.0588 3976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:56:05.0604 3976 TapiSrv - ok
02:56:05.0635 3976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
02:56:05.0635 3976 TBS - ok
02:56:05.0713 3976 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:56:05.0760 3976 Tcpip - ok
02:56:05.0822 3976 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:56:05.0853 3976 TCPIP6 - ok
02:56:05.0900 3976 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:56:05.0900 3976 tcpipreg - ok
02:56:05.0931 3976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:56:05.0931 3976 TDPIPE - ok
02:56:05.0963 3976 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:56:05.0963 3976 TDTCP - ok
02:56:06.0009 3976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:56:06.0009 3976 tdx - ok
02:56:06.0056 3976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
02:56:06.0072 3976 TermDD - ok
02:56:06.0103 3976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
02:56:06.0134 3976 TermService - ok
02:56:06.0165 3976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
02:56:06.0165 3976 Themes - ok
02:56:06.0197 3976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
02:56:06.0197 3976 THREADORDER - ok
02:56:06.0212 3976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
02:56:06.0212 3976 TrkWks - ok
02:56:06.0275 3976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:56:06.0275 3976 TrustedInstaller - ok
02:56:06.0306 3976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:56:06.0306 3976 tssecsrv - ok
02:56:06.0337 3976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
02:56:06.0337 3976 TsUsbFlt - ok
02:56:06.0399 3976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:56:06.0399 3976 tunnel - ok
02:56:06.0415 3976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:56:06.0431 3976 uagp35 - ok
02:56:06.0462 3976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:56:06.0462 3976 udfs - ok
02:56:06.0524 3976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:56:06.0524 3976 UI0Detect - ok
02:56:06.0555 3976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:56:06.0555 3976 uliagpkx - ok
02:56:06.0618 3976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
02:56:06.0618 3976 umbus - ok
02:56:06.0633 3976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:56:06.0649 3976 UmPass - ok
02:56:06.0680 3976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
02:56:06.0696 3976 upnphost - ok
02:56:06.0758 3976 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
02:56:06.0774 3976 usbaudio - ok
02:56:06.0789 3976 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:56:06.0789 3976 usbccgp - ok
02:56:06.0852 3976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:56:06.0867 3976 usbcir - ok
02:56:06.0883 3976 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:56:06.0883 3976 usbehci - ok
02:56:06.0914 3976 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
02:56:06.0914 3976 usbfilter - ok
02:56:06.0945 3976 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:56:06.0961 3976 usbhub - ok
02:56:06.0977 3976 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
02:56:06.0977 3976 usbohci - ok
02:56:07.0008 3976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:56:07.0008 3976 usbprint - ok
02:56:07.0055 3976 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:56:07.0055 3976 USBSTOR - ok
02:56:07.0070 3976 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
02:56:07.0070 3976 usbuhci - ok
02:56:07.0101 3976 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
02:56:07.0117 3976 usbvideo - ok
02:56:07.0148 3976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
02:56:07.0148 3976 UxSms - ok
02:56:07.0164 3976 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
02:56:07.0179 3976 VaultSvc - ok
02:56:07.0195 3976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
02:56:07.0195 3976 vdrvroot - ok
02:56:07.0226 3976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
02:56:07.0257 3976 vds - ok
02:56:07.0289 3976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:56:07.0304 3976 vga - ok
02:56:07.0320 3976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
02:56:07.0320 3976 VgaSave - ok
02:56:07.0382 3976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
02:56:07.0382 3976 vhdmp - ok
02:56:07.0398 3976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
02:56:07.0413 3976 viaide - ok
02:56:07.0429 3976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:56:07.0445 3976 volmgr - ok
02:56:07.0476 3976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:56:07.0476 3976 volmgrx - ok
02:56:07.0507 3976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:56:07.0507 3976 volsnap - ok
02:56:07.0554 3976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:56:07.0554 3976 vsmraid - ok
02:56:07.0632 3976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
02:56:07.0710 3976 VSS - ok
02:56:07.0741 3976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:56:07.0741 3976 vwifibus - ok
02:56:07.0772 3976 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:56:07.0772 3976 vwififlt - ok
02:56:07.0803 3976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
02:56:07.0819 3976 W32Time - ok
02:56:07.0850 3976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:56:07.0850 3976 WacomPen - ok
02:56:07.0897 3976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:56:07.0897 3976 WANARP - ok
02:56:07.0913 3976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:56:07.0913 3976 Wanarpv6 - ok
02:56:07.0975 3976 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:56:08.0022 3976 WatAdminSvc - ok
02:56:08.0100 3976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
02:56:08.0147 3976 wbengine - ok
02:56:08.0178 3976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:56:08.0193 3976 WbioSrvc - ok
02:56:08.0225 3976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:56:08.0256 3976 wcncsvc - ok
02:56:08.0271 3976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:56:08.0271 3976 WcsPlugInService - ok
02:56:08.0318 3976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:56:08.0318 3976 Wd - ok
02:56:08.0349 3976 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:56:08.0381 3976 Wdf01000 - ok
02:56:08.0396 3976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:56:08.0412 3976 WdiServiceHost - ok
02:56:08.0412 3976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:56:08.0427 3976 WdiSystemHost - ok
02:56:08.0459 3976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
02:56:08.0459 3976 WebClient - ok
02:56:08.0505 3976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:56:08.0521 3976 Wecsvc - ok
02:56:08.0537 3976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:56:08.0552 3976 wercplsupport - ok
02:56:08.0583 3976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
02:56:08.0583 3976 WerSvc - ok
02:56:08.0615 3976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:56:08.0615 3976 WfpLwf - ok
02:56:08.0646 3976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:56:08.0646 3976 WIMMount - ok
02:56:08.0693 3976 WinDefend - ok
02:56:08.0708 3976 WinHttpAutoProxySvc - ok
02:56:08.0786 3976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:56:08.0786 3976 Winmgmt - ok
02:56:08.0864 3976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
02:56:08.0927 3976 WinRM - ok
02:56:09.0005 3976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
02:56:09.0005 3976 WinUsb - ok
02:56:09.0051 3976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
02:56:09.0098 3976 Wlansvc - ok
02:56:09.0114 3976 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:56:09.0129 3976 wlcrasvc - ok
02:56:09.0270 3976 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:56:09.0332 3976 wlidsvc - ok
02:56:09.0395 3976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:56:09.0395 3976 WmiAcpi - ok
02:56:09.0426 3976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:56:09.0441 3976 wmiApSrv - ok
02:56:09.0473 3976 WMPNetworkSvc - ok
02:56:09.0504 3976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:56:09.0504 3976 WPCSvc - ok
02:56:09.0535 3976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:56:09.0551 3976 WPDBusEnum - ok
02:56:09.0566 3976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:56:09.0566 3976 ws2ifsl - ok
02:56:09.0629 3976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
02:56:09.0629 3976 wscsvc - ok
02:56:09.0644 3976 WSearch - ok
02:56:09.0738 3976 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
02:56:09.0816 3976 wuauserv - ok
02:56:09.0847 3976 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:56:09.0847 3976 WudfPf - ok
02:56:09.0878 3976 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:56:09.0894 3976 WUDFRd - ok
02:56:09.0909 3976 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:56:09.0925 3976 wudfsvc - ok
02:56:09.0956 3976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
02:56:09.0956 3976 WwanSvc - ok
02:56:10.0019 3976 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
02:56:10.0034 3976 yukonw7 - ok
02:56:10.0050 3976 ================ Scan global ===============================
02:56:10.0081 3976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
02:56:10.0128 3976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:56:10.0159 3976 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
02:56:10.0190 3976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
02:56:10.0221 3976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
02:56:10.0221 3976 [Global] - ok
02:56:10.0221 3976 ================ Scan MBR ==================================
02:56:10.0237 3976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:56:10.0565 3976 \Device\Harddisk0\DR0 - ok
02:56:10.0565 3976 ================ Scan VBR ==================================
02:56:10.0580 3976 [ A18B0B55BC0AAB030BDFF9FD514A421C ] \Device\Harddisk0\DR0\Partition1
02:56:10.0580 3976 \Device\Harddisk0\DR0\Partition1 - ok
02:56:10.0611 3976 [ 143B6601145143AD0263CBB5AEA4B2FA ] \Device\Harddisk0\DR0\Partition2
02:56:10.0627 3976 \Device\Harddisk0\DR0\Partition2 - ok
02:56:10.0658 3976 [ D2BF344983C78A6EA108B07F3F5B1FD8 ] \Device\Harddisk0\DR0\Partition3
02:56:10.0674 3976 \Device\Harddisk0\DR0\Partition3 - ok
02:56:10.0689 3976 [ 509956B2F275BD220C84DC2B36DD4FCC ] \Device\Harddisk0\DR0\Partition4
02:56:10.0689 3976 \Device\Harddisk0\DR0\Partition4 - ok
02:56:10.0689 3976 ============================================================
02:56:10.0689 3976 Scan finished
02:56:10.0689 3976 ============================================================
02:56:10.0721 4200 Detected object count: 0
02:56:10.0721 4200 Actual detected object count: 0

aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-10 03:46:53
-----------------------------
03:46:53.661 OS Version: Windows x64 6.1.7601 Service Pack 1
03:46:53.662 Number of processors: 4 586 0x503
03:46:53.665 ComputerName: USER-HP UserName: User
03:47:00.203 Initialize success
03:47:30.625 AVAST engine defs: 12100901
03:47:35.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
03:47:35.916 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 11
03:47:36.010 Disk 0 MBR read successfully
03:47:36.017 Disk 0 MBR scan
03:47:36.026 Disk 0 Windows 7 default MBR code
03:47:36.050 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
03:47:36.092 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594349 MB offset 409600
03:47:36.154 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15827 MB offset 1217636352
03:47:36.198 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
03:47:36.446 Disk 0 scanning C:\Windows\system32\drivers
03:48:45.734 Service scanning
03:49:29.167 Modules scanning
03:49:29.187 Disk 0 trace - called modules:
03:49:29.597 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
03:49:29.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043ab790]
03:49:29.627 3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa80042f4b80]
03:49:29.637 5 amd_xata.sys[fffff880010f07a8] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80042ef9c0]
03:49:33.968 AVAST engine scan C:\Windows
03:51:35.443 AVAST engine scan C:\Windows\system32
03:57:46.522 AVAST engine scan C:\Windows\system32\drivers
03:58:10.712 AVAST engine scan C:\Users\User
04:08:06.049 File: C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5361fcd5-40c25bbb **INFECTED** Win32:Trojan-gen
04:22:23.980 AVAST engine scan C:\ProgramData
04:26:36.957 Scan finished successfully
04:30:47.065 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello alexxx91

I would like to know how the computer is working at this time


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#13
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Computer is running smoothly with the only noticeable slowdown being Microsoft Office who mentioned it was downloading some components for itself. The computer also automatically updated itself last time when I shut it down and upon restart. Aside from that, no problems whatsoever.

COMBOFIX

ComboFix 12-10-09.01 - User 10/10/2012 19:14:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3835.2364 [GMT -4:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 23:24 . 2012-10-10 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 17:21 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C62FBEC8-3705-46FD-84A1-FFA9FE03E772}\mpengine.dll
2012-10-10 06:49 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:49 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:49 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:49 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:49 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:49 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 06:49 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 06:49 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 06:49 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 06:49 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-08 01:35 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-02 05:17 . 2012-10-02 05:17 -------- d-----w- c:\program files (x86)\Lame For Audacity
2012-09-25 23:51 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-12 13:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 07:03 . 2011-06-26 10:44 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 21:33 . 2012-05-27 08:55 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 21:33 . 2011-06-27 02:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 04:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-20 17:38 . 2012-10-10 06:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-16 00:41 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-12-01 52736]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-12-01 484224]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 187912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-26 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-09 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-12-01 679176]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-04-10 2424424]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-09 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-09 309760]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-12-01 4150864]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-12-01 1188616]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1028096]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-11-15 1813056]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-04-10 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:33]
.
2012-09-29 c:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-09 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tbfg8bvb.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-10 19:29:55
ComboFix-quarantined-files.txt 2012-10-10 23:29
ComboFix2.txt 2012-10-10 06:03
.
Pre-Run: 306,093,592,576 bytes free
Post-Run: 305,931,001,856 bytes free
.
- - End Of File - - 31D764ACB41F0B83D6880B2FE9B1BA5B
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
alexxx91

alexxx91

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ACID Pro 7.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.13 (Unicode)
Bejeweled 2 Deluxe
Bing Bar
BitLord 1.2
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DebugMode Wax 2.0
Dora's World Adventure
Energy Star Digital Logo
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Galerie de photos Windows Live
Guitar Pro 6
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LabelPrint
LAME v3.99.3 (for Windows)
LightScribe System Software
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Mystery P.I. - The London Caper
Native Instruments Controller Editor
Native Instruments Guitar Rig 4
Native Instruments GuitarRig Mobile IO Driver
Native Instruments Service Center
Native Instruments Session IO Driver
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Reason 5.0
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.10
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
World Cup Cricket 20-20
Zuma Deluxe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP