Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers opens alone [Solved]

Started by marinavictal , Nov 25 2012 05:25 PM

  • This topic is locked This topic is locked

#1
marinavictal
Posted 25 November 2012 - 05:25 PM

marinavictal

    New Member

  • Member
  • Pip
  • 7 posts
I don’t know where I got this because my father was using the computer just before it started. He told me he’d just checked his email. At first I tough that my browse (Google Chrome) had a problem, so I uninstalled it and used Internet Explorer to download a new Google Chrome version, but the same thing happened to IE. The only different thing I noticed in my computer is that the browsers went crazy. They work ok for a while but in a random time, it sends me to the beginning page and many other windows of the browser start to open, it happens even when I am not using the browser. All the windows open in the beginning page. Resuming: I can’t do anything in my computer because the browser opens alone, anytime.
I don’t understand a lot of computers, but I tried to remove the virus by myself. At first I tried for or five different virus removals that I judged reliable, but just one of them found a couple of errors that I deleted. Anyway, it didn’t work (I don’t remember the name of the errors). So, I started to search for something unknown. In the Task Manager I didn’t find any suspect thing. In the startup on System Configuration I saw a program that I haven’t installed, “VDownloader .exe”. I saw its location and looked for the folder where it was supposed to be, but there weren’t the folder. The location was C:\ProgramFiles(x86)\VDownloader… but there wasn’t any VDownloader folder inside ProgramFiles(x86), and I couldn’t find it even when I set it to show hidden folders/files and operating system files. So I opened the registry editor and searched for “VDownloader” and deleted everything that was found, but again, didn’t work and now I don’t know anything I can do. Hope you can help me, and if you could, I’d be really grateful. Thank you, already!!
OTL.Txt – Notepad:
OTL logfile created on: 25/11/2012 20:21:43 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marina\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,98 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 74,29% Memory free
15,96 Gb Paging File | 13,72 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 123,96 Gb Total Space | 80,05 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 341,70 Gb Total Space | 162,01 Gb Free Space | 47,41% Space Free | Partition Type: NTFS
Drive E: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PELUCINHA | User Name: Marina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/25 15:15:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marina\Downloads\OTL.exe
PRC - [2012/11/23 08:50:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/11/01 21:48:42 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/16 17:43:54 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\ArquivoSteam\steam\Steam.exe
PRC - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/29 22:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/26 16:49:52 | 001,595,520 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/25 20:10:17 | 000,206,336 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\winamp.lng
MOD - [2012/11/25 20:10:17 | 000,149,504 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\vis_milk2.lng
MOD - [2012/11/25 20:10:17 | 000,085,504 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\vis_avs.lng
MOD - [2012/11/25 20:10:17 | 000,044,032 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_pmp.lng
MOD - [2012/11/25 20:10:17 | 000,042,496 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_wifi.lng
MOD - [2012/11/25 20:10:17 | 000,036,864 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_ipod.lng
MOD - [2012/11/25 20:10:17 | 000,036,352 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ombrowser.lng
MOD - [2012/11/25 20:10:17 | 000,019,456 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_android.lng
MOD - [2012/11/25 20:10:17 | 000,016,384 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\out_ds.lng
MOD - [2012/11/25 20:10:17 | 000,013,824 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_usb.lng
MOD - [2012/11/25 20:10:17 | 000,013,824 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_wire.lng
MOD - [2012/11/25 20:10:17 | 000,013,824 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_online.lng
MOD - [2012/11/25 20:10:17 | 000,012,800 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_playlists.lng
MOD - [2012/11/25 20:10:17 | 000,012,288 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_plg.lng
MOD - [2012/11/25 20:10:17 | 000,007,680 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\vis_nsfs.lng
MOD - [2012/11/25 20:10:17 | 000,007,680 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_transcode.lng
MOD - [2012/11/25 20:10:17 | 000,007,168 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\out_wave.lng
MOD - [2012/11/25 20:10:17 | 000,006,144 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\tagz.lng
MOD - [2012/11/25 20:10:17 | 000,006,144 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\out_disk.lng
MOD - [2012/11/25 20:10:17 | 000,005,120 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_rg.lng
MOD - [2012/11/25 20:10:17 | 000,004,608 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_activesync.lng
MOD - [2012/11/25 20:10:17 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\winampa.lng
MOD - [2012/11/25 20:10:17 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_p4s.lng
MOD - [2012/11/25 20:10:17 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\pmp_njb.lng
MOD - [2012/11/25 20:10:17 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\playlist.lng
MOD - [2012/11/25 20:10:17 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_nowplaying.lng
MOD - [2012/11/25 20:10:16 | 000,053,248 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_local.lng
MOD - [2012/11/25 20:10:16 | 000,043,008 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_disc.lng
MOD - [2012/11/25 20:10:16 | 000,037,376 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_jumpex.lng
MOD - [2012/11/25 20:10:16 | 000,022,016 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_mp3.lng
MOD - [2012/11/25 20:10:16 | 000,021,504 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_ff.lng
MOD - [2012/11/25 20:10:16 | 000,020,992 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_ml.lng
MOD - [2012/11/25 20:10:16 | 000,019,968 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_midi.lng
MOD - [2012/11/25 20:10:16 | 000,018,432 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_mod.lng
MOD - [2012/11/25 20:10:16 | 000,014,336 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_wm.lng
MOD - [2012/11/25 20:10:16 | 000,012,800 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_cdda.lng
MOD - [2012/11/25 20:10:16 | 000,011,264 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_vorbis.lng
MOD - [2012/11/25 20:10:16 | 000,011,264 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_nsv.lng
MOD - [2012/11/25 20:10:16 | 000,010,752 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_skinmanager.lng
MOD - [2012/11/25 20:10:16 | 000,010,240 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_undo.lng
MOD - [2012/11/25 20:10:16 | 000,010,240 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_hotkeys.lng
MOD - [2012/11/25 20:10:16 | 000,010,240 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_classicart.lng
MOD - [2012/11/25 20:10:16 | 000,009,216 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_timerestore.lng
MOD - [2012/11/25 20:10:16 | 000,009,216 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_nopro.lng
MOD - [2012/11/25 20:10:16 | 000,008,704 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_history.lng
MOD - [2012/11/25 20:10:16 | 000,008,704 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_downloads.lng
MOD - [2012/11/25 20:10:16 | 000,008,704 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_devices.lng
MOD - [2012/11/25 20:10:16 | 000,007,680 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_tray.lng
MOD - [2012/11/25 20:10:16 | 000,007,168 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_dshow.lng
MOD - [2012/11/25 20:10:16 | 000,007,168 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_orgler.lng
MOD - [2012/11/25 20:10:16 | 000,007,168 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_crasher.lng
MOD - [2012/11/25 20:10:16 | 000,006,656 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_autotag.lng
MOD - [2012/11/25 20:10:16 | 000,006,656 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_wav.lng
MOD - [2012/11/25 20:10:16 | 000,006,144 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_flac.lng
MOD - [2012/11/25 20:10:16 | 000,005,632 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_wave.lng
MOD - [2012/11/25 20:10:16 | 000,005,120 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_impex.lng
MOD - [2012/11/25 20:10:16 | 000,005,120 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_bookmarks.lng
MOD - [2012/11/25 20:10:16 | 000,005,120 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_avi.lng
MOD - [2012/11/25 20:10:16 | 000,004,608 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_enqplay.lng
MOD - [2012/11/25 20:10:16 | 000,004,608 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_mp4.lng
MOD - [2012/11/25 20:10:16 | 000,004,608 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_mkv.lng
MOD - [2012/11/25 20:10:16 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_wv.lng
MOD - [2012/11/25 20:10:16 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\gen_find_on_disk.lng
MOD - [2012/11/25 20:10:16 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\ml_addons.lng
MOD - [2012/11/25 20:10:16 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_swf.lng
MOD - [2012/11/25 20:10:16 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_linein.lng
MOD - [2012/11/25 20:10:16 | 000,003,584 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\in_flv.lng
MOD - [2012/11/25 20:10:15 | 000,062,976 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\burnlib.lng
MOD - [2012/11/25 20:10:15 | 000,013,824 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\dsp_sps.lng
MOD - [2012/11/25 20:10:15 | 000,010,752 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\auth.lng
MOD - [2012/11/25 20:10:15 | 000,009,728 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_aacplus.lng
MOD - [2012/11/25 20:10:15 | 000,006,656 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_fhgaac.lng
MOD - [2012/11/25 20:10:15 | 000,006,144 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_wma.lng
MOD - [2012/11/25 20:10:15 | 000,005,632 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_lame.lng
MOD - [2012/11/25 20:10:15 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_wav.lng
MOD - [2012/11/25 20:10:15 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_vorbis.lng
MOD - [2012/11/25 20:10:15 | 000,004,096 | ---- | M] () -- C:\Users\Marina\AppData\Local\Temp\WLZ5D13.tmp\enc_flac.lng
MOD - [2012/11/01 21:48:41 | 020,317,008 | ---- | M] () -- D:\ArquivoSteam\steam\bin\libcef.dll
MOD - [2012/11/01 21:48:41 | 001,099,616 | ---- | M] () -- D:\ArquivoSteam\steam\bin\avcodec-53.dll
MOD - [2012/11/01 21:48:41 | 000,902,480 | ---- | M] () -- D:\ArquivoSteam\steam\bin\chromehtml.dll
MOD - [2012/11/01 21:48:41 | 000,190,816 | ---- | M] () -- D:\ArquivoSteam\steam\bin\avformat-53.dll
MOD - [2012/11/01 21:48:41 | 000,123,232 | ---- | M] () -- D:\ArquivoSteam\steam\bin\avutil-51.dll
MOD - [2011/12/21 21:21:25 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2011/12/21 21:21:25 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
MOD - [2011/12/21 21:21:25 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2011/12/21 21:21:25 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2011/12/21 21:21:25 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2011/12/21 21:21:25 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2011/12/21 21:21:25 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2011/12/21 21:21:25 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2011/12/21 21:21:25 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2011/12/21 21:21:25 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2011/12/21 21:21:25 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s
MOD - [2011/12/21 21:21:25 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s
MOD - [2011/12/21 21:21:25 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2011/12/21 21:21:25 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2011/12/21 21:21:25 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2011/12/21 21:21:25 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2011/12/21 21:21:25 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2011/12/21 21:21:25 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2011/12/21 21:21:24 | 000,410,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2011/12/21 21:21:24 | 000,318,464 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2011/12/21 21:21:24 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2011/12/21 21:21:24 | 000,290,304 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2011/12/21 21:21:24 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2011/12/21 21:21:24 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2011/12/21 21:21:24 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2011/12/21 21:21:24 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2011/12/21 21:21:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2011/12/21 21:21:24 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2011/12/21 21:21:24 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2011/12/21 21:21:24 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2011/12/21 21:21:24 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
MOD - [2011/12/21 21:21:24 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2011/12/21 21:21:24 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2011/12/21 21:21:24 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
MOD - [2011/12/21 21:21:24 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2011/12/21 21:21:24 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2011/12/21 21:21:24 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 19:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 19:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/23 08:50:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/01 21:48:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/29 22:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 20:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 20:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 20:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 20:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 20:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 12:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/20 21:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 10:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/16 07:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 01:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00014dae9f37bcf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 F8 94 1E 63 2A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9f37bcf
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Angry Birds = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 19:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9DBFE-4CB1-4B7B-8DD5-371F145F66F0}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9DBFE-4CB1-4B7B-8DD5-371F145F66F0}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 18:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 02:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c1301e2a-2bf4-11e1-83b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c1301e2a-2bf4-11e1-83b9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010/04/20 18:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/25 14:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
[2012/11/25 12:06:37 | 000,000,000 | ---D | C] -- C:\Users\Marina\Desktop\ingresso.com.br_files
[2012/11/24 18:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/23 17:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/11/23 16:49:28 | 000,000,000 | ---D | C] -- C:\Users\Marina\PSafe
[2012/11/23 01:03:16 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\RoboForm
[2012/11/23 01:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/11/23 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Marina\Documents\My Avast EasyPass Data
[2012/11/23 00:59:19 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/11/23 00:59:19 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/23 00:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/23 00:59:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/11/23 00:59:14 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/11/23 00:59:13 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/23 00:59:12 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/11/23 00:59:12 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/11/23 00:59:00 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/23 00:58:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/23 00:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/23 00:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/23 00:09:09 | 000,000,000 | ---D | C] -- C:\Users\Marina\Documents\Games for Windows - LIVE Demos

========== Files - Modified Within 30 Days ==========

[2012/11/25 19:40:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/25 19:32:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/25 18:32:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/25 14:57:29 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 14:57:29 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/25 14:54:28 | 000,717,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/25 14:54:28 | 000,609,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/25 14:54:28 | 000,104,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/25 14:50:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/25 14:49:58 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 12:06:37 | 000,027,704 | ---- | M] () -- C:\Users\Marina\Desktop\ingresso.com.br.htm
[2012/11/24 20:50:30 | 000,828,795 | ---- | M] () -- C:\Users\Marina\AppData\Local\census.cache
[2012/11/24 20:50:28 | 000,099,827 | ---- | M] () -- C:\Users\Marina\AppData\Local\ars.cache
[2012/11/24 20:06:42 | 000,000,036 | ---- | M] () -- C:\Users\Marina\AppData\Local\housecall.guid.cache
[2012/11/23 15:54:30 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/23 00:59:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/02 11:34:04 | 000,337,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/30 20:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 20:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 20:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 20:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 20:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 20:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 20:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 20:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/11/25 12:06:37 | 000,027,704 | ---- | C] () -- C:\Users\Marina\Desktop\ingresso.com.br.htm
[2012/11/24 20:29:37 | 000,828,795 | ---- | C] () -- C:\Users\Marina\AppData\Local\census.cache
[2012/11/24 20:29:30 | 000,099,827 | ---- | C] () -- C:\Users\Marina\AppData\Local\ars.cache
[2012/11/24 20:06:42 | 000,000,036 | ---- | C] () -- C:\Users\Marina\AppData\Local\housecall.guid.cache
[2012/11/24 18:27:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/24 18:27:57 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 08:50:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 00:59:19 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/23 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/06 22:31:15 | 000,000,841 | ---- | C] () -- C:\Users\Marina\AppData\Local\recently-used.xbel
[2011/12/21 21:08:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/21 21:08:27 | 000,021,748 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/21 15:11:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/21 14:41:00 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/15 06:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/28 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Babylon
[2011/12/23 00:36:20 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\bizarre creations
[2011/12/21 16:13:51 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Crayon Physics Deluxe
[2012/05/28 15:25:33 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\OpenCandy
[2012/10/19 19:56:37 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Origin
[2012/11/23 01:03:16 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\RoboForm
[2012/02/09 13:10:53 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\runic games
[2012/11/23 08:55:35 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 25 November 2012 - 11:45 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello marinavictal,

Welcome to Geekstogo.

Now

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

After that

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you come back please post
  • ComboFix.txt
  • MBAM report
  • 0

#3
marinavictal
Posted 26 November 2012 - 05:02 PM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, emeraldnzl. Thank you!
I did everything you said and here are the two files created by the programs you asked me to run.
Malwarebyte Anti-Malware didn’t find anything wrong in my computer with the full scan.
Some parts of the combofix return file is written in Portuguese, because I live in Brazil. Hope it’s not a problem. I tried to translate, but it was kind of difficult. I don’t understand “computer language” and most of times the word doesn’t make any sense for me, and I tough if I translated, I’d make it even more confusing to you. Sorry about that and for any other mistake. Hope you can understand everything.
ComboFix.txt
ComboFix 12-11-26.02 - Marina 26/11/2012 19:08:01.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.8174.6791 [GMT -2:00]
Executando de: c:\users\Marina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\sqlite3.dll
c:\program files (x86)\DealPly\uninst.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-26 to 2012-11-26 ))))))))))))))))))))))))))))
.
.
2012-11-26 21:10 . 2012-11-26 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-26 21:10 . 2012-11-26 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 00:58 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-25 23:57 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-25 23:57 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-25 23:57 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-25 16:41 . 2012-11-25 16:57 -------- d-----w- c:\program files (x86)\RegistryNuke 2012
2012-11-23 19:32 . 2012-11-23 19:32 -------- d-----w- c:\programdata\Sophos
2012-11-23 18:49 . 2012-11-23 18:49 -------- d-----w- c:\users\Marina\PSafe
2012-11-23 03:03 . 2012-11-23 03:03 -------- d-----w- c:\users\Marina\AppData\Roaming\RoboForm
2012-11-23 03:01 . 2012-11-23 03:01 -------- d-----w- c:\programdata\RoboForm
2012-11-23 02:59 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-23 02:59 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-23 02:59 . 2012-10-15 14:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-23 02:59 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-23 02:59 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-23 02:59 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-23 02:59 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-23 02:59 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-23 02:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-23 02:58 . 2012-11-23 02:58 -------- d-----w- c:\programdata\AVAST Software
2012-11-23 02:58 . 2012-11-23 02:58 -------- d-----w- c:\program files\AVAST Software
2012-11-02 01:37 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 01:00 . 2011-12-21 16:51 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-23 10:50 . 2012-05-05 02:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-23 10:50 . 2012-05-05 02:04 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 23:23 . 2012-10-10 23:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 23:23 . 2012-10-10 23:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 23:23 . 2012-10-10 23:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 23:23 . 2012-10-10 23:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 23:23 . 2012-10-10 23:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 23:23 . 2012-10-10 23:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-10 23:23 . 2012-10-10 23:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-10 23:23 . 2012-10-10 23:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 23:23 . 2012-05-05 14:38 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 23:23 . 2012-05-05 14:38 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-10 23:23 . 2012-05-05 14:38 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 23:23 . 2012-10-10 23:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 23:23 . 2012-10-10 23:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 23:23 . 2012-10-10 23:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 23:22 . 2012-10-10 23:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 23:22 . 2012-10-10 23:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 23:22 . 2012-05-05 14:38 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 23:22 . 2012-05-05 14:38 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 23:22 . 2012-10-10 23:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 23:22 . 2012-10-10 23:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 23:22 . 2012-10-10 23:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 23:22 . 2012-10-10 23:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2012-05-05 14:38 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-05-05 14:38 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-05-05 14:38 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-05-05 14:38 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-05-05 14:38 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-05-05 14:38 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 15:15 . 2012-10-02 15:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 10:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scan Suplementar -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=2cf47f5900000000000014dae9f37bcf
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{01C9DBFE-4CB1-4B7B-8DD5-371F145F66F0}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-11-26 19:12:13
ComboFix-quarantined-files.txt 2012-11-26 21:12
.
Pré-execução: 85.500.776.448 bytes free
Pós execução: 85.376.557.056 bytes free
.
- - End Of File - - E242E3694DDF28C87F2A42F7CB424EA4

Mbam-log
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Marina :: PELUCINHA [administrator]

Protection: Enabled

26/11/2012 19:24:00
mbam-log-2012-11-26 (19-24-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352692
Time elapsed: 25 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
emeraldnzl
Posted 26 November 2012 - 05:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello marinavictal,

Some parts of the combofix return file is written in Portuguese, because I live in Brazil.


No problem, don't worry about translation. :)

Now

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

  • Close all windows and open OTL again.
  • Under the Custom Scan box paste this in:
    netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
/md5start
services.*
wbemess.dill
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%USERPROFILE%\..|smtmp;true;true;true /FP 
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
When you return please post
  • aswMBR log
  • OTL.txt
  • 0

#5
marinavictal
Posted 27 November 2012 - 07:40 PM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi emeraldzl, thak you, again!
Yesterday, the problem seemed to be solved just after doing the things you asked me in your last post, but today it happened again. So, here are the two files created by the programs I run:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-27 23:11:52
-----------------------------
23:11:52.689 OS Version: Windows x64 6.1.7601 Service Pack 1
23:11:52.689 Number of processors: 4 586 0x2A07
23:11:52.689 ComputerName: PELUCINHA UserName: Marina
23:11:52.954 Initialize success
23:11:52.986 AVAST engine defs: 12112701
23:11:59.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:11:59.397 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
23:11:59.429 Disk 0 MBR read successfully
23:11:59.429 Disk 0 MBR scan
23:11:59.444 Disk 0 Windows 7 default MBR code
23:11:59.444 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:11:59.460 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 349900 MB offset 206848
23:11:59.460 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 126938 MB offset 716802048
23:11:59.475 Disk 0 scanning C:\Windows\system32\drivers
23:12:03.329 Service scanning
23:12:13.266 Modules scanning
23:12:13.266 Disk 0 trace - called modules:
23:12:13.297 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:12:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077b8060]
23:12:13.812 3 CLASSPNP.SYS[fffff8800189c43f] -> nt!IofCallDriver -> [0xfffffa80074fc520]
23:12:13.812 5 ACPI.sys[fffff88000f7c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074fe060]
23:12:13.999 AVAST engine scan C:\Windows
23:12:14.795 AVAST engine scan C:\Windows\system32
23:13:18.942 AVAST engine scan C:\Windows\system32\drivers
23:13:24.589 AVAST engine scan C:\Users\Marina
23:15:26.909 AVAST engine scan C:\ProgramData
23:15:56.502 Scan finished successfully
23:21:46.255 Disk 0 MBR has been saved successfully to "C:\Users\Marina\Desktop\MBR.dat"
23:21:46.270 The log file has been saved successfully to "C:\Users\Marina\Desktop\aswMBR.txt"

OLT.txt

OTL logfile created on: 27/11/2012 23:25:55 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marina\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

7,98 Gb Total Physical Memory | 6,45 Gb Available Physical Memory | 80,78% Memory free
15,96 Gb Paging File | 14,32 Gb Available in Paging File | 89,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 123,96 Gb Total Space | 76,34 Gb Free Space | 61,58% Space Free | Partition Type: NTFS
Drive D: | 341,70 Gb Total Space | 162,01 Gb Free Space | 47,41% Space Free | Partition Type: NTFS
Drive E: | 4,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PELUCINHA | User Name: Marina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/25 15:15:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marina\Downloads\OTL.exe
PRC - [2012/11/23 08:50:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/10/30 20:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 20:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/23 08:50:40 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/01 21:48:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 20:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 20:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 20:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 20:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 20:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 12:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/01 04:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/17 10:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/16 07:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 01:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00014dae9f37bcf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 F8 94 1E 63 2A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9f37bcf
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Angry Birds = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\Marina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/26 19:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9DBFE-4CB1-4B7B-8DD5-371F145F66F0}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9DBFE-4CB1-4B7B-8DD5-371F145F66F0}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/20 18:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/27 02:03:00 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/27 22:59:27 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marina\Desktop\aswMBR.exe
[2012/11/27 22:54:27 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Local\{5BE7B8C6-FDFA-41FB-A4D2-A918C5411496}
[2012/11/26 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Local\{50069BA7-76B8-48F9-9F4A-FC58B15D0090}
[2012/11/26 22:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/26 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/26 21:34:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/26 19:15:41 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Malwarebytes
[2012/11/26 19:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/26 19:12:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/26 19:01:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/26 19:01:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/26 19:01:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/26 19:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/26 19:00:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/25 23:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/25 22:58:40 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/11/25 21:57:04 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/25 21:57:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/25 14:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryNuke 2012
[2012/11/23 17:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/11/23 16:49:28 | 000,000,000 | ---D | C] -- C:\Users\Marina\PSafe
[2012/11/23 01:03:16 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\RoboForm
[2012/11/23 01:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/11/23 01:01:19 | 000,000,000 | ---D | C] -- C:\Users\Marina\Documents\My Avast EasyPass Data
[2012/11/23 00:59:19 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/11/23 00:59:19 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/23 00:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/23 00:59:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/11/23 00:59:14 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/11/23 00:59:13 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/23 00:59:12 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/11/23 00:59:12 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/11/23 00:59:00 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/23 00:58:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/23 00:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/23 00:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/23 00:09:09 | 000,000,000 | ---D | C] -- C:\Users\Marina\Documents\Games for Windows - LIVE Demos
[2012/11/01 23:38:05 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/01 23:38:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/01 23:38:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/01 23:38:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/01 23:38:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/01 23:38:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/01 23:38:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/01 23:37:54 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/11/01 23:37:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/11/01 23:37:48 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/11/01 23:37:48 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/11/01 23:37:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/11/01 23:37:46 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/11/01 23:37:45 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/11/01 23:37:41 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/01 23:37:41 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/01 23:37:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/11/01 23:37:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/11/01 23:37:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/01 23:37:38 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/11/01 23:37:38 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/11/01 23:37:35 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/11/01 23:37:35 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/01 23:37:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/11/01 23:37:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/11/01 23:37:32 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/11/01 23:37:30 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/11/01 23:37:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/11/01 23:37:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/11/01 23:37:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/11/01 23:37:29 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/11/01 23:37:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2012/11/27 23:21:46 | 000,000,512 | ---- | M] () -- C:\Users\Marina\Desktop\MBR.dat
[2012/11/27 23:10:09 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/27 22:59:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marina\Desktop\aswMBR.exe
[2012/11/27 22:47:04 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 22:47:04 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/27 22:44:06 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/27 22:44:06 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/27 22:44:06 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/27 22:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/27 22:39:51 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/27 22:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 22:39:38 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/26 22:07:08 | 000,002,303 | ---- | M] () -- C:\Users\Marina\Desktop\Google Chrome.lnk
[2012/11/26 19:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/26 19:07:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/25 23:02:38 | 000,337,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/24 20:50:30 | 000,828,795 | ---- | M] () -- C:\Users\Marina\AppData\Local\census.cache
[2012/11/24 20:50:28 | 000,099,827 | ---- | M] () -- C:\Users\Marina\AppData\Local\ars.cache
[2012/11/24 20:06:42 | 000,000,036 | ---- | M] () -- C:\Users\Marina\AppData\Local\housecall.guid.cache
[2012/11/23 15:54:30 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/23 08:50:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/23 08:50:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/23 00:59:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/30 20:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 20:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 20:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 20:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 20:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 20:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 20:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 20:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/11/27 23:21:46 | 000,000,512 | ---- | C] () -- C:\Users\Marina\Desktop\MBR.dat
[2012/11/26 22:07:08 | 000,002,303 | ---- | C] () -- C:\Users\Marina\Desktop\Google Chrome.lnk
[2012/11/26 22:05:27 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/26 22:05:26 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 19:01:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/26 19:01:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/26 19:01:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/26 19:01:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/26 19:01:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/24 20:29:37 | 000,828,795 | ---- | C] () -- C:\Users\Marina\AppData\Local\census.cache
[2012/11/24 20:29:30 | 000,099,827 | ---- | C] () -- C:\Users\Marina\AppData\Local\ars.cache
[2012/11/24 20:06:42 | 000,000,036 | ---- | C] () -- C:\Users\Marina\AppData\Local\housecall.guid.cache
[2012/11/23 08:50:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 00:59:19 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/23 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/06 22:31:15 | 000,000,841 | ---- | C] () -- C:\Users\Marina\AppData\Local\recently-used.xbel
[2011/12/21 21:08:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/21 21:08:27 | 000,021,748 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/12/21 15:11:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/21 14:41:00 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 02:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 03:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 23:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 01:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 23:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/11/26 19:12:14 | 000,015,239 | ---- | M] () -- C:\ComboFix.txt
[2012/11/27 22:39:38 | 2133,573,631 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/27 22:39:41 | 4276,424,703 | -HS- | M] () -- C:\pagefile.sys
[2012/11/24 20:46:13 | 000,129,152 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_24.11.2012_20.45.46_log.txt
[2012/11/24 20:48:35 | 000,129,152 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_24.11.2012_20.48.17_log.txt
[2012/05/28 15:24:30 | 000,001,491 | ---- | M] () -- C:\user.js

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2010/11/21 01:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 01:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 01:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010/11/21 01:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 01:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/21 01:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/21 01:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 01:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 19:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/07/27 18:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx

< MD5 for: SERVICES.ASFX9 >
[2011/06/06 12:55:34 | 000,000,636 | R--- | M] () MD5=E1EA7707C24F5A84850D5659CA376594 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2012/07/27 18:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76401B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 23:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 23:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 23:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 05:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 05:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 02:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 02:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 18:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 18:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 05:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 18:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 05:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 05:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 18:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 05:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 19:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 18:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 18:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 23:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 23:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 23:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 01:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/21 01:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 01:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 01:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/21 01:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 01:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 01:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/21 01:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 01:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"DisplayName" = @%SystemRoot%\system32\qmgr.dll,-1000
"ImagePath" = %SystemRoot%\System32\svchost.exe -k netsvcs -- [2009/07/13 23:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\qmgr.dll,-1001
"ObjectName" = LocalSystem
"ErrorControl" = 1
"Start" = 2
"DelayedAutoStart" = 1
"Type" = 32
"DependOnService" = RpcSsEventSystem [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeCreateGlobalPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = %systemroot%\system32\qmgr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library" = bitsperf.dll -- [2010/11/21 01:24:01 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Open" = PerfMon_Open
"Collect" = PerfMon_Collect
"Close" = PerfMon_Close
"InstallType" = 1
"PerfIniFile" = bitsctrs.ini
"First Counter" = 2156
"Last Counter" = 2172
"First Help" = 2157
"Last Help" = 2173
"Object List" = 2156
"1008" = Reg Error: Unknown registry data type -- File not found
"PerfMMFileName" = Global\MMF_BITS_s
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 A0 00 00 00 14 00 00 00 34 00 00 00 02 00 20 00 01 00 00 00 02 C0 18 00 00 00 0C 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 02 00 5C 00 04 00 00 00 00 02 14 00 FF 01 0F 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 [Binary data over 200 bytes]

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/21 01:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/21 01:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/21 01:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/21 01:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/21 01:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/11/14 00:11:00 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 23:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 23:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 23:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/21 01:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/21 01:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#6
emeraldnzl
Posted 27 November 2012 - 10:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello marinavictal,

I know you have run TDSSKiller but to be sure I would like you to run the latest version.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
After that

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00014dae9f37bcf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 F8 94 1E 63 2A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae9f37bcf
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
When you return please post
  • TDSSKiller log
  • OTL fix txt
  • 0

#7
marinavictal
Posted 28 November 2012 - 05:59 AM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello emeraldnzl!
TDSSkiller didn’t find anything wrong in my computer and didn’t create any text file.
OTL.txt is here:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marina\Downloads\cmd.bat deleted successfully.
C:\Users\Marina\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marina
->Temp folder emptied: 3070665 bytes
->Temporary Internet Files folder emptied: 54877993 bytes
->Google Chrome cache emptied: 349561798 bytes
->Flash cache emptied: 2515 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72921 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 20544719 bytes

Total Files Cleaned = 408,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11282012_095236

Files\Folders moved on Reboot...
C:\Users\Marina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Marina\AppData\Local\Temp\~DF1D7F25CDA595E979.TMP not found!
File\Folder C:\Users\Marina\AppData\Local\Temp\~DF2E41B7A7C4A663A0.TMP not found!
File\Folder C:\Users\Marina\AppData\Local\Temp\~DF50C3336F750CCFDA.TMP not found!
File\Folder C:\Users\Marina\AppData\Local\Temp\~DF8CB84FD6FB989C56.TMP not found!
C:\Users\Marina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLI8RTW2\page__pid__2231718[1].htm moved successfully.
C:\Users\Marina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
emeraldnzl
Posted 28 November 2012 - 12:45 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello marinavictal,

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.
  • 0

#9
marinavictal
Posted 29 November 2012 - 07:06 AM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, emeraldnzl!
I tried to run RoggueKill twice, but it crashed in both times and a blue screen appeared. In the blue screen was written something about an error in my system and advising me to ask professional help if it happens again.
RoggueKiller created this file, but I’m not sure if it did everything it was supposed to do:

Debug.txt

[00:00:0000] ***** Global Init *****
[00:00:0000] Has crashed before : Yes
[00:00:0000] Create mutex : RogueKiller
[00:00:0000] Mutex Created : 0x284
[00:00:0000] Fill lists
[00:00:0000] OS Language : Portuguese
[00:00:0000] Take Privileges
[00:00:0000] Modify Token
[00:00:0000] Set priority to HIGH
[00:00:0000] Getting Operating System
[00:00:0000] Os Getted : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
[00:00:0000] ***** Global Init OK *****
[00:00:0000] ***** GUI Init *****
[00:00:0000] Get build number
[00:00:0000] build number : RogueKiller (by Tigzy) -- v8.3.1
[00:00:0109] ***** GUI Init OK *****
[00:00:0109] ***** PreScan *****
[00:00:0125] Clear ListViews
[00:00:0125] Clear Objects : 0x0
[00:00:0125] Enum Windows
[00:00:0125] [Check Window] Eula - Please read
[00:00:0125] [Check Window] Debug log sending
[00:00:0125] [Check Window] Network Flyout
[00:00:0125] [Check Window] Task Switching
[00:00:0125] [Check Window] Start
[00:00:0125] [Check Window] CiceroUIWndFrame
[00:00:0141] [Check Window] TF_FloatingLangBar_WndTitle
[00:00:0141] [Check Window] RogueKiller (by Tigzy) -- v8.3.1
[00:00:0141] [Check Window] HiddenFaxWindow
[00:00:0141] [Check Window] MS_WebcheckMonitor
[00:00:0141] [Check Window] CAvastTrayIcon
[00:00:0141] [Check Window] BluetoothNotificationAreaIconWindowClass
[00:00:0141] [Check Window] Media Center SSO
[00:00:0141] [Check Window] Battery Meter
[00:00:0156] [Check Window] Start menu
[00:00:0156] [Check Window] Marina
[00:00:0156] [Check Window] Jump List
[00:00:0156] [Check Window] NvSvc
[00:00:0156] [Check Window] UxdService
[00:00:0156] [Check Window] DDE Server Window
[00:00:0156] [Check Window] MCI command handling window
[00:00:0156] [Check Window] Task Host Window
[00:00:0156] [Check Window] DWM Notification Window
[00:00:0156] [Check Window] Program Manager
[00:00:0156] [Check Window] Default IME
[00:00:0156] [Check Window] MSCTFIME UI
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] MSCTFIME UI
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] Default IME
[00:00:0172] [Check Window] MSCTFIME UI
[00:00:0172] [Check Window] Default IME
[00:00:0187] [Check Processes] Service PID : 576
[00:01:0155] [Check Processes] [0][_0] [System Process] :
[00:01:0155] [Check Processes] [4][_0] System :
[00:01:0155] [Check Processes] [332][_4] smss.exe : C:\Windows\System32\smss.exe
[00:01:0155] [Check Processes] [444][_436] csrss.exe : C:\Windows\System32\csrss.exe
[00:01:0155] [Check Processes] [504][_436] wininit.exe : C:\Windows\System32\wininit.exe
[00:01:0155] [Check Processes] [524][_512] csrss.exe : C:\Windows\System32\csrss.exe
[00:01:0155] [Check Processes] [576][_504] services.exe : C:\Windows\System32\services.exe
[00:01:0170] [Check Processes] [616][_504] lsass.exe : C:\Windows\System32\lsass.exe
[00:01:0170] [Check Processes] [624][_504] lsm.exe : C:\Windows\System32\lsm.exe
[00:01:0170] [Check Processes] [668][_512] winlogon.exe : C:\Windows\System32\winlogon.exe
[00:01:0170] [Check Processes] [780][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0170] [Check Processes] [860][_576] nvvsvc.exe : C:\Windows\System32\nvvsvc.exe
[00:01:0170] [Check Processes] [884][_576] nvSCPAPISvr.exe : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
[00:01:0186] [Check Processes] [928][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [1000][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [376][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [448][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [1080][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [1192][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0186] [Check Processes] [1256][_576] AvastSvc.exe : C:\Program Files\AVAST Software\Avast\AvastSvc.exe
[00:01:0186] [Check Processes] [1356][_576] spoolsv.exe : C:\Windows\System32\spoolsv.exe
[00:01:0201] [Check Processes] [1420][_860] nvxdsync.exe : C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
[00:01:0217] [Check Processes] [1432][_860] nvvsvc.exe : C:\Windows\System32\nvvsvc.exe
[00:01:0217] [Check Processes] [1504][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0217] [Check Processes] [1596][_576] armsvc.exe : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[00:01:0217] [Check Processes] [1620][_576] AppleMobileDeviceService.exe : C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00:01:0217] [Check Processes] [1660][_576] mDNSResponder.exe : C:\Program Files\Bonjour\mDNSResponder.exe
[00:01:0233] [Check Processes] [1868][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0233] [Check Processes] [1916][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0233] [Check Processes] [1976][_576] WLIDSVC.EXE : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
[00:01:0264] [Check Processes] [2412][_1976] WLIDSVCM.EXE : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
[00:01:0264] [Check Processes] [2508][_576] taskhost.exe : C:\Windows\System32\taskhost.exe
[00:01:0279] [Check Processes] [2576][_376] dwm.exe : C:\Windows\System32\dwm.exe
[00:01:0279] [Check Processes] [2720][_2564] explorer.exe : C:\Windows\explorer.exe
[00:01:0279] [Check Processes] [2304][_3068] AvastUI.exe : C:\Program Files\AVAST Software\Avast\AvastUI.exe
[00:01:0326] [Check Processes] [3048][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0326] [Check Processes] [3136][_1420] nvtray.exe : C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
[00:01:0342] [Check Processes] [3272][_576] SearchIndexer.exe : C:\Windows\System32\SearchIndexer.exe
[00:01:0342] [Check Processes] [3376][_576] wmpnetwk.exe : C:\Program Files\Windows Media Player\wmpnetwk.exe
[00:01:0357] [Check Processes] [3736][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0357] [Check Processes] [3896][_576] svchost.exe : C:\Windows\System32\svchost.exe
[00:01:0357] [Check Processes] [3100][_780] WmiPrvSE.exe : C:\Windows\System32\wbem\WmiPrvSE.exe
[00:01:0389] [Check Processes] [3340][_780] dllhost.exe : C:\Windows\System32\dllhost.exe
[00:01:0389] [Check Processes] [1488][_448] taskeng.exe : C:\Windows\System32\taskeng.exe
[00:01:0404] [Check Processes] [2236][_576] daemonu.exe : C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
[00:01:0420] [Check Processes] [3608][_576] sppsvc.exe : C:\Windows\System32\sppsvc.exe
[00:01:0420] [Check Processes] [2496][_576] TrustedInstaller.exe : C:\Windows\servicing\TrustedInstaller.exe
[00:01:0435] [Check Processes] [1452][_780] dllhost.exe : C:\Windows\System32\dllhost.exe
[00:01:0435] [Check Processes] [2384][_780] dllhost.exe : C:\Windows\System32\dllhost.exe
[00:01:0435] [Check Processes] [2448][_3272] SearchProtocolHost.exe : C:\Windows\System32\SearchProtocolHost.exe
[00:01:0435] [Check Processes] [1132][_3272] SearchFilterHost.exe : C:\Windows\System32\SearchFilterHost.exe
[00:01:0451] [Check Services] [1/415] 1394ohci
[00:01:0451] [Check Services] C:\Windows\system32\drivers\1394ohci.sys
[00:01:0451] [Check Services] [2/415] ACPI
[00:01:0467] [Check Services] C:\Windows\system32\drivers\ACPI.sys
[00:01:0467] [Check Services] [3/415] AcpiPmi
[00:01:0467] [Check Services] C:\Windows\system32\drivers\acpipmi.sys
[00:01:0467] [Check Services] [4/415] AdobeARMservice
[00:01:0467] [Check Services] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
[00:01:0467] [Check Services] [5/415] AdobeFlashPlayerUpdateSvc
[00:01:0467] [Check Services] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[00:01:0467] [Check Services] [6/415] adp94xx
[00:01:0467] [Check Services] C:\Windows\system32\drivers\adp94xx.sys
[00:01:0467] [Check Services] [7/415] adpahci
[00:01:0467] [Check Services] C:\Windows\system32\drivers\adpahci.sys
[00:01:0467] [Check Services] [8/415] adpu320
[00:01:0467] [Check Services] C:\Windows\system32\drivers\adpu320.sys
[00:01:0467] [Check Services] [9/415] AeLookupSvc
[00:01:0467] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0467] [Check Services] [10/415] AFD
[00:01:0467] [Check Services] C:\Windows\system32\drivers\afd.sys
[00:01:0467] [Check Services] [11/415] agp440
[00:01:0467] [Check Services] C:\Windows\system32\drivers\agp440.sys
[00:01:0467] [Check Services] [12/415] ALG
[00:01:0467] [Check Services] C:\Windows\System32\alg.exe
[00:01:0467] [Check Services] [13/415] aliide
[00:01:0467] [Check Services] C:\Windows\system32\drivers\aliide.sys
[00:01:0467] [Check Services] [14/415] amdide
[00:01:0467] [Check Services] C:\Windows\system32\drivers\amdide.sys
[00:01:0467] [Check Services] [15/415] AmdK8
[00:01:0482] [Check Services] C:\Windows\system32\drivers\amdk8.sys
[00:01:0482] [Check Services] [16/415] AmdPPM
[00:01:0482] [Check Services] C:\Windows\system32\drivers\amdppm.sys
[00:01:0482] [Check Services] [17/415] amdsata
[00:01:0482] [Check Services] C:\Windows\system32\drivers\amdsata.sys
[00:01:0482] [Check Services] [18/415] amdsbs
[00:01:0482] [Check Services] C:\Windows\system32\drivers\amdsbs.sys
[00:01:0482] [Check Services] [19/415] amdxata
[00:01:0482] [Check Services] C:\Windows\system32\drivers\amdxata.sys
[00:01:0482] [Check Services] [20/415] AppID
[00:01:0482] [Check Services] C:\Windows\system32\drivers\appid.sys
[00:01:0482] [Check Services] [21/415] AppIDSvc
[00:01:0482] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0482] [Check Services] [22/415] Appinfo
[00:01:0482] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0482] [Check Services] [23/415] Apple Mobile Device
[00:01:0482] [Check Services] "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
[00:01:0482] [Check Services] [24/415] AppMgmt
[00:01:0482] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0482] [Check Services] [25/415] arc
[00:01:0482] [Check Services] C:\Windows\system32\drivers\arc.sys
[00:01:0482] [Check Services] [26/415] arcsas
[00:01:0482] [Check Services] C:\Windows\system32\drivers\arcsas.sys
[00:01:0482] [Check Services] [27/415] aswFsBlk
[00:01:0482] [Check Services] Path not found
[00:01:0482] [Check Services] [28/415] aswMonFlt
[00:01:0482] [Check Services] C:\Windows\system32\drivers\aswMonFlt.sys
[00:01:0498] [Check Services] [29/415] aswRdr
[00:01:0498] [Check Services] C:\Windows\System32\Drivers\aswrdr2.sys
[00:01:0498] [Check Services] [30/415] aswSnx
[00:01:0498] [Check Services] Path not found
[00:01:0498] [Check Services] [31/415] aswSP
[00:01:0498] [Check Services] Path not found
[00:01:0498] [Check Services] [32/415] aswTdi
[00:01:0498] [Check Services] Path not found
[00:01:0498] [Check Services] [33/415] AsyncMac
[00:01:0498] [Check Services] C:\Windows\system32\DRIVERS\asyncmac.sys
[00:01:0498] [Check Services] [34/415] atapi
[00:01:0498] [Check Services] C:\Windows\system32\drivers\atapi.sys
[00:01:0498] [Check Services] [35/415] AudioEndpointBuilder
[00:01:0498] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0498] [Check Services] [36/415] AudioSrv
[00:01:0498] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0498] [Check Services] [37/415] avast! Antivirus
[00:01:0498] [Check Services] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
[00:01:0498] [Check Services] [38/415] AxInstSV
[00:01:0498] [Check Services] C:\Windows\system32\svchost.exe -k AxInstSVGroup
[00:01:0498] [Check Services] [39/415] b06bdrv
[00:01:0498] [Check Services] C:\Windows\system32\drivers\bxvbda.sys
[00:01:0498] [Check Services] [40/415] b57nd60a
[00:01:0498] [Check Services] C:\Windows\system32\DRIVERS\b57nd60a.sys
[00:01:0498] [Check Services] [41/415] BDESVC
[00:01:0498] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0513] [Check Services] [42/415] Beep
[00:01:0513] [Check Services] Path not found
[00:01:0513] [Check Services] [43/415] BFE
[00:01:0513] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
[00:01:0513] [Check Services] [44/415] BITS
[00:01:0513] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0513] [Check Services] [45/415] blbdrive
[00:01:0513] [Check Services] C:\Windows\system32\DRIVERS\blbdrive.sys
[00:01:0513] [Check Services] [46/415] Bonjour Service
[00:01:0513] [Check Services] "C:\Program Files\Bonjour\mDNSResponder.exe"
[00:01:0513] [Check Services] [47/415] bowser
[00:01:0513] [Check Services] C:\Windows\system32\DRIVERS\bowser.sys
[00:01:0513] [Check Services] [48/415] BrFiltLo
[00:01:0513] [Check Services] C:\Windows\system32\drivers\BrFiltLo.sys
[00:01:0513] [Check Services] [49/415] BrFiltUp
[00:01:0513] [Check Services] C:\Windows\system32\drivers\BrFiltUp.sys
[00:01:0513] [Check Services] [50/415] BridgeMP
[00:01:0513] [Check Services] C:\Windows\system32\DRIVERS\bridge.sys
[00:01:0513] [Check Services] [51/415] Browser
[00:01:0513] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0513] [Check Services] [52/415] Brserid
[00:01:0513] [Check Services] C:\Windows\System32\Drivers\Brserid.sys
[00:01:0513] [Check Services] [53/415] BrSerWdm
[00:01:0513] [Check Services] C:\Windows\System32\Drivers\BrSerWdm.sys
[00:01:0513] [Check Services] [54/415] BrUsbMdm
[00:01:0513] [Check Services] C:\Windows\System32\Drivers\BrUsbMdm.sys
[00:01:0513] [Check Services] [55/415] BrUsbSer
[00:01:0529] [Check Services] C:\Windows\System32\Drivers\BrUsbSer.sys
[00:01:0529] [Check Services] [56/415] BTHMODEM
[00:01:0529] [Check Services] C:\Windows\system32\drivers\bthmodem.sys
[00:01:0529] [Check Services] [57/415] bthserv
[00:01:0529] [Check Services] C:\Windows\system32\svchost.exe -k bthsvcs
[00:01:0529] [Check Services] [58/415] catchme
[00:01:0529] [Check Services] C:\ComboFix\catchme.sys
[00:01:0529] [Check Services] [59/415] cdfs
[00:01:0529] [Check Services] C:\Windows\system32\DRIVERS\cdfs.sys
[00:01:0529] [Check Services] [60/415] cdrom
[00:01:0529] [Check Services] C:\Windows\system32\DRIVERS\cdrom.sys
[00:01:0529] [Check Services] [61/415] CertPropSvc
[00:01:0529] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0529] [Check Services] [62/415] circlass
[00:01:0529] [Check Services] C:\Windows\system32\drivers\circlass.sys
[00:01:0529] [Check Services] [63/415] CLFS
[00:01:0529] [Check Services] C:\Windows\System32\CLFS.sys
[00:01:0529] [Check Services] [64/415] clr_optimization_v2.0.50727_32
[00:01:0545] [Check Services] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:01:0545] [Check Services] [65/415] clr_optimization_v2.0.50727_64
[00:01:0545] [Check Services] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
[00:01:0545] [Check Services] [66/415] CmBatt
[00:01:0545] [Check Services] C:\Windows\system32\drivers\CmBatt.sys
[00:01:0545] [Check Services] [67/415] cmdide
[00:01:0545] [Check Services] C:\Windows\system32\drivers\cmdide.sys
[00:01:0545] [Check Services] [68/415] CNG
[00:01:0545] [Check Services] C:\Windows\System32\Drivers\cng.sys
[00:01:0545] [Check Services] [69/415] Compbatt
[00:01:0545] [Check Services] C:\Windows\system32\drivers\compbatt.sys
[00:01:0545] [Check Services] [70/415] CompositeBus
[00:01:0545] [Check Services] C:\Windows\system32\DRIVERS\CompositeBus.sys
[00:01:0545] [Check Services] [71/415] COMSysApp
[00:01:0545] [Check Services] C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[00:01:0545] [Check Services] [72/415] crcdisk
[00:01:0545] [Check Services] C:\Windows\system32\drivers\crcdisk.sys
[00:01:0545] [Check Services] [73/415] CryptSvc
[00:01:0545] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:01:0545] [Check Services] [74/415] CSC
[00:01:0545] [Check Services] C:\Windows\system32\drivers\csc.sys
[00:01:0545] [Check Services] [75/415] CscService
[00:01:0560] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0560] [Check Services] [76/415] DcomLaunch
[00:01:0560] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:01:0560] [Check Services] [77/415] defragsvc
[00:01:0560] [Check Services] C:\Windows\system32\svchost.exe -k defragsvc
[00:01:0560] [Check Services] [78/415] DfsC
[00:01:0560] [Check Services] C:\Windows\System32\Drivers\dfsc.sys
[00:01:0560] [Check Services] [79/415] Dhcp
[00:01:0560] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0560] [Check Services] [80/415] discache
[00:01:0560] [Check Services] C:\Windows\System32\drivers\discache.sys
[00:01:0560] [Check Services] [81/415] Disk
[00:01:0560] [Check Services] C:\Windows\system32\drivers\disk.sys
[00:01:0560] [Check Services] [82/415] dmvsc
[00:01:0560] [Check Services] C:\Windows\system32\drivers\dmvsc.sys
[00:01:0560] [Check Services] [83/415] Dnscache
[00:01:0560] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:01:0560] [Check Services] [84/415] dot3svc
[00:01:0560] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0560] [Check Services] [85/415] DPS
[00:01:0560] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
[00:01:0560] [Check Services] [86/415] drmkaud
[00:01:0560] [Check Services] C:\Windows\system32\drivers\drmkaud.sys
[00:01:0560] [Check Services] [87/415] DXGKrnl
[00:01:0560] [Check Services] C:\Windows\System32\drivers\dxgkrnl.sys
[00:01:0560] [Check Services] [88/415] EapHost
[00:01:0576] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0576] [Check Services] [89/415] ebdrv
[00:01:0576] [Check Services] C:\Windows\system32\drivers\evbda.sys
[00:01:0576] [Check Services] [90/415] EFS
[00:01:0576] [Check Services] C:\Windows\System32\lsass.exe
[00:01:0576] [Check Services] [91/415] ehRecvr
[00:01:0576] [Check Services] C:\Windows\ehome\ehrecvr.exe
[00:01:0576] [Check Services] [92/415] ehSched
[00:01:0576] [Check Services] C:\Windows\ehome\ehsched.exe
[00:01:0576] [Check Services] [93/415] elxstor
[00:01:0576] [Check Services] C:\Windows\system32\drivers\elxstor.sys
[00:01:0576] [Check Services] [94/415] ErrDev
[00:01:0576] [Check Services] C:\Windows\system32\drivers\errdev.sys
[00:01:0576] [Check Services] [95/415] eventlog
[00:01:0576] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0576] [Check Services] [96/415] EventSystem
[00:01:0576] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0576] [Check Services] [97/415] exfat
[00:01:0576] [Check Services] Path not found
[00:01:0576] [Check Services] [98/415] fastfat
[00:01:0576] [Check Services] Path not found
[00:01:0576] [Check Services] [99/415] Fax
[00:01:0576] [Check Services] C:\Windows\system32\fxssvc.exe
[00:01:0576] [Check Services] [100/415] fdc
[00:01:0591] [Check Services] C:\Windows\system32\drivers\fdc.sys
[00:01:0591] [Check Services] [101/415] fdPHost
[00:01:0591] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0591] [Check Services] [102/415] FDResPub
[00:01:0591] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0591] [Check Services] [103/415] FileInfo
[00:01:0591] [Check Services] C:\Windows\system32\drivers\fileinfo.sys
[00:01:0591] [Check Services] [104/415] Filetrace
[00:01:0591] [Check Services] C:\Windows\system32\drivers\filetrace.sys
[00:01:0591] [Check Services] [105/415] flpydisk
[00:01:0591] [Check Services] C:\Windows\system32\drivers\flpydisk.sys
[00:01:0591] [Check Services] [106/415] FltMgr
[00:01:0591] [Check Services] C:\Windows\system32\drivers\fltmgr.sys
[00:01:0591] [Check Services] [107/415] FontCache
[00:01:0591] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0591] [Check Services] [108/415] FontCache3.0.0.0
[00:01:0591] [Check Services] C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
[00:01:0591] [Check Services] [109/415] FsDepends
[00:01:0591] [Check Services] C:\Windows\System32\drivers\FsDepends.sys
[00:01:0591] [Check Services] [110/415] fvevol
[00:01:0591] [Check Services] C:\Windows\System32\DRIVERS\fvevol.sys
[00:01:0591] [Check Services] [111/415] gagp30kx
[00:01:0591] [Check Services] C:\Windows\system32\drivers\gagp30kx.sys
[00:01:0591] [Check Services] [112/415] GEARAspiWDM
[00:01:0591] [Check Services] C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
[00:01:0591] [Check Services] [113/415] gpsvc
[00:01:0607] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0607] [Check Services] [114/415] hcw85cir
[00:01:0607] [Check Services] C:\Windows\system32\drivers\hcw85cir.sys
[00:01:0607] [Check Services] [115/415] HdAudAddService
[00:01:0607] [Check Services] C:\Windows\system32\drivers\HdAudio.sys
[00:01:0607] [Check Services] [116/415] HDAudBus
[00:01:0607] [Check Services] C:\Windows\system32\DRIVERS\HDAudBus.sys
[00:01:0607] [Check Services] [117/415] HidBatt
[00:01:0607] [Check Services] C:\Windows\system32\drivers\HidBatt.sys
[00:01:0607] [Check Services] [118/415] HidBth
[00:01:0607] [Check Services] C:\Windows\system32\drivers\hidbth.sys
[00:01:0607] [Check Services] [119/415] HidIr
[00:01:0607] [Check Services] C:\Windows\system32\drivers\hidir.sys
[00:01:0607] [Check Services] [120/415] hidserv
[00:01:0607] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0607] [Check Services] [121/415] HidUsb
[00:01:0607] [Check Services] C:\Windows\system32\DRIVERS\hidusb.sys
[00:01:0607] [Check Services] [122/415] hkmsvc
[00:01:0607] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0607] [Check Services] [123/415] HomeGroupListener
[00:01:0607] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0607] [Check Services] [124/415] HomeGroupProvider
[00:01:0607] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0607] [Check Services] [125/415] HpSAMD
[00:01:0607] [Check Services] C:\Windows\system32\drivers\HpSAMD.sys
[00:01:0607] [Check Services] [126/415] HTTP
[00:01:0623] [Check Services] C:\Windows\system32\drivers\HTTP.sys
[00:01:0623] [Check Services] [127/415] hwpolicy
[00:01:0623] [Check Services] C:\Windows\System32\drivers\hwpolicy.sys
[00:01:0623] [Check Services] [128/415] i8042prt
[00:01:0623] [Check Services] C:\Windows\system32\DRIVERS\i8042prt.sys
[00:01:0623] [Check Services] [129/415] iaStorV
[00:01:0623] [Check Services] C:\Windows\system32\drivers\iaStorV.sys
[00:01:0623] [Check Services] [130/415] idsvc
[00:01:0623] [Check Services] "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
[00:01:0623] [Check Services] [131/415] iirsp
[00:01:0623] [Check Services] C:\Windows\system32\drivers\iirsp.sys
[00:01:0623] [Check Services] [132/415] IKEEXT
[00:01:0623] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0623] [Check Services] [133/415] intelide
[00:01:0623] [Check Services] C:\Windows\system32\drivers\intelide.sys
[00:01:0623] [Check Services] [134/415] intelppm
[00:01:0623] [Check Services] C:\Windows\system32\DRIVERS\intelppm.sys
[00:01:0623] [Check Services] [135/415] IPBusEnum
[00:01:0623] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0623] [Check Services] [136/415] IpFilterDriver
[00:01:0623] [Check Services] C:\Windows\system32\DRIVERS\ipfltdrv.sys
[00:01:0623] [Check Services] [137/415] iphlpsvc
[00:01:0623] [Check Services] C:\Windows\System32\svchost.exe -k NetSvcs
[00:01:0623] [Check Services] [138/415] IPMIDRV
[00:01:0623] [Check Services] C:\Windows\system32\drivers\IPMIDrv.sys
[00:01:0623] [Check Services] [139/415] IPNAT
[00:01:0638] [Check Services] C:\Windows\System32\drivers\ipnat.sys
[00:01:0638] [Check Services] [140/415] iPod Service
[00:01:0638] [Check Services] "C:\Program Files\iPod\bin\iPodService.exe"
[00:01:0638] [Check Services] [141/415] IRENUM
[00:01:0638] [Check Services] C:\Windows\system32\drivers\irenum.sys
[00:01:0638] [Check Services] [142/415] isapnp
[00:01:0638] [Check Services] C:\Windows\system32\drivers\isapnp.sys
[00:01:0638] [Check Services] [143/415] iScsiPrt
[00:01:0638] [Check Services] C:\Windows\system32\drivers\msiscsi.sys
[00:01:0638] [Check Services] [144/415] kbdclass
[00:01:0638] [Check Services] C:\Windows\system32\DRIVERS\kbdclass.sys
[00:01:0638] [Check Services] [145/415] kbdhid
[00:01:0638] [Check Services] C:\Windows\system32\DRIVERS\kbdhid.sys
[00:01:0638] [Check Services] [146/415] KeyIso
[00:01:0638] [Check Services] C:\Windows\system32\lsass.exe
[00:01:0638] [Check Services] [147/415] KSecDD
[00:01:0638] [Check Services] C:\Windows\System32\Drivers\ksecdd.sys
[00:01:0638] [Check Services] [148/415] KSecPkg
[00:01:0638] [Check Services] C:\Windows\System32\Drivers\ksecpkg.sys
[00:01:0638] [Check Services] [149/415] ksthunk
[00:01:0638] [Check Services] C:\Windows\system32\drivers\ksthunk.sys
[00:01:0638] [Check Services] [150/415] KtmRm
[00:01:0638] [Check Services] C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
[00:01:0638] [Check Services] [151/415] LanmanServer
[00:01:0638] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0638] [Check Services] [152/415] LanmanWorkstation
[00:01:0654] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0654] [Check Services] [153/415] lltdio
[00:01:0654] [Check Services] C:\Windows\system32\DRIVERS\lltdio.sys
[00:01:0654] [Check Services] [154/415] lltdsvc
[00:01:0654] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:01:0654] [Check Services] [155/415] lmhosts
[00:01:0654] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0654] [Check Services] [156/415] LSI_FC
[00:01:0654] [Check Services] C:\Windows\system32\drivers\lsi_fc.sys
[00:01:0654] [Check Services] [157/415] LSI_SAS
[00:01:0654] [Check Services] C:\Windows\system32\drivers\lsi_sas.sys
[00:01:0654] [Check Services] [158/415] LSI_SAS2
[00:01:0654] [Check Services] C:\Windows\system32\drivers\lsi_sas2.sys
[00:01:0654] [Check Services] [159/415] LSI_SCSI
[00:01:0654] [Check Services] C:\Windows\system32\drivers\lsi_scsi.sys
[00:01:0654] [Check Services] [160/415] luafv
[00:01:0654] [Check Services] C:\Windows\system32\drivers\luafv.sys
[00:01:0654] [Check Services] [161/415] Mcx2Svc
[00:01:0654] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0654] [Check Services] [162/415] megasas
[00:01:0654] [Check Services] C:\Windows\system32\drivers\megasas.sys
[00:01:0654] [Check Services] [163/415] MegaSR
[00:01:0654] [Check Services] C:\Windows\system32\drivers\MegaSR.sys
[00:01:0654] [Check Services] [164/415] MMCSS
[00:01:0654] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0654] [Check Services] [165/415] Modem
[00:01:0669] [Check Services] C:\Windows\system32\drivers\modem.sys
[00:01:0669] [Check Services] [166/415] monitor
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\monitor.sys
[00:01:0669] [Check Services] [167/415] mouclass
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\mouclass.sys
[00:01:0669] [Check Services] [168/415] mouhid
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\mouhid.sys
[00:01:0669] [Check Services] [169/415] mountmgr
[00:01:0669] [Check Services] C:\Windows\System32\drivers\mountmgr.sys
[00:01:0669] [Check Services] [170/415] mpio
[00:01:0669] [Check Services] C:\Windows\system32\drivers\mpio.sys
[00:01:0669] [Check Services] [171/415] mpsdrv
[00:01:0669] [Check Services] C:\Windows\System32\drivers\mpsdrv.sys
[00:01:0669] [Check Services] [172/415] MpsSvc
[00:01:0669] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
[00:01:0669] [Check Services] [173/415] MRxDAV
[00:01:0669] [Check Services] C:\Windows\system32\drivers\mrxdav.sys
[00:01:0669] [Check Services] [174/415] mrxsmb
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\mrxsmb.sys
[00:01:0669] [Check Services] [175/415] mrxsmb10
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\mrxsmb10.sys
[00:01:0669] [Check Services] [176/415] mrxsmb20
[00:01:0669] [Check Services] C:\Windows\system32\DRIVERS\mrxsmb20.sys
[00:01:0669] [Check Services] [177/415] msahci
[00:01:0685] [Check Services] C:\Windows\system32\drivers\msahci.sys
[00:01:0685] [Check Services] [178/415] msdsm
[00:01:0685] [Check Services] C:\Windows\system32\drivers\msdsm.sys
[00:01:0685] [Check Services] [179/415] MSDTC
[00:01:0685] [Check Services] C:\Windows\System32\msdtc.exe
[00:01:0685] [Check Services] [180/415] Msfs
[00:01:0685] [Check Services] Path not found
[00:01:0685] [Check Services] [181/415] mshidkmdf
[00:01:0685] [Check Services] C:\Windows\System32\drivers\mshidkmdf.sys
[00:01:0685] [Check Services] [182/415] msisadrv
[00:01:0685] [Check Services] C:\Windows\system32\drivers\msisadrv.sys
[00:01:0685] [Check Services] [183/415] MSiSCSI
[00:01:0685] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0685] [Check Services] [184/415] msiserver
[00:01:0685] [Check Services] C:\Windows\system32\msiexec.exe /V
[00:01:0685] [Check Services] [185/415] MSKSSRV
[00:01:0685] [Check Services] C:\Windows\system32\drivers\MSKSSRV.sys
[00:01:0685] [Check Services] [186/415] MSPCLOCK
[00:01:0685] [Check Services] C:\Windows\system32\drivers\MSPCLOCK.sys
[00:01:0685] [Check Services] [187/415] MSPQM
[00:01:0685] [Check Services] C:\Windows\system32\drivers\MSPQM.sys
[00:01:0685] [Check Services] [188/415] MsRPC
[00:01:0685] [Check Services] Path not found
[00:01:0685] [Check Services] [189/415] mssmbios
[00:01:0685] [Check Services] C:\Windows\system32\DRIVERS\mssmbios.sys
[00:01:0685] [Check Services] [190/415] MSTEE
[00:01:0685] [Check Services] C:\Windows\system32\drivers\MSTEE.sys
[00:01:0685] [Check Services] [191/415] MTConfig
[00:01:0701] [Check Services] C:\Windows\system32\drivers\MTConfig.sys
[00:01:0701] [Check Services] [192/415] Mup
[00:01:0701] [Check Services] C:\Windows\System32\Drivers\mup.sys
[00:01:0701] [Check Services] [193/415] napagent
[00:01:0701] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0701] [Check Services] [194/415] NativeWifiP
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\nwifi.sys
[00:01:0701] [Check Services] [195/415] NDIS
[00:01:0701] [Check Services] C:\Windows\system32\drivers\ndis.sys
[00:01:0701] [Check Services] [196/415] NdisCap
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\ndiscap.sys
[00:01:0701] [Check Services] [197/415] NdisTapi
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\ndistapi.sys
[00:01:0701] [Check Services] [198/415] Ndisuio
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\ndisuio.sys
[00:01:0701] [Check Services] [199/415] NdisWan
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\ndiswan.sys
[00:01:0701] [Check Services] [200/415] NDProxy
[00:01:0701] [Check Services] Path not found
[00:01:0701] [Check Services] [201/415] NetBIOS
[00:01:0701] [Check Services] C:\Windows\system32\DRIVERS\netbios.sys
[00:01:0701] [Check Services] [202/415] NetBT
[00:01:0701] [Check Services] C:\Windows\System32\DRIVERS\netbt.sys
[00:01:0701] [Check Services] [203/415] Netlogon
[00:01:0701] [Check Services] C:\Windows\system32\lsass.exe
[00:01:0716] [Check Services] [204/415] Netman
[00:01:0716] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0716] [Check Services] [205/415] netprofm
[00:01:0716] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:01:0716] [Check Services] [206/415] NetTcpPortSharing
[00:01:0716] [Check Services] "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[00:01:0716] [Check Services] [207/415] nfrd960
[00:01:0716] [Check Services] C:\Windows\system32\drivers\nfrd960.sys
[00:01:0716] [Check Services] [208/415] NlaSvc
[00:01:0716] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0716] [Check Services] [209/415] Npfs
[00:01:0716] [Check Services] Path not found
[00:01:0716] [Check Services] [210/415] nsi
[00:01:0716] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0716] [Check Services] [211/415] nsiproxy
[00:01:0716] [Check Services] C:\Windows\system32\drivers\nsiproxy.sys
[00:01:0716] [Check Services] [212/415] Ntfs
[00:01:0716] [Check Services] Path not found
[00:01:0716] [Check Services] [213/415] Null
[00:01:0716] [Check Services] Path not found
[00:01:0716] [Check Services] [214/415] NVHDA
[00:01:0716] [Check Services] C:\Windows\system32\drivers\nvhda64v.sys
[00:01:0716] [Check Services] [215/415] nvlddmkm
[00:01:0716] [Check Services] C:\Windows\system32\DRIVERS\nvlddmkm.sys
[00:01:0732] [Check Services] [216/415] nvraid
[00:01:0732] [Check Services] C:\Windows\system32\drivers\nvraid.sys
[00:01:0732] [Check Services] [217/415] nvstor
[00:01:0732] [Check Services] C:\Windows\system32\drivers\nvstor.sys
[00:01:0732] [Check Services] [218/415] nvsvc
[00:01:0732] [Check Services] C:\Windows\system32\nvvsvc.exe
[00:01:0732] [Check Services] [219/415] nvUpdatusService
[00:01:0732] [Check Services] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
[00:01:0732] [Check Services] [220/415] nv_agp
[00:01:0732] [Check Services] C:\Windows\system32\drivers\nv_agp.sys
[00:01:0732] [Check Services] [221/415] ohci1394
[00:01:0732] [Check Services] C:\Windows\system32\drivers\ohci1394.sys
[00:01:0732] [Check Services] [222/415] ose
[00:01:0732] [Check Services] "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
[00:01:0732] [Check Services] [223/415] osppsvc
[00:01:0732] [Check Services] "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
[00:01:0732] [Check Services] [224/415] p2pimsvc
[00:01:0732] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:01:0732] [Check Services] [225/415] p2psvc
[00:01:0732] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:01:0732] [Check Services] [226/415] Parport
[00:01:0732] [Check Services] C:\Windows\system32\DRIVERS\parport.sys
[00:01:0732] [Check Services] [227/415] partmgr
[00:01:0732] [Check Services] C:\Windows\System32\drivers\partmgr.sys
[00:01:0732] [Check Services] [228/415] PcaSvc
[00:01:0747] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0747] [Check Services] [229/415] pci
[00:01:0747] [Check Services] C:\Windows\system32\drivers\pci.sys
[00:01:0747] [Check Services] [230/415] pciide
[00:01:0747] [Check Services] C:\Windows\system32\drivers\pciide.sys
[00:01:0747] [Check Services] [231/415] pcmcia
[00:01:0747] [Check Services] C:\Windows\system32\drivers\pcmcia.sys
[00:01:0747] [Check Services] [232/415] pcw
[00:01:0747] [Check Services] C:\Windows\System32\drivers\pcw.sys
[00:01:0747] [Check Services] [233/415] PEAUTH
[00:01:0747] [Check Services] C:\Windows\system32\drivers\peauth.sys
[00:01:0747] [Check Services] [234/415] PeerDistSvc
[00:01:0747] [Check Services] C:\Windows\System32\svchost.exe -k PeerDist
[00:01:0747] [Check Services] [235/415] PerfHost
[00:01:0747] [Check Services] C:\Windows\SysWOW64\perfhost.exe
[00:01:0747] [Check Services] [236/415] pla
[00:01:0747] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
[00:01:0747] [Check Services] [237/415] PlugPlay
[00:01:0747] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:01:0747] [Check Services] [238/415] PNRPAutoReg
[00:01:0747] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:01:0747] [Check Services] [239/415] PNRPsvc
[00:01:0747] [Check Services] C:\Windows\System32\svchost.exe -k LocalServicePeerNet
[00:01:0747] [Check Services] [240/415] PolicyAgent
[00:01:0763] [Check Services] C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
[00:01:0763] [Check Services] [241/415] Power
[00:01:0763] [Check Services] C:\Windows\system32\svchost.exe -k DcomLaunch
[00:01:0763] [Check Services] [242/415] PptpMiniport
[00:01:0763] [Check Services] C:\Windows\system32\DRIVERS\raspptp.sys
[00:01:0763] [Check Services] [243/415] Processor
[00:01:0763] [Check Services] C:\Windows\system32\drivers\processr.sys
[00:01:0763] [Check Services] [244/415] ProfSvc
[00:01:0763] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0763] [Check Services] [245/415] ProtectedStorage
[00:01:0763] [Check Services] C:\Windows\system32\lsass.exe
[00:01:0763] [Check Services] [246/415] Psched
[00:01:0763] [Check Services] C:\Windows\system32\DRIVERS\pacer.sys
[00:01:0763] [Check Services] [247/415] ql2300
[00:01:0763] [Check Services] C:\Windows\system32\drivers\ql2300.sys
[00:01:0763] [Check Services] [248/415] ql40xx
[00:01:0763] [Check Services] C:\Windows\system32\drivers\ql40xx.sys
[00:01:0763] [Check Services] [249/415] QWAVE
[00:01:0763] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0763] [Check Services] [250/415] QWAVEdrv
[00:01:0763] [Check Services] C:\Windows\system32\drivers\qwavedrv.sys
[00:01:0763] [Check Services] [251/415] RasAcd
[00:01:0763] [Check Services] C:\Windows\System32\DRIVERS\rasacd.sys
[00:01:0763] [Check Services] [252/415] RasAgileVpn
[00:01:0763] [Check Services] C:\Windows\system32\DRIVERS\AgileVpn.sys
[00:01:0763] [Check Services] [253/415] RasAuto
[00:01:0779] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0779] [Check Services] [254/415] Rasl2tp
[00:01:0779] [Check Services] C:\Windows\system32\DRIVERS\rasl2tp.sys
[00:01:0779] [Check Services] [255/415] RasMan
[00:01:0779] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0779] [Check Services] [256/415] RasPppoe
[00:01:0779] [Check Services] C:\Windows\system32\DRIVERS\raspppoe.sys
[00:01:0779] [Check Services] [257/415] RasSstp
[00:01:0779] [Check Services] C:\Windows\system32\DRIVERS\rassstp.sys
[00:01:0779] [Check Services] [258/415] rdbss
[00:01:0779] [Check Services] C:\Windows\system32\DRIVERS\rdbss.sys
[00:01:0779] [Check Services] [259/415] rdpbus
[00:01:0779] [Check Services] C:\Windows\system32\DRIVERS\rdpbus.sys
[00:01:0779] [Check Services] [260/415] RDPCDD
[00:01:0779] [Check Services] C:\Windows\System32\DRIVERS\RDPCDD.sys
[00:01:0779] [Check Services] [261/415] RDPDR
[00:01:0779] [Check Services] C:\Windows\System32\drivers\rdpdr.sys
[00:01:0779] [Check Services] [262/415] RDPENCDD
[00:01:0779] [Check Services] C:\Windows\system32\drivers\rdpencdd.sys
[00:01:0779] [Check Services] [263/415] RDPREFMP
[00:01:0779] [Check Services] C:\Windows\system32\drivers\rdprefmp.sys
[00:01:0779] [Check Services] [264/415] RdpVideoMiniport
[00:01:0779] [Check Services] C:\Windows\System32\drivers\rdpvideominiport.sys
[00:01:0779] [Check Services] [265/415] RDPWD
[00:01:0794] [Check Services] Path not found
[00:01:0794] [Check Services] [266/415] rdyboost
[00:01:0794] [Check Services] C:\Windows\System32\drivers\rdyboost.sys
[00:01:0794] [Check Services] [267/415] RemoteAccess
[00:01:0794] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0794] [Check Services] [268/415] RemoteRegistry
[00:01:0794] [Check Services] C:\Windows\system32\svchost.exe -k regsvc
[00:01:0794] [Check Services] [269/415] RpcEptMapper
[00:01:0794] [Check Services] C:\Windows\system32\svchost.exe -k RPCSS
[00:01:0794] [Check Services] [270/415] RpcLocator
[00:01:0794] [Check Services] C:\Windows\system32\locator.exe
[00:01:0794] [Check Services] [271/415] RpcSs
[00:01:0794] [Check Services] C:\Windows\system32\svchost.exe -k rpcss
[00:01:0794] [Check Services] [272/415] rspndr
[00:01:0794] [Check Services] C:\Windows\system32\DRIVERS\rspndr.sys
[00:01:0794] [Check Services] [273/415] RTL8167
[00:01:0794] [Check Services] C:\Windows\system32\DRIVERS\Rt64win7.sys
[00:01:0794] [Check Services] [274/415] s3cap
[00:01:0794] [Check Services] C:\Windows\system32\drivers\vms3cap.sys
[00:01:0794] [Check Services] [275/415] SamSs
[00:01:0794] [Check Services] C:\Windows\system32\lsass.exe
[00:01:0794] [Check Services] [276/415] sbp2port
[00:01:0794] [Check Services] C:\Windows\system32\drivers\sbp2port.sys
[00:01:0794] [Check Services] [277/415] SCardSvr
[00:01:0794] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0794] [Check Services] [278/415] scfilter
[00:01:0810] [Check Services] C:\Windows\System32\DRIVERS\scfilter.sys
[00:01:0810] [Check Services] [279/415] Schedule
[00:01:0810] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0810] [Check Services] [280/415] SCPolicySvc
[00:01:0810] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0810] [Check Services] [281/415] SDRSVC
[00:01:0810] [Check Services] C:\Windows\system32\svchost.exe -k SDRSVC
[00:01:0810] [Check Services] [282/415] secdrv
[00:01:0810] [Check Services] Path not found
[00:01:0810] [Check Services] [283/415] seclogon
[00:01:0810] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0810] [Check Services] [284/415] SENS
[00:01:0810] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0810] [Check Services] [285/415] SensrSvc
[00:01:0810] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0810] [Check Services] [286/415] Serenum
[00:01:0810] [Check Services] C:\Windows\system32\DRIVERS\serenum.sys
[00:01:0810] [Check Services] [287/415] Serial
[00:01:0810] [Check Services] C:\Windows\system32\DRIVERS\serial.sys
[00:01:0810] [Check Services] [288/415] sermouse
[00:01:0810] [Check Services] C:\Windows\system32\drivers\sermouse.sys
[00:01:0810] [Check Services] [289/415] SessionEnv
[00:01:0810] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0810] [Check Services] [290/415] sffdisk
[00:01:0825] [Check Services] C:\Windows\system32\drivers\sffdisk.sys
[00:01:0825] [Check Services] [291/415] sffp_mmc
[00:01:0825] [Check Services] C:\Windows\system32\drivers\sffp_mmc.sys
[00:01:0825] [Check Services] [292/415] sffp_sd
[00:01:0825] [Check Services] C:\Windows\system32\drivers\sffp_sd.sys
[00:01:0825] [Check Services] [293/415] sfloppy
[00:01:0825] [Check Services] C:\Windows\system32\drivers\sfloppy.sys
[00:01:0825] [Check Services] [294/415] SharedAccess
[00:01:0825] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0825] [Check Services] [295/415] ShellHWDetection
[00:01:0825] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0825] [Check Services] [296/415] SiSRaid2
[00:01:0825] [Check Services] C:\Windows\system32\drivers\SiSRaid2.sys
[00:01:0825] [Check Services] [297/415] SiSRaid4
[00:01:0825] [Check Services] C:\Windows\system32\drivers\sisraid4.sys
[00:01:0825] [Check Services] [298/415] SkypeUpdate
[00:01:0825] [Check Services] "C:\Program Files (x86)\Skype\Updater\Updater.exe"
[00:01:0825] [Check Services] [299/415] Smb
[00:01:0825] [Check Services] C:\Windows\system32\DRIVERS\smb.sys
[00:01:0825] [Check Services] [300/415] SNMPTRAP
[00:01:0825] [Check Services] C:\Windows\System32\snmptrap.exe
[00:01:0825] [Check Services] [301/415] spldr
[00:01:0825] [Check Services] Path not found
[00:01:0825] [Check Services] [302/415] Spooler
[00:01:0825] [Check Services] C:\Windows\System32\spoolsv.exe
[00:01:0825] [Check Services] [303/415] sppsvc
[00:01:0841] [Check Services] C:\Windows\system32\sppsvc.exe
[00:01:0841] [Check Services] [304/415] sppuinotify
[00:01:0841] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0841] [Check Services] [305/415] srv
[00:01:0841] [Check Services] C:\Windows\System32\DRIVERS\srv.sys
[00:01:0841] [Check Services] [306/415] srv2
[00:01:0841] [Check Services] C:\Windows\System32\DRIVERS\srv2.sys
[00:01:0841] [Check Services] [307/415] srvnet
[00:01:0841] [Check Services] C:\Windows\System32\DRIVERS\srvnet.sys
[00:01:0841] [Check Services] [308/415] SSDPSRV
[00:01:0841] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0841] [Check Services] [309/415] SstpSvc
[00:01:0841] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0841] [Check Services] [310/415] Steam Client Service
[00:01:0841] [Check Services] C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
[00:01:0841] [Check Services] [311/415] Stereo Service
[00:01:0841] [Check Services] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
[00:01:0841] [Check Services] [312/415] stexstor
[00:01:0841] [Check Services] C:\Windows\system32\drivers\stexstor.sys
[00:01:0841] [Check Services] [313/415] stisvc
[00:01:0841] [Check Services] C:\Windows\system32\svchost.exe -k imgsvc
[00:01:0841] [Check Services] [314/415] storflt
[00:01:0841] [Check Services] C:\Windows\system32\drivers\vmstorfl.sys
[00:01:0841] [Check Services] [315/415] storvsc
[00:01:0841] [Check Services] C:\Windows\system32\drivers\storvsc.sys
[00:01:0841] [Check Services] [316/415] swenum
[00:01:0857] [Check Services] C:\Windows\system32\DRIVERS\swenum.sys
[00:01:0857] [Check Services] [317/415] swprv
[00:01:0857] [Check Services] C:\Windows\System32\svchost.exe -k swprv
[00:01:0857] [Check Services] [318/415] Synth3dVsc
[00:01:0857] [Check Services] C:\Windows\System32\drivers\synth3dvsc.sys
[00:01:0857] [Check Services] [319/415] SysMain
[00:01:0857] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0857] [Check Services] [320/415] TabletInputService
[00:01:0857] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0857] [Check Services] [321/415] TapiSrv
[00:01:0857] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0857] [Check Services] [322/415] TBS
[00:01:0857] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0857] [Check Services] [323/415] Tcpip
[00:01:0857] [Check Services] C:\Windows\System32\drivers\tcpip.sys
[00:01:0857] [Check Services] [324/415] TCPIP6
[00:01:0857] [Check Services] C:\Windows\system32\DRIVERS\tcpip.sys
[00:01:0857] [Check Services] [325/415] tcpipreg
[00:01:0857] [Check Services] C:\Windows\System32\drivers\tcpipreg.sys
[00:01:0857] [Check Services] [326/415] TDPIPE
[00:01:0857] [Check Services] C:\Windows\system32\drivers\tdpipe.sys
[00:01:0857] [Check Services] [327/415] TDTCP
[00:01:0857] [Check Services] C:\Windows\system32\drivers\tdtcp.sys
[00:01:0857] [Check Services] [328/415] tdx
[00:01:0857] [Check Services] C:\Windows\system32\DRIVERS\tdx.sys
[00:01:0857] [Check Services] [329/415] TermDD
[00:01:0872] [Check Services] C:\Windows\system32\DRIVERS\termdd.sys
[00:01:0872] [Check Services] [330/415] terminpt
[00:01:0872] [Check Services] C:\Windows\system32\drivers\terminpt.sys
[00:01:0872] [Check Services] [331/415] TermService
[00:01:0872] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0872] [Check Services] [332/415] Themes
[00:01:0872] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0872] [Check Services] [333/415] THREADORDER
[00:01:0872] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0872] [Check Services] [334/415] TrkWks
[00:01:0872] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0872] [Check Services] [335/415] TrustedInstaller
[00:01:0872] [Check Services] C:\Windows\servicing\TrustedInstaller.exe
[00:01:0872] [Check Services] [336/415] tssecsrv
[00:01:0872] [Check Services] C:\Windows\System32\DRIVERS\tssecsrv.sys
[00:01:0872] [Check Services] [337/415] TsUsbFlt
[00:01:0872] [Check Services] C:\Windows\system32\drivers\tsusbflt.sys
[00:01:0872] [Check Services] [338/415] TsUsbGD
[00:01:0872] [Check Services] C:\Windows\system32\drivers\TsUsbGD.sys
[00:01:0872] [Check Services] [339/415] tsusbhub
[00:01:0872] [Check Services] C:\Windows\system32\drivers\tsusbhub.sys
[00:01:0872] [Check Services] [340/415] tunnel
[00:01:0872] [Check Services] C:\Windows\system32\DRIVERS\tunnel.sys
[00:01:0872] [Check Services] [341/415] uagp35
[00:01:0888] [Check Services] C:\Windows\system32\drivers\uagp35.sys
[00:01:0888] [Check Services] [342/415] udfs
[00:01:0888] [Check Services] C:\Windows\system32\DRIVERS\udfs.sys
[00:01:0888] [Check Services] [343/415] UI0Detect
[00:01:0888] [Check Services] C:\Windows\system32\UI0Detect.exe
[00:01:0888] [Check Services] [344/415] uliagpkx
[00:01:0888] [Check Services] C:\Windows\system32\drivers\uliagpkx.sys
[00:01:0888] [Check Services] [345/415] umbus
[00:01:0888] [Check Services] C:\Windows\system32\DRIVERS\umbus.sys
[00:01:0888] [Check Services] [346/415] UmPass
[00:01:0888] [Check Services] C:\Windows\system32\drivers\umpass.sys
[00:01:0888] [Check Services] [347/415] UmRdpService
[00:01:0888] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0888] [Check Services] [348/415] upnphost
[00:01:0888] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0888] [Check Services] [349/415] USBAAPL64
[00:01:0888] [Check Services] C:\Windows\System32\Drivers\usbaapl64.sys
[00:01:0888] [Check Services] [350/415] usbaudio
[00:01:0888] [Check Services] C:\Windows\system32\drivers\usbaudio.sys
[00:01:0888] [Check Services] [351/415] usbccgp
[00:01:0888] [Check Services] C:\Windows\system32\DRIVERS\usbccgp.sys
[00:01:0888] [Check Services] [352/415] usbcir
[00:01:0888] [Check Services] C:\Windows\system32\drivers\usbcir.sys
[00:01:0888] [Check Services] [353/415] usbehci
[00:01:0888] [Check Services] C:\Windows\system32\DRIVERS\usbehci.sys
[00:01:0888] [Check Services] [354/415] usbhub
[00:01:0888] [Check Services] C:\Windows\system32\DRIVERS\usbhub.sys
[00:01:0888] [Check Services] [355/415] usbohci
[00:01:0903] [Check Services] C:\Windows\system32\drivers\usbohci.sys
[00:01:0903] [Check Services] [356/415] usbprint
[00:01:0903] [Check Services] C:\Windows\system32\drivers\usbprint.sys
[00:01:0903] [Check Services] [357/415] USBSTOR
[00:01:0903] [Check Services] C:\Windows\system32\DRIVERS\USBSTOR.SYS
[00:01:0903] [Check Services] [358/415] usbuhci
[00:01:0903] [Check Services] C:\Windows\system32\drivers\usbuhci.sys
[00:01:0903] [Check Services] [359/415] usbvideo
[00:01:0903] [Check Services] C:\Windows\System32\Drivers\usbvideo.sys
[00:01:0903] [Check Services] [360/415] UxSms
[00:01:0903] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0903] [Check Services] [361/415] VaultSvc
[00:01:0903] [Check Services] C:\Windows\system32\lsass.exe
[00:01:0903] [Check Services] [362/415] vdrvroot
[00:01:0903] [Check Services] C:\Windows\system32\drivers\vdrvroot.sys
[00:01:0903] [Check Services] [363/415] vds
[00:01:0903] [Check Services] C:\Windows\System32\vds.exe
[00:01:0903] [Check Services] [364/415] vga
[00:01:0903] [Check Services] C:\Windows\system32\DRIVERS\vgapnp.sys
[00:01:0903] [Check Services] [365/415] VgaSave
[00:01:0903] [Check Services] C:\Windows\System32\drivers\vga.sys
[00:01:0903] [Check Services] [366/415] VGPU
[00:01:0903] [Check Services] C:\Windows\System32\drivers\rdvgkmd.sys
[00:01:0903] [Check Services] [367/415] vhdmp
[00:01:0903] [Check Services] C:\Windows\system32\drivers\vhdmp.sys
[00:01:0903] [Check Services] [368/415] viaide
[00:01:0903] [Check Services] C:\Windows\system32\drivers\viaide.sys
[00:01:0903] [Check Services] [369/415] vmbus
[00:01:0919] [Check Services] C:\Windows\system32\drivers\vmbus.sys
[00:01:0919] [Check Services] [370/415] VMBusHID
[00:01:0919] [Check Services] C:\Windows\system32\drivers\VMBusHID.sys
[00:01:0919] [Check Services] [371/415] volmgr
[00:01:0919] [Check Services] C:\Windows\system32\drivers\volmgr.sys
[00:01:0919] [Check Services] [372/415] volmgrx
[00:01:0919] [Check Services] C:\Windows\System32\drivers\volmgrx.sys
[00:01:0919] [Check Services] [373/415] volsnap
[00:01:0919] [Check Services] C:\Windows\system32\drivers\volsnap.sys
[00:01:0919] [Check Services] [374/415] vsmraid
[00:01:0919] [Check Services] C:\Windows\system32\drivers\vsmraid.sys
[00:01:0919] [Check Services] [375/415] VSS
[00:01:0919] [Check Services] C:\Windows\system32\vssvc.exe
[00:01:0919] [Check Services] [376/415] vwifibus
[00:01:0919] [Check Services] C:\Windows\System32\drivers\vwifibus.sys
[00:01:0919] [Check Services] [377/415] W32Time
[00:01:0919] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0919] [Check Services] [378/415] WacomPen
[00:01:0919] [Check Services] C:\Windows\system32\drivers\wacompen.sys
[00:01:0919] [Check Services] [379/415] WANARP
[00:01:0919] [Check Services] C:\Windows\system32\DRIVERS\wanarp.sys
[00:01:0919] [Check Services] [380/415] Wanarpv6
[00:01:0919] [Check Services] C:\Windows\system32\DRIVERS\wanarp.sys
[00:01:0919] [Check Services] [381/415] wbengine
[00:01:0919] [Check Services] "C:\Windows\system32\wbengine.exe"
[00:01:0935] [Check Services] [382/415] WbioSrvc
[00:01:0935] [Check Services] C:\Windows\system32\svchost.exe -k WbioSvcGroup
[00:01:0935] [Check Services] [383/415] wcncsvc
[00:01:0935] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
[00:01:0935] [Check Services] [384/415] WcsPlugInService
[00:01:0935] [Check Services] C:\Windows\system32\svchost.exe -k wcssvc
[00:01:0935] [Check Services] [385/415] Wd
[00:01:0935] [Check Services] C:\Windows\system32\drivers\wd.sys
[00:01:0935] [Check Services] [386/415] Wdf01000
[00:01:0935] [Check Services] C:\Windows\system32\drivers\Wdf01000.sys
[00:01:0935] [Check Services] [387/415] WdiServiceHost
[00:01:0935] [Check Services] C:\Windows\System32\svchost.exe -k LocalService
[00:01:0935] [Check Services] [388/415] WdiSystemHost
[00:01:0935] [Check Services] C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0935] [Check Services] [389/415] WebClient
[00:01:0935] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0935] [Check Services] [390/415] Wecsvc
[00:01:0935] [Check Services] C:\Windows\system32\svchost.exe -k NetworkService
[00:01:0935] [Check Services] [391/415] wercplsupport
[00:01:0935] [Check Services] C:\Windows\System32\svchost.exe -k netsvcs
[00:01:0935] [Check Services] [392/415] WerSvc
[00:01:0935] [Check Services] C:\Windows\System32\svchost.exe -k WerSvcGroup
[00:01:0935] [Check Services] [393/415] WfpLwf
[00:01:0935] [Check Services] C:\Windows\system32\DRIVERS\wfplwf.sys
[00:01:0935] [Check Services] [394/415] WIMMount
[00:01:0950] [Check Services] C:\Windows\system32\drivers\wimmount.sys
[00:01:0950] [Check Services] [395/415] WinDefend
[00:01:0950] [Check Services] C:\Windows\System32\svchost.exe -k secsvcs
[00:01:0950] [Check Services] [396/415] WinHttpAutoProxySvc
[00:01:0950] [Check Services] C:\Windows\system32\svchost.exe -k LocalService
[00:01:0950] [Check Services] [397/415] Winmgmt
[00:01:0950] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0950] [Check Services] [398/415] WinRM
[00:01:0950] [Check Services] C:\Windows\System32\svchost.exe -k NetworkService
[00:01:0950] [Check Services] [399/415] WinUsb
[00:01:0950] [Check Services] C:\Windows\system32\DRIVERS\WinUsb.sys
[00:01:0950] [Check Services] [400/415] Wlansvc
[00:01:0950] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0950] [Check Services] [401/415] wlidsvc
[00:01:0950] [Check Services] "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
[00:01:0950] [Check Services] [402/415] WmiAcpi
[00:01:0950] [Check Services] C:\Windows\system32\DRIVERS\wmiacpi.sys
[00:01:0950] [Check Services] [403/415] wmiApSrv
[00:01:0950] [Check Services] C:\Windows\system32\wbem\WmiApSrv.exe
[00:01:0950] [Check Services] [404/415] WMPNetworkSvc
[00:01:0950] [Check Services] "C:\Program Files\Windows Media Player\wmpnetwk.exe"
[00:01:0950] [Check Services] [405/415] WPCSvc
[00:01:0950] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0950] [Check Services] [406/415] WPDBusEnum
[00:01:0966] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0966] [Check Services] [407/415] ws2ifsl
[00:01:0966] [Check Services] C:\Windows\system32\drivers\ws2ifsl.sys
[00:01:0966] [Check Services] [408/415] wscsvc
[00:01:0966] [Check Services] C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
[00:01:0966] [Check Services] [409/415] WSearch
[00:01:0966] [Check Services] C:\Windows\system32\SearchIndexer.exe /Embedding
[00:01:0966] [Check Services] [410/415] wuauserv
[00:01:0966] [Check Services] C:\Windows\system32\svchost.exe -k netsvcs
[00:01:0966] [Check Services] [411/415] WudfPf
[00:01:0966] [Check Services] C:\Windows\system32\drivers\WudfPf.sys
[00:01:0966] [Check Services] [412/415] WUDFRd
[00:01:0966] [Check Services] C:\Windows\system32\DRIVERS\WUDFRd.sys
[00:01:0966] [Check Services] [413/415] wudfsvc
[00:01:0966] [Check Services] C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
[00:01:0966] [Check Services] [414/415] WwanSvc
[00:01:0966] [Check Services] C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
[00:01:0966] [Check Services] [415/415] xnacc
[00:01:0966] [Check Services] C:\Windows\system32\DRIVERS\xnacc.sys
[00:01:0966] Getting current build number
[00:03:0697] Current build number : 8.3.1
[00:03:0697] Getting previous runs informations
[00:03:0697] Drop Eula : C:\Users\Marina\Desktop\RK_Quarantine\Eula.txt
[00:03:0697] ***** PreScan OK *****
[00:08:0752] ********* Scan Mode *********
[00:08:0752] Clear ListViews
[00:08:0752] Clear Objects
[00:08:0783] [GUID] HKCR\CLSID
[00:08:0970] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN] Open : 0x2 -- Query : 0x1
[00:08:0970] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN] Open : 0x2 -- Query : 0x1
[00:08:0970] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN] Open : 0x2 -- Query : 0x1
[00:08:0970] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\Run
[00:08:0970] [RUN] Sidebar
[00:09:0017] -> Sidebar : [Sidebar.exe] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
[00:09:0064] -> Sidebar : [autoRun] /autoRun
[00:09:0064] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\Run
[00:09:0064] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0064] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run
[00:09:0064] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[00:09:0064] [RUN] BCSSync
[00:09:0080] -> BCSSync : [BCSSync.exe] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
[00:09:0111] -> BCSSync : [DelayServices] /DelayServices
[00:09:0111] [RUN] avast
[00:09:0111] -> avast : [avastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe
[00:09:0158] -> avast : [nogui] /nogui
[00:09:0158] [RUN] Sweetpacks Communicator
[00:09:0158] -> Sweetpacks Communicator : [Program] C:\Program
[00:09:0173] -> Sweetpacks Communicator : [Files] Files
[00:09:0173] -> Sweetpacks Communicator : [SweetPacksUpdateManager.exe] (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
[00:09:0173] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN] mctadmin
[00:09:0173] -> mctadmin : [mctadmin.exe] C:\Windows\System32\mctadmin.exe
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
[00:09:0173] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\RunService
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
[00:09:0173] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0173] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0173] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\RunServiceOnce
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN][0x100] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN] Open : 0x2 -- Query : 0x1
[00:09:0189] [RUN][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [RUN][0x200] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
[00:09:0189] [SHELL][0x100] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 4]
[00:09:0189] [SHELL][0x100] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 24]
[00:09:0189] [SHELL] Shell
[00:09:0189] -> Shell : [Explorer.exe] Explorer.exe
[00:09:0189] [SHELL] Userinit
[00:09:0189] -> Userinit : [userinit.exe] C:\Windows\System32\userinit.exe
[00:09:0189] [SHELL][0x100] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 13]
[00:09:0189] [SHELL][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 0]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 1]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 1]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 4]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] Open : 0x2 -- Query : 0x1
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] Open : 0x2 -- Query : 0x1
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 0]
[00:09:0189] [SHELL][0x100] HKUS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1000_Classes\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] Open : 0x2 -- Query : 0x1
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 1]
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-21-122816352-1195633005-5749728-1006_Classes\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] Open : 0x2 -- Query : 0x1
[00:09:0189] [SHELL][0x100] HKUS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 2]
[00:09:0189] [SHELL][0x200] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
[00:09:0189] [SHELL] [Values : 8]
[00:09:0189] [SHELL] Shell
[00:09:0189] -> Shell : [explorer.exe] explorer.exe
[00:09:0189] [SHELL] Userinit
[00:09:0189] -> Userinit : [userinit.exe] C:\Windows\System32\userinit.exe
[00:09:0189] [SHELL][0x200] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
[00:09:0189] [SHELL] [Values : 13]
[00:09:0189] [Services][0x100] HKLM\System\ControlSet001\Services
[00:09:0189] [Services] [Subkeys : 458]
[00:09:0189] [Services] -Next-
[00:09:0189] [Services][0x0] .NET CLR Data :
[00:09:0189] [Services] -Next-
[00:09:0189] [Services][0x0] .NET CLR Networking :
[00:09:0189] [Services] -Next-
[00:09:0204] [Services][0x0] .NET Data Provider for Oracle :
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] .NET Data Provider for SqlServer :
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] .NETFramework :
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] 1394ohci :
[00:09:0204] -> 1394ohci : [1394ohci.sys] C:\Windows\system32\drivers\1394ohci.sys
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] ACPI :
[00:09:0204] -> ACPI : [ACPI.sys] C:\Windows\system32\drivers\ACPI.sys
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] AcpiPmi :
[00:09:0204] -> AcpiPmi : [acpipmi.sys] C:\Windows\system32\drivers\acpipmi.sys
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] AdobeARMservice :
[00:09:0204] -> AdobeARMservice : [armsvc.exe] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[00:09:0204] [Services] -Next-
[00:09:0204] [Services][0x0] AdobeFlashPlayerUpdateSvc :
[00:09:0204] -> AdobeFlashPlayerUpdateSvc : [FlashPlayerUpdateService.exe] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[00:09:0236] [Services] -Next-
[00:09:0236] [Services][0x0] adp94xx :
[00:09:0236] -> adp94xx : [adp94xx.sys] C:\Windows\system32\drivers\adp94xx.sys
[00:09:0236] [Services] -Next-
[00:09:0236] [Services][0x0] adpahci :
[00:09:0236] -> adpahci : [adpahci.sys] C:\Windows\system32\drivers\adpahci.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] adpu320 :
[00:09:0251] -> adpu320 : [adpu320.sys] C:\Windows\system32\drivers\adpu320.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] adsi :
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AeLookupSvc :
[00:09:0251] -> AeLookupSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0251] -> AeLookupSvc : [netsvcs] netsvcs
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AFD :
[00:09:0251] -> AFD : [afd.sys] C:\Windows\system32\drivers\afd.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] agp440 :
[00:09:0251] -> agp440 : [agp440.sys] C:\Windows\system32\drivers\agp440.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] ALG :
[00:09:0251] -> ALG : [alg.exe] C:\Windows\System32\alg.exe
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] aliide :
[00:09:0251] -> aliide : [aliide.sys] C:\Windows\system32\drivers\aliide.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] amdide :
[00:09:0251] -> amdide : [amdide.sys] C:\Windows\system32\drivers\amdide.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AmdK8 :
[00:09:0251] -> AmdK8 : [amdk8.sys] C:\Windows\system32\drivers\amdk8.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AmdPPM :
[00:09:0251] -> AmdPPM : [amdppm.sys] C:\Windows\system32\drivers\amdppm.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] amdsata :
[00:09:0251] -> amdsata : [amdsata.sys] C:\Windows\system32\drivers\amdsata.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] amdsbs :
[00:09:0251] -> amdsbs : [amdsbs.sys] C:\Windows\system32\drivers\amdsbs.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] amdxata :
[00:09:0251] -> amdxata : [amdxata.sys] C:\Windows\system32\drivers\amdxata.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AppID :
[00:09:0251] -> AppID : [appid.sys] C:\Windows\system32\drivers\appid.sys
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] AppIDSvc :
[00:09:0251] -> AppIDSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0251] -> AppIDSvc : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0251] [Services] -Next-
[00:09:0251] [Services][0x0] Appinfo :
[00:09:0267] -> Appinfo : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0267] -> Appinfo : [netsvcs] netsvcs
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] Apple Mobile Device :
[00:09:0267] -> Apple Mobile Device : [AppleMobileDeviceService.exe] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] AppMgmt :
[00:09:0267] -> AppMgmt : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0267] -> AppMgmt : [netsvcs] netsvcs
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] arc :
[00:09:0267] -> arc : [arc.sys] C:\Windows\system32\drivers\arc.sys
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] arcsas :
[00:09:0267] -> arcsas : [arcsas.sys] C:\Windows\system32\drivers\arcsas.sys
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswFsBlk :
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswMonFlt :
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswRdr :
[00:09:0267] -> aswRdr : [aswrdr2.sys] C:\Windows\System32\Drivers\aswrdr2.sys
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswSnx :
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswSP :
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] aswTdi :
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] AsyncMac :
[00:09:0267] -> AsyncMac : [asyncmac.sys] C:\Windows\system32\DRIVERS\asyncmac.sys
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] atapi :
[00:09:0267] -> atapi : [atapi.sys] C:\Windows\system32\drivers\atapi.sys
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] AudioEndpointBuilder :
[00:09:0267] -> AudioEndpointBuilder : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0267] -> AudioEndpointBuilder : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] AudioSrv :
[00:09:0267] -> AudioSrv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0267] -> AudioSrv : [LocalServiceNetworkRestricted] LocalServiceNetworkRestricted
[00:09:0267] [Services] -Next-
[00:09:0267] [Services][0x0] avast! Antivirus :
[00:09:0267] -> avast! Antivirus : [AvastSvc.exe] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] AxInstSV :
[00:09:0282] -> AxInstSV : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0282] -> AxInstSV : [AxInstSVGroup] AxInstSVGroup
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] b06bdrv :
[00:09:0282] -> b06bdrv : [bxvbda.sys] C:\Windows\system32\drivers\bxvbda.sys
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] b57nd60a :
[00:09:0282] -> b57nd60a : [b57nd60a.sys] C:\Windows\system32\DRIVERS\b57nd60a.sys
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] BattC :
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] BDESVC :
[00:09:0282] -> BDESVC : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0282] -> BDESVC : [netsvcs] netsvcs
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] Beep :
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] BFE :
[00:09:0282] -> BFE : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0282] -> BFE : [LocalServiceNoNetwork] LocalServiceNoNetwork
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] BITS :
[00:09:0282] -> BITS : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0282] -> BITS : [netsvcs] netsvcs
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] blbdrive :
[00:09:0282] -> blbdrive : [blbdrive.sys] C:\Windows\system32\DRIVERS\blbdrive.sys
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] Bonjour Service :
[00:09:0282] -> Bonjour Service : [mDNSResponder.exe] C:\Program Files\Bonjour\mDNSResponder.exe
[00:09:0282] [Services] -Next-
[00:09:0282] [Services][0x0] bowser :
[00:09:0282] -> bowser : [bowser.sys] C:\Windows\system32\DRIVERS\bowser.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BrFiltLo :
[00:09:0298] -> BrFiltLo : [BrFiltLo.sys] C:\Windows\system32\drivers\BrFiltLo.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BrFiltUp :
[00:09:0298] -> BrFiltUp : [BrFiltUp.sys] C:\Windows\system32\drivers\BrFiltUp.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BridgeMP :
[00:09:0298] -> BridgeMP : [bridge.sys] C:\Windows\system32\DRIVERS\bridge.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] Browser :
[00:09:0298] -> Browser : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0298] -> Browser : [netsvcs] netsvcs
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] Brserid :
[00:09:0298] -> Brserid : [Brserid.sys] C:\Windows\System32\Drivers\Brserid.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BrSerWdm :
[00:09:0298] -> BrSerWdm : [BrSerWdm.sys] C:\Windows\System32\Drivers\BrSerWdm.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BrUsbMdm :
[00:09:0298] -> BrUsbMdm : [BrUsbMdm.sys] C:\Windows\System32\Drivers\BrUsbMdm.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BrUsbSer :
[00:09:0298] -> BrUsbSer : [BrUsbSer.sys] C:\Windows\System32\Drivers\BrUsbSer.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BTHMODEM :
[00:09:0298] -> BTHMODEM : [bthmodem.sys] C:\Windows\system32\drivers\bthmodem.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] BTHPORT :
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] bthserv :
[00:09:0298] -> bthserv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0298] -> bthserv : [bthsvcs] bthsvcs
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] catchme :
[00:09:0298] -> catchme : [catchme.sys] C:\ComboFix\catchme.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] cdfs :
[00:09:0298] -> cdfs : [cdfs.sys] C:\Windows\system32\DRIVERS\cdfs.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] cdrom :
[00:09:0298] -> cdrom : [cdrom.sys] C:\Windows\system32\DRIVERS\cdrom.sys
[00:09:0298] [Services] -Next-
[00:09:0298] [Services][0x0] CertPropSvc :
[00:09:0298] -> CertPropSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0298] -> CertPropSvc : [netsvcs] netsvcs
[00:09:0314] [Services] -Next-
[00:09:0314] [Services][0x0] circlass :
[00:09:0314] -> circlass : [circlass.sys] C:\Windows\system32\drivers\circlass.sys
[00:09:0314] [Services] -Next-
[00:09:0314] [Services][0x0] CLFS :
[00:09:0314] -> CLFS : [CLFS.sys] C:\Windows\System32\CLFS.sys
[00:09:0314] [Services] -Next-
[00:09:0314] [Services][0x0] clr_optimization_v2.0.50727_32 :
[00:09:0314] -> clr_optimization_v2.0.50727_32 : [mscorsvw.exe] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] clr_optimization_v2.0.50727_64 :
[00:09:0329] -> clr_optimization_v2.0.50727_64 : [mscorsvw.exe] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] CmBatt :
[00:09:0329] -> CmBatt : [CmBatt.sys] C:\Windows\system32\drivers\CmBatt.sys
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] cmdide :
[00:09:0329] -> cmdide : [cmdide.sys] C:\Windows\system32\drivers\cmdide.sys
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] CNG :
[00:09:0329] -> CNG : [cng.sys] C:\Windows\System32\Drivers\cng.sys
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] Compbatt :
[00:09:0329] -> Compbatt : [compbatt.sys] C:\Windows\system32\drivers\compbatt.sys
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] CompositeBus :
[00:09:0329] -> CompositeBus : [CompositeBus.sys] C:\Windows\system32\DRIVERS\CompositeBus.sys
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] COMSysApp :
[00:09:0329] -> COMSysApp : [dllhost.exe] C:\Windows\System32\dllhost.exe
[00:09:0329] -> COMSysApp : [Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}] /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[00:09:0329] [Services] -Next-
[00:09:0329] [Services][0x0] crcdisk :
[00:09:0329] -> crcdisk : [crcdisk.sys] C:\Windows\system32\drivers\crcdisk.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] crypt32 :
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] CryptSvc :
[00:09:0345] -> CryptSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> CryptSvc : [NetworkService] NetworkService
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] CSC :
[00:09:0345] -> CSC : [csc.sys] C:\Windows\system32\drivers\csc.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] CscService :
[00:09:0345] -> CscService : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> CscService : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] DCLocator :
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] DcomLaunch :
[00:09:0345] -> DcomLaunch : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> DcomLaunch : [DcomLaunch] DcomLaunch
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] defragsvc :
[00:09:0345] -> defragsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> defragsvc : [defragsvc] defragsvc
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] DfsC :
[00:09:0345] -> DfsC : [dfsc.sys] C:\Windows\System32\Drivers\dfsc.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] Dhcp :
[00:09:0345] -> Dhcp : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> Dhcp : [LocalServiceNetworkRestricted] LocalServiceNetworkRestricted
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] discache :
[00:09:0345] -> discache : [discache.sys] C:\Windows\System32\drivers\discache.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] Disk :
[00:09:0345] -> Disk : [disk.sys] C:\Windows\system32\drivers\disk.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] dmvsc :
[00:09:0345] -> dmvsc : [dmvsc.sys] C:\Windows\system32\drivers\dmvsc.sys
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] Dnscache :
[00:09:0345] -> Dnscache : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> Dnscache : [NetworkService] NetworkService
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] dot3svc :
[00:09:0345] -> dot3svc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0345] -> dot3svc : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0345] [Services] -Next-
[00:09:0345] [Services][0x0] DPS :
[00:09:0360] -> DPS : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0360] -> DPS : [LocalServiceNoNetwork] LocalServiceNoNetwork
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] drmkaud :
[00:09:0360] -> drmkaud : [drmkaud.sys] C:\Windows\system32\drivers\drmkaud.sys
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] DXGKrnl :
[00:09:0360] -> DXGKrnl : [dxgkrnl.sys] C:\Windows\System32\drivers\dxgkrnl.sys
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] EapHost :
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] ebdrv :
[00:09:0360] -> ebdrv : [evbda.sys] C:\Windows\system32\drivers\evbda.sys
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] EFS :
[00:09:0360] -> EFS : [lsass.exe] C:\Windows\System32\lsass.exe
[00:09:0360] [Services] -Next-
[00:09:0360] [Services][0x0] ehRecvr :
[00:09:0360] -> ehRecvr : [ehrecvr.exe] C:\Windows\ehome\ehrecvr.exe
[00:09:0376] [Services] -Next-
[00:09:0376] [Services][0x0] ehSched :
[00:09:0376] -> ehSched : [ehsched.exe] C:\Windows\ehome\ehsched.exe
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] elxstor :
[00:09:0392] -> elxstor : [elxstor.sys] C:\Windows\system32\drivers\elxstor.sys
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] ErrDev :
[00:09:0392] -> ErrDev : [errdev.sys] C:\Windows\system32\drivers\errdev.sys
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] ESENT :
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] eventlog :
[00:09:0392] -> eventlog : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0392] -> eventlog : [LocalServiceNetworkRestricted] LocalServiceNetworkRestricted
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] EventSystem :
[00:09:0392] -> EventSystem : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0392] -> EventSystem : [LocalService] LocalService
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] exfat :
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] fastfat :
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] Fax :
[00:09:0392] -> Fax : [fxssvc.exe] C:\Windows\system32\fxssvc.exe
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] fdc :
[00:09:0392] -> fdc : [fdc.sys] C:\Windows\system32\drivers\fdc.sys
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] fdPHost :
[00:09:0392] -> fdPHost : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0392] -> fdPHost : [LocalService] LocalService
[00:09:0392] [Services] -Next-
[00:09:0392] [Services][0x0] FDResPub :
[00:09:0392] -> FDResPub : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0392] -> FDResPub : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0392] [Services] -Next-
[00:09:0407] [Services][0x0] FileInfo :
[00:09:0407] -> FileInfo : [fileinfo.sys] C:\Windows\system32\drivers\fileinfo.sys
[00:09:0407] [Services] -Next-
[00:09:0407] [Services][0x0] Filetrace :
[00:09:0407] -> Filetrace : [filetrace.sys] C:\Windows\system32\drivers\filetrace.sys
[00:09:0407] [Services] -Next-
[00:09:0407] [Services][0x0] flpydisk :
[00:09:0407] -> flpydisk : [flpydisk.sys] C:\Windows\system32\drivers\flpydisk.sys
[00:09:0407] [Services] -Next-
[00:09:0407] [Services][0x0] FltMgr :
[00:09:0407] -> FltMgr : [fltmgr.sys] C:\Windows\system32\drivers\fltmgr.sys
[00:09:0407] [Services] -Next-
[00:09:0407] [Services][0x0] FontCache :
[00:09:0407] -> FontCache : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0407] -> FontCache : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0407] [Services] -Next-
[00:09:0407] [Services][0x0] FontCache3.0.0.0 :
[00:09:0407] -> FontCache3.0.0.0 : [PresentationFontCache.exe] C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] FsDepends :
[00:09:0423] -> FsDepends : [FsDepends.sys] C:\Windows\System32\drivers\FsDepends.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] Fs_Rec :
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] fvevol :
[00:09:0423] -> fvevol : [fvevol.sys] C:\Windows\System32\DRIVERS\fvevol.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] gagp30kx :
[00:09:0423] -> gagp30kx : [gagp30kx.sys] C:\Windows\system32\drivers\gagp30kx.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] GEARAspiWDM :
[00:09:0423] -> GEARAspiWDM : [GEARAspiWDM.sys] C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] gpsvc :
[00:09:0423] -> gpsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0423] -> gpsvc : [netsvcs] netsvcs
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] hcw85cir :
[00:09:0423] -> hcw85cir : [hcw85cir.sys] C:\Windows\system32\drivers\hcw85cir.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] HdAudAddService :
[00:09:0423] -> HdAudAddService : [HdAudio.sys] C:\Windows\system32\drivers\HdAudio.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] HDAudBus :
[00:09:0423] -> HDAudBus : [HDAudBus.sys] C:\Windows\system32\DRIVERS\HDAudBus.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] HidBatt :
[00:09:0423] -> HidBatt : [HidBatt.sys] C:\Windows\system32\drivers\HidBatt.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] HidBth :
[00:09:0423] -> HidBth : [hidbth.sys] C:\Windows\system32\drivers\hidbth.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] HidIr :
[00:09:0423] -> HidIr : [hidir.sys] C:\Windows\system32\drivers\hidir.sys
[00:09:0423] [Services] -Next-
[00:09:0423] [Services][0x0] hidserv :
[00:09:0423] -> hidserv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0438] -> hidserv : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] HidUsb :
[00:09:0438] -> HidUsb : [hidusb.sys] C:\Windows\system32\DRIVERS\hidusb.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] hkmsvc :
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] HomeGroupListener :
[00:09:0438] -> HomeGroupListener : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0438] -> HomeGroupListener : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] HomeGroupProvider :
[00:09:0438] -> HomeGroupProvider : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0438] -> HomeGroupProvider : [LocalServiceNetworkRestricted] LocalServiceNetworkRestricted
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] HpSAMD :
[00:09:0438] -> HpSAMD : [HpSAMD.sys] C:\Windows\system32\drivers\HpSAMD.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] HTTP :
[00:09:0438] -> HTTP : [HTTP.sys] C:\Windows\system32\drivers\HTTP.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] hwpolicy :
[00:09:0438] -> hwpolicy : [hwpolicy.sys] C:\Windows\System32\drivers\hwpolicy.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] i8042prt :
[00:09:0438] -> i8042prt : [i8042prt.sys] C:\Windows\system32\DRIVERS\i8042prt.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] iaStorV :
[00:09:0438] -> iaStorV : [iaStorV.sys] C:\Windows\system32\drivers\iaStorV.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] idsvc :
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] iirsp :
[00:09:0438] -> iirsp : [iirsp.sys] C:\Windows\system32\drivers\iirsp.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] IKEEXT :
[00:09:0438] -> IKEEXT : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0438] -> IKEEXT : [netsvcs] netsvcs
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] inetaccs :
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] intelide :
[00:09:0438] -> intelide : [intelide.sys] C:\Windows\system32\drivers\intelide.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] intelppm :
[00:09:0438] -> intelppm : [intelppm.sys] C:\Windows\system32\DRIVERS\intelppm.sys
[00:09:0438] [Services] -Next-
[00:09:0438] [Services][0x0] IPBusEnum :
[00:09:0454] -> IPBusEnum : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0454] -> IPBusEnum : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0454] [Services] -Next-
[00:09:0454] [Services][0x0] IpFilterDriver :
[00:09:0454] -> IpFilterDriver : [ipfltdrv.sys] C:\Windows\system32\DRIVERS\ipfltdrv.sys
[00:09:0454] [Services] -Next-
[00:09:0454] [Services][0x0] iphlpsvc :
[00:09:0454] -> iphlpsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0454] -> iphlpsvc : [NetSvcs] NetSvcs
[00:09:0454] [Services] -Next-
[00:09:0454] [Services][0x0] IPMIDRV :
[00:09:0454] -> IPMIDRV : [IPMIDrv.sys] C:\Windows\system32\drivers\IPMIDrv.sys
[00:09:0454] [Services] -Next-
[00:09:0454] [Services][0x0] IPNAT :
[00:09:0454] -> IPNAT : [ipnat.sys] C:\Windows\System32\drivers\ipnat.sys
[00:09:0454] [Services] -Next-
[00:09:0454] [Services][0x0] iPod Service :
[00:09:0454] -> iPod Service : [iPodService.exe] C:\Program Files\iPod\bin\iPodService.exe
[00:09:0470] [Services] -Next-
[00:09:0470] [Services][0x0] IRENUM :
[00:09:0470] -> IRENUM : [irenum.sys] C:\Windows\system32\drivers\irenum.sys
[00:09:0470] [Services] -Next-
[00:09:0470] [Services][0x0] isapnp :
[00:09:0470] -> isapnp : [isapnp.sys] C:\Windows\system32\drivers\isapnp.sys
[00:09:0470] [Services] -Next-
[00:09:0470] [Services][0x0] iScsiPrt :
[00:09:0485] -> iScsiPrt : [msiscsi.sys] C:\Windows\system32\drivers\msiscsi.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] kbdclass :
[00:09:0485] -> kbdclass : [kbdclass.sys] C:\Windows\system32\DRIVERS\kbdclass.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] kbdhid :
[00:09:0485] -> kbdhid : [kbdhid.sys] C:\Windows\system32\DRIVERS\kbdhid.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] KeyIso :
[00:09:0485] -> KeyIso : [lsass.exe] C:\Windows\system32\lsass.exe
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] KSecDD :
[00:09:0485] -> KSecDD : [ksecdd.sys] C:\Windows\System32\Drivers\ksecdd.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] KSecPkg :
[00:09:0485] -> KSecPkg : [ksecpkg.sys] C:\Windows\System32\Drivers\ksecpkg.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] ksthunk :
[00:09:0485] -> ksthunk : [ksthunk.sys] C:\Windows\system32\drivers\ksthunk.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] KtmRm :
[00:09:0485] -> KtmRm : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0485] -> KtmRm : [NetworkServiceAndNoImpersonation] NetworkServiceAndNoImpersonation
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] LanmanServer :
[00:09:0485] -> LanmanServer : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0485] -> LanmanServer : [netsvcs] netsvcs
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] LanmanWorkstation :
[00:09:0485] -> LanmanWorkstation : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0485] -> LanmanWorkstation : [NetworkService] NetworkService
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] ldap :
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] lltdio :
[00:09:0485] -> lltdio : [lltdio.sys] C:\Windows\system32\DRIVERS\lltdio.sys
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] lltdsvc :
[00:09:0485] -> lltdsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0485] -> lltdsvc : [LocalService] LocalService
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] lmhosts :
[00:09:0485] -> lmhosts : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0485] -> lmhosts : [LocalServiceNetworkRestricted] LocalServiceNetworkRestricted
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] Lsa :
[00:09:0485] [Services] -Next-
[00:09:0485] [Services][0x0] LSI_FC :
[00:09:0485] -> LSI_FC : [lsi_fc.sys] C:\Windows\system32\drivers\lsi_fc.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] LSI_SAS :
[00:09:0501] -> LSI_SAS : [lsi_sas.sys] C:\Windows\system32\drivers\lsi_sas.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] LSI_SAS2 :
[00:09:0501] -> LSI_SAS2 : [lsi_sas2.sys] C:\Windows\system32\drivers\lsi_sas2.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] LSI_SCSI :
[00:09:0501] -> LSI_SCSI : [lsi_scsi.sys] C:\Windows\system32\drivers\lsi_scsi.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] luafv :
[00:09:0501] -> luafv : [luafv.sys] C:\Windows\system32\drivers\luafv.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] Mcx2Svc :
[00:09:0501] -> Mcx2Svc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0501] -> Mcx2Svc : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] megasas :
[00:09:0501] -> megasas : [megasas.sys] C:\Windows\system32\drivers\megasas.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] MegaSR :
[00:09:0501] -> MegaSR : [MegaSR.sys] C:\Windows\system32\drivers\MegaSR.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] MMCSS :
[00:09:0501] -> MMCSS : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0501] -> MMCSS : [netsvcs] netsvcs
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] Modem :
[00:09:0501] -> Modem : [modem.sys] C:\Windows\system32\drivers\modem.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] monitor :
[00:09:0501] -> monitor : [monitor.sys] C:\Windows\system32\DRIVERS\monitor.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] mouclass :
[00:09:0501] -> mouclass : [mouclass.sys] C:\Windows\system32\DRIVERS\mouclass.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] mouhid :
[00:09:0501] -> mouhid : [mouhid.sys] C:\Windows\system32\DRIVERS\mouhid.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] mountmgr :
[00:09:0501] -> mountmgr : [mountmgr.sys] C:\Windows\System32\drivers\mountmgr.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] mpio :
[00:09:0501] -> mpio : [mpio.sys] C:\Windows\system32\drivers\mpio.sys
[00:09:0501] [Services] -Next-
[00:09:0501] [Services][0x0] mpsdrv :
[00:09:0501] -> mpsdrv : [mpsdrv.sys] C:\Windows\System32\drivers\mpsdrv.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] MpsSvc :
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] MRxDAV :
[00:09:0516] -> MRxDAV : [mrxdav.sys] C:\Windows\system32\drivers\mrxdav.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] mrxsmb :
[00:09:0516] -> mrxsmb : [mrxsmb.sys] C:\Windows\system32\DRIVERS\mrxsmb.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] mrxsmb10 :
[00:09:0516] -> mrxsmb10 : [mrxsmb10.sys] C:\Windows\system32\DRIVERS\mrxsmb10.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] mrxsmb20 :
[00:09:0516] -> mrxsmb20 : [mrxsmb20.sys] C:\Windows\system32\DRIVERS\mrxsmb20.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] msahci :
[00:09:0516] -> msahci : [msahci.sys] C:\Windows\system32\drivers\msahci.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] msdsm :
[00:09:0516] -> msdsm : [msdsm.sys] C:\Windows\system32\drivers\msdsm.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] MSDTC :
[00:09:0516] -> MSDTC : [msdtc.exe] C:\Windows\System32\msdtc.exe
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] MSDTC Bridge 3.0.0.0 :
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] Msfs :
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] mshidkmdf :
[00:09:0516] -> mshidkmdf : [mshidkmdf.sys] C:\Windows\System32\drivers\mshidkmdf.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] msisadrv :
[00:09:0516] -> msisadrv : [msisadrv.sys] C:\Windows\system32\drivers\msisadrv.sys
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] MSiSCSI :
[00:09:0516] -> MSiSCSI : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0516] -> MSiSCSI : [netsvcs] netsvcs
[00:09:0516] [Services] -Next-
[00:09:0516] [Services][0x0] msiserver :
[00:09:0516] -> msiserver : [msiexec.exe] C:\Windows\System32\msiexec.exe
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MSKSSRV :
[00:09:0548] -> MSKSSRV : [MSKSSRV.sys] C:\Windows\system32\drivers\MSKSSRV.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MSPCLOCK :
[00:09:0548] -> MSPCLOCK : [MSPCLOCK.sys] C:\Windows\system32\drivers\MSPCLOCK.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MSPQM :
[00:09:0548] -> MSPQM : [MSPQM.sys] C:\Windows\system32\drivers\MSPQM.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MsRPC :
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MSSCNTRS :
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] mssmbios :
[00:09:0548] -> mssmbios : [mssmbios.sys] C:\Windows\system32\DRIVERS\mssmbios.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MSTEE :
[00:09:0548] -> MSTEE : [MSTEE.sys] C:\Windows\system32\drivers\MSTEE.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] MTConfig :
[00:09:0548] -> MTConfig : [MTConfig.sys] C:\Windows\system32\drivers\MTConfig.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] Mup :
[00:09:0548] -> Mup : [mup.sys] C:\Windows\System32\Drivers\mup.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] napagent :
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] NativeWifiP :
[00:09:0548] -> NativeWifiP : [nwifi.sys] C:\Windows\system32\DRIVERS\nwifi.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] NDIS :
[00:09:0548] -> NDIS : [ndis.sys] C:\Windows\system32\drivers\ndis.sys
[00:09:0548] [Services] -Next-
[00:09:0548] [Services][0x0] NdisCap :
[00:09:0548] -> NdisCap : [ndiscap.sys] C:\Windows\system32\DRIVERS\ndiscap.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NdisTapi :
[00:09:0563] -> NdisTapi : [ndistapi.sys] C:\Windows\system32\DRIVERS\ndistapi.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] Ndisuio :
[00:09:0563] -> Ndisuio : [ndisuio.sys] C:\Windows\system32\DRIVERS\ndisuio.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NdisWan :
[00:09:0563] -> NdisWan : [ndiswan.sys] C:\Windows\system32\DRIVERS\ndiswan.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NDProxy :
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NetBIOS :
[00:09:0563] -> NetBIOS : [netbios.sys] C:\Windows\system32\DRIVERS\netbios.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NetBT :
[00:09:0563] -> NetBT : [netbt.sys] C:\Windows\System32\DRIVERS\netbt.sys
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] Netlogon :
[00:09:0563] -> Netlogon : [lsass.exe] C:\Windows\system32\lsass.exe
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] Netman :
[00:09:0563] -> Netman : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0563] -> Netman : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] netprofm :
[00:09:0563] -> netprofm : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0563] -> netprofm : [LocalService] LocalService
[00:09:0563] [Services] -Next-
[00:09:0563] [Services][0x0] NetTcpPortSharing :
[00:09:0579] -> NetTcpPortSharing : [SMSvcHost.exe] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nfrd960 :
[00:09:0579] -> nfrd960 : [nfrd960.sys] C:\Windows\system32\drivers\nfrd960.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] NlaSvc :
[00:09:0579] -> NlaSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0579] -> NlaSvc : [NetworkService] NetworkService
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] Npfs :
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nsi :
[00:09:0579] -> nsi : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0579] -> nsi : [LocalService] LocalService
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nsiproxy :
[00:09:0579] -> nsiproxy : [nsiproxy.sys] C:\Windows\system32\drivers\nsiproxy.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] NTDS :
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] Ntfs :
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] Null :
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] NVHDA :
[00:09:0579] -> NVHDA : [nvhda64v.sys] C:\Windows\system32\drivers\nvhda64v.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nvlddmkm :
[00:09:0579] -> nvlddmkm : [nvlddmkm.sys] C:\Windows\system32\DRIVERS\nvlddmkm.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nvraid :
[00:09:0579] -> nvraid : [nvraid.sys] C:\Windows\system32\drivers\nvraid.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nvstor :
[00:09:0579] -> nvstor : [nvstor.sys] C:\Windows\system32\drivers\nvstor.sys
[00:09:0579] [Services] -Next-
[00:09:0579] [Services][0x0] nvsvc :
[00:09:0594] -> nvsvc : [nvvsvc.exe] C:\Windows\system32\nvvsvc.exe
[00:09:0594] [Services] -Next-
[00:09:0594] [Services][0x0] nvUpdatusService :
[00:09:0594] -> nvUpdatusService : [daemonu.exe] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
[00:09:0594] [Services] -Next-
[00:09:0594] [Services][0x0] nv_agp :
[00:09:0594] -> nv_agp : [nv_agp.sys] C:\Windows\system32\drivers\nv_agp.sys
[00:09:0594] [Services] -Next-
[00:09:0594] [Services][0x0] ohci1394 :
[00:09:0594] -> ohci1394 : [ohci1394.sys] C:\Windows\system32\drivers\ohci1394.sys
[00:09:0610] [Services] -Next-
[00:09:0610] [Services][0x0] ose :
[00:09:0610] -> ose : [OSE.EXE] C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00:09:0672] [Services] -Next-
[00:09:0672] [Services][0x0] osppsvc :
[00:09:0688] -> osppsvc : [OSPPSVC.EXE] C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] p2pimsvc :
[00:09:0813] -> p2pimsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0813] -> p2pimsvc : [LocalServicePeerNet] LocalServicePeerNet
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] p2psvc :
[00:09:0813] -> p2psvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0813] -> p2psvc : [LocalServicePeerNet] LocalServicePeerNet
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] Parport :
[00:09:0813] -> Parport : [parport.sys] C:\Windows\system32\DRIVERS\parport.sys
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] partmgr :
[00:09:0813] -> partmgr : [partmgr.sys] C:\Windows\System32\drivers\partmgr.sys
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] PcaSvc :
[00:09:0813] -> PcaSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0813] -> PcaSvc : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] pci :
[00:09:0813] -> pci : [pci.sys] C:\Windows\system32\drivers\pci.sys
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] pciide :
[00:09:0813] -> pciide : [pciide.sys] C:\Windows\system32\drivers\pciide.sys
[00:09:0813] [Services] -Next-
[00:09:0813] [Services][0x0] pcmcia :
[00:09:0828] -> pcmcia : [pcmcia.sys] C:\Windows\system32\drivers\pcmcia.sys
[00:09:0828] [Services] -Next-
[00:09:0828] [Services][0x0] pcw :
[00:09:0828] -> pcw : [pcw.sys] C:\Windows\System32\drivers\pcw.sys
[00:09:0828] [Services] -Next-
[00:09:0828] [Services][0x0] PEAUTH :
[00:09:0828] -> PEAUTH : [peauth.sys] C:\Windows\system32\drivers\peauth.sys
[00:09:0828] [Services] -Next-
[00:09:0828] [Services][0x0] PeerDistSvc :
[00:09:0828] -> PeerDistSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0828] -> PeerDistSvc : [PeerDist] PeerDist
[00:09:0828] [Services] -Next-
[00:09:0828] [Services][0x0] PerfDisk :
[00:09:0828] [Services] -Next-
[00:09:0828] [Services][0x0] PerfHost :
[00:09:0828] -> PerfHost : [perfhost.exe] C:\Windows\SysWOW64\perfhost.exe
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PerfNet :
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PerfOS :
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PerfProc :
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] pla :
[00:09:0844] -> pla : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> pla : [LocalServiceNoNetwork] LocalServiceNoNetwork
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PlugPlay :
[00:09:0844] -> PlugPlay : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> PlugPlay : [DcomLaunch] DcomLaunch
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PNRPAutoReg :
[00:09:0844] -> PNRPAutoReg : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> PNRPAutoReg : [LocalServicePeerNet] LocalServicePeerNet
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PNRPsvc :
[00:09:0844] -> PNRPsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> PNRPsvc : [LocalServicePeerNet] LocalServicePeerNet
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PolicyAgent :
[00:09:0844] -> PolicyAgent : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> PolicyAgent : [NetworkServiceNetworkRestricted] NetworkServiceNetworkRestricted
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PortProxy :
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] Power :
[00:09:0844] -> Power : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0844] -> Power : [DcomLaunch] DcomLaunch
[00:09:0844] [Services] -Next-
[00:09:0844] [Services][0x0] PptpMiniport :
[00:09:0844] -> PptpMiniport : [raspptp.sys] C:\Windows\system32\DRIVERS\raspptp.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] Processor :
[00:09:0860] -> Processor : [processr.sys] C:\Windows\system32\drivers\processr.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] ProfSvc :
[00:09:0860] -> ProfSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0860] -> ProfSvc : [netsvcs] netsvcs
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] ProtectedStorage :
[00:09:0860] -> ProtectedStorage : [lsass.exe] C:\Windows\system32\lsass.exe
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] Psched :
[00:09:0860] -> Psched : [pacer.sys] C:\Windows\system32\DRIVERS\pacer.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] ql2300 :
[00:09:0860] -> ql2300 : [ql2300.sys] C:\Windows\system32\drivers\ql2300.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] ql40xx :
[00:09:0860] -> ql40xx : [ql40xx.sys] C:\Windows\system32\drivers\ql40xx.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] QWAVE :
[00:09:0860] -> QWAVE : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0860] -> QWAVE : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] QWAVEdrv :
[00:09:0860] -> QWAVEdrv : [qwavedrv.sys] C:\Windows\system32\drivers\qwavedrv.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasAcd :
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasAgileVpn :
[00:09:0860] -> RasAgileVpn : [AgileVpn.sys] C:\Windows\system32\DRIVERS\AgileVpn.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasAuto :
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] Rasl2tp :
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasMan :
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasPppoe :
[00:09:0860] -> RasPppoe : [raspppoe.sys] C:\Windows\system32\DRIVERS\raspppoe.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] RasSstp :
[00:09:0860] -> RasSstp : [rassstp.sys] C:\Windows\system32\DRIVERS\rassstp.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] rdbss :
[00:09:0860] -> rdbss : [rdbss.sys] C:\Windows\system32\DRIVERS\rdbss.sys
[00:09:0860] [Services] -Next-
[00:09:0860] [Services][0x0] rdpbus :
[00:09:0860] -> rdpbus : [rdpbus.sys] C:\Windows\system32\DRIVERS\rdpbus.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPCDD :
[00:09:0875] -> RDPCDD : [RDPCDD.sys] C:\Windows\System32\DRIVERS\RDPCDD.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPDD :
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPDR :
[00:09:0875] -> RDPDR : [rdpdr.sys] C:\Windows\System32\drivers\rdpdr.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPENCDD :
[00:09:0875] -> RDPENCDD : [rdpencdd.sys] C:\Windows\system32\drivers\rdpencdd.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPNP :
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPREFMP :
[00:09:0875] -> RDPREFMP : [rdprefmp.sys] C:\Windows\system32\drivers\rdprefmp.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPUDD :
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RdpVideoMiniport :
[00:09:0875] -> RdpVideoMiniport : [rdpvideominiport.sys] C:\Windows\System32\drivers\rdpvideominiport.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RDPWD :
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] rdyboost :
[00:09:0875] -> rdyboost : [rdyboost.sys] C:\Windows\System32\drivers\rdyboost.sys
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RemoteAccess :
[00:09:0875] -> RemoteAccess : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0875] -> RemoteAccess : [netsvcs] netsvcs
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RemoteRegistry :
[00:09:0875] -> RemoteRegistry : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0875] -> RemoteRegistry : [regsvc] regsvc
[00:09:0875] [Services] -Next-
[00:09:0875] [Services][0x0] RpcEptMapper :
[00:09:0875] -> RpcEptMapper : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0875] -> RpcEptMapper : [RPCSS] RPCSS
[00:09:0875] [Services] -Next-
[00:09:0891] [Services][0x0] RpcLocator :
[00:09:0891] -> RpcLocator : [locator.exe] C:\Windows\system32\locator.exe
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] RpcSs :
[00:09:0891] -> RpcSs : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0891] -> RpcSs : [rpcss] rpcss
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] rspndr :
[00:09:0891] -> rspndr : [rspndr.sys] C:\Windows\system32\DRIVERS\rspndr.sys
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] RTL8167 :
[00:09:0891] -> RTL8167 : [Rt64win7.sys] C:\Windows\system32\DRIVERS\Rt64win7.sys
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] s3cap :
[00:09:0891] -> s3cap : [vms3cap.sys] C:\Windows\system32\drivers\vms3cap.sys
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] SamSs :
[00:09:0891] -> SamSs : [lsass.exe] C:\Windows\system32\lsass.exe
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] sbp2port :
[00:09:0891] -> sbp2port : [sbp2port.sys] C:\Windows\system32\drivers\sbp2port.sys
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] SCardSvr :
[00:09:0891] -> SCardSvr : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0891] -> SCardSvr : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] scfilter :
[00:09:0891] -> scfilter : [scfilter.sys] C:\Windows\System32\DRIVERS\scfilter.sys
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] Schedule :
[00:09:0891] -> Schedule : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0891] -> Schedule : [netsvcs] netsvcs
[00:09:0891] [Services] -Next-
[00:09:0891] [Services][0x0] SCPolicySvc :
[00:09:0891] -> SCPolicySvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0891] -> SCPolicySvc : [netsvcs] netsvcs
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] SDRSVC :
[00:09:0906] -> SDRSVC : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0906] -> SDRSVC : [SDRSVC] SDRSVC
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] secdrv :
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] seclogon :
[00:09:0906] -> seclogon : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0906] -> seclogon : [netsvcs] netsvcs
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] SENS :
[00:09:0906] -> SENS : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0906] -> SENS : [netsvcs] netsvcs
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] SensrSvc :
[00:09:0906] -> SensrSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0906] -> SensrSvc : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] Serenum :
[00:09:0906] -> Serenum : [serenum.sys] C:\Windows\system32\DRIVERS\serenum.sys
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] Serial :
[00:09:0906] -> Serial : [serial.sys] C:\Windows\system32\DRIVERS\serial.sys
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] sermouse :
[00:09:0906] -> sermouse : [sermouse.sys] C:\Windows\system32\drivers\sermouse.sys
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] ServiceModelEndpoint 3.0.0.0 :
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] ServiceModelOperation 3.0.0.0 :
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] ServiceModelService 3.0.0.0 :
[00:09:0906] [Services] -Next-
[00:09:0906] [Services][0x0] SessionEnv :
[00:09:0906] -> SessionEnv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0906] -> SessionEnv : [netsvcs] netsvcs
[00:09:0906] [Services] -Next-
[00:09:0922] [Services][0x0] sffdisk :
[00:09:0922] -> sffdisk : [sffdisk.sys] C:\Windows\system32\drivers\sffdisk.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] sffp_mmc :
[00:09:0922] -> sffp_mmc : [sffp_mmc.sys] C:\Windows\system32\drivers\sffp_mmc.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] sffp_sd :
[00:09:0922] -> sffp_sd : [sffp_sd.sys] C:\Windows\system32\drivers\sffp_sd.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] sfloppy :
[00:09:0922] -> sfloppy : [sfloppy.sys] C:\Windows\system32\drivers\sfloppy.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] SharedAccess :
[00:09:0922] -> SharedAccess : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0922] -> SharedAccess : [netsvcs] netsvcs
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] ShellHWDetection :
[00:09:0922] -> ShellHWDetection : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0922] -> ShellHWDetection : [netsvcs] netsvcs
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] SiSRaid2 :
[00:09:0922] -> SiSRaid2 : [SiSRaid2.sys] C:\Windows\system32\drivers\SiSRaid2.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] SiSRaid4 :
[00:09:0922] -> SiSRaid4 : [sisraid4.sys] C:\Windows\system32\drivers\sisraid4.sys
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] SkypeUpdate :
[00:09:0922] -> SkypeUpdate : [Updater.exe] C:\Program Files (x86)\Skype\Updater\Updater.exe
[00:09:0922] [Services] -Next-
[00:09:0922] [Services][0x0] Smb :
[00:09:0922] -> Smb : [smb.sys] C:\Windows\system32\DRIVERS\smb.sys
[00:09:0922] [Services] -Next-
[00:09:0938] [Services][0x0] SMSvcHost 3.0.0.0 :
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] SNMPTRAP :
[00:09:0938] -> SNMPTRAP : [snmptrap.exe] C:\Windows\System32\snmptrap.exe
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] spldr :
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] Spooler :
[00:09:0938] -> Spooler : [spoolsv.exe] C:\Windows\System32\spoolsv.exe
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] sppsvc :
[00:09:0938] -> sppsvc : [sppsvc.exe] C:\Windows\system32\sppsvc.exe
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] sppuinotify :
[00:09:0938] -> sppuinotify : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0938] -> sppuinotify : [LocalService] LocalService
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] srv :
[00:09:0938] -> srv : [srv.sys] C:\Windows\System32\DRIVERS\srv.sys
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] srv2 :
[00:09:0938] -> srv2 : [srv2.sys] C:\Windows\System32\DRIVERS\srv2.sys
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] srvnet :
[00:09:0938] -> srvnet : [srvnet.sys] C:\Windows\System32\DRIVERS\srvnet.sys
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] SSDPSRV :
[00:09:0938] -> SSDPSRV : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0938] -> SSDPSRV : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] SstpSvc :
[00:09:0938] -> SstpSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:09:0938] -> SstpSvc : [LocalService] LocalService
[00:09:0938] [Services] -Next-
[00:09:0938] [Services][0x0] Steam Client Service :
[00:09:0938] -> Steam Client Service : [SteamService.exe] C:\Program Files (x86)\Common Files\Steam\SteamService.exe
[00:09:0984] -> Steam Client Service : [RunAsService] /RunAsService
[00:09:0984] [Services] -Next-
[00:09:0984] [Services][0x0] Stereo Service :
[00:09:0984] -> Stereo Service : [nvSCPAPISvr.exe] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
[00:10:0000] [Services] -Next-
[00:10:0000] [Services][0x0] stexstor :
[00:10:0000] -> stexstor : [stexstor.sys] C:\Windows\system32\drivers\stexstor.sys
[00:10:0000] [Services] -Next-
[00:10:0000] [Services][0x0] stisvc :
[00:10:0000] -> stisvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0000] -> stisvc : [imgsvc] imgsvc
[00:10:0000] [Services] -Next-
[00:10:0000] [Services][0x0] storflt :
[00:10:0000] -> storflt : [vmstorfl.sys] C:\Windows\system32\drivers\vmstorfl.sys
[00:10:0000] [Services] -Next-
[00:10:0000] [Services][0x0] storvsc :
[00:10:0000] -> storvsc : [storvsc.sys] C:\Windows\system32\drivers\storvsc.sys
[00:10:0000] [Services] -Next-
[00:10:0000] [Services][0x0] swenum :
[00:10:0000] -> swenum : [swenum.sys] C:\Windows\system32\DRIVERS\swenum.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] swprv :
[00:10:0016] -> swprv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0016] -> swprv : [swprv] swprv
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] Synth3dVsc :
[00:10:0016] -> Synth3dVsc : [synth3dvsc.sys] C:\Windows\System32\drivers\synth3dvsc.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] SysMain :
[00:10:0016] -> SysMain : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0016] -> SysMain : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TabletInputService :
[00:10:0016] -> TabletInputService : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0016] -> TabletInputService : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TapiSrv :
[00:10:0016] -> TapiSrv : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0016] -> TapiSrv : [NetworkService] NetworkService
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TBS :
[00:10:0016] -> TBS : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0016] -> TBS : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] Tcpip :
[00:10:0016] -> Tcpip : [tcpip.sys] C:\Windows\System32\drivers\tcpip.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TCPIP6 :
[00:10:0016] -> TCPIP6 : [tcpip.sys] C:\Windows\system32\DRIVERS\tcpip.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TCPIP6TUNNEL :
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] tcpipreg :
[00:10:0016] -> tcpipreg : [tcpipreg.sys] C:\Windows\System32\drivers\tcpipreg.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TCPIPTUNNEL :
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TDPIPE :
[00:10:0016] -> TDPIPE : [tdpipe.sys] C:\Windows\system32\drivers\tdpipe.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TDTCP :
[00:10:0016] -> TDTCP : [tdtcp.sys] C:\Windows\system32\drivers\tdtcp.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] tdx :
[00:10:0016] -> tdx : [tdx.sys] C:\Windows\system32\DRIVERS\tdx.sys
[00:10:0016] [Services] -Next-
[00:10:0016] [Services][0x0] TermDD :
[00:10:0016] -> TermDD : [termdd.sys] C:\Windows\system32\DRIVERS\termdd.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] terminpt :
[00:10:0031] -> terminpt : [terminpt.sys] C:\Windows\system32\drivers\terminpt.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TermService :
[00:10:0031] -> TermService : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0031] -> TermService : [NetworkService] NetworkService
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] Themes :
[00:10:0031] -> Themes : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0031] -> Themes : [netsvcs] netsvcs
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] THREADORDER :
[00:10:0031] -> THREADORDER : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0031] -> THREADORDER : [LocalService] LocalService
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TrkWks :
[00:10:0031] -> TrkWks : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0031] -> TrkWks : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TrustedInstaller :
[00:10:0031] -> TrustedInstaller : [TrustedInstaller.exe] C:\Windows\servicing\TrustedInstaller.exe
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TSDDD :
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] tssecsrv :
[00:10:0031] -> tssecsrv : [tssecsrv.sys] C:\Windows\System32\DRIVERS\tssecsrv.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TsUsbFlt :
[00:10:0031] -> TsUsbFlt : [tsusbflt.sys] C:\Windows\system32\drivers\tsusbflt.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] TsUsbGD :
[00:10:0031] -> TsUsbGD : [TsUsbGD.sys] C:\Windows\system32\drivers\TsUsbGD.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] tsusbhub :
[00:10:0031] -> tsusbhub : [tsusbhub.sys] C:\Windows\system32\drivers\tsusbhub.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] tunnel :
[00:10:0031] -> tunnel : [tunnel.sys] C:\Windows\system32\DRIVERS\tunnel.sys
[00:10:0031] [Services] -Next-
[00:10:0031] [Services][0x0] uagp35 :
[00:10:0047] -> uagp35 : [uagp35.sys] C:\Windows\system32\drivers\uagp35.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] udfs :
[00:10:0047] -> udfs : [udfs.sys] C:\Windows\system32\DRIVERS\udfs.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] UGatherer :
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] UGTHRSVC :
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] UI0Detect :
[00:10:0047] -> UI0Detect : [UI0Detect.exe] C:\Windows\system32\UI0Detect.exe
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] uliagpkx :
[00:10:0047] -> uliagpkx : [uliagpkx.sys] C:\Windows\system32\drivers\uliagpkx.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] umbus :
[00:10:0047] -> umbus : [umbus.sys] C:\Windows\system32\DRIVERS\umbus.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] UmPass :
[00:10:0047] -> UmPass : [umpass.sys] C:\Windows\system32\drivers\umpass.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] UmRdpService :
[00:10:0047] -> UmRdpService : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0047] -> UmRdpService : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] upnphost :
[00:10:0047] -> upnphost : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0047] -> upnphost : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] USBAAPL64 :
[00:10:0047] -> USBAAPL64 : [usbaapl64.sys] C:\Windows\System32\Drivers\usbaapl64.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbaudio :
[00:10:0047] -> usbaudio : [usbaudio.sys] C:\Windows\system32\drivers\usbaudio.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbccgp :
[00:10:0047] -> usbccgp : [usbccgp.sys] C:\Windows\system32\DRIVERS\usbccgp.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbcir :
[00:10:0047] -> usbcir : [usbcir.sys] C:\Windows\system32\drivers\usbcir.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbehci :
[00:10:0047] -> usbehci : [usbehci.sys] C:\Windows\system32\DRIVERS\usbehci.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbhub :
[00:10:0047] -> usbhub : [usbhub.sys] C:\Windows\system32\DRIVERS\usbhub.sys
[00:10:0047] [Services] -Next-
[00:10:0047] [Services][0x0] usbohci :
[00:10:0047] -> usbohci : [usbohci.sys] C:\Windows\system32\drivers\usbohci.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] usbprint :
[00:10:0062] -> usbprint : [usbprint.sys] C:\Windows\system32\drivers\usbprint.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] USBSTOR :
[00:10:0062] -> USBSTOR : [USBSTOR.SYS] C:\Windows\system32\DRIVERS\USBSTOR.SYS
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] usbuhci :
[00:10:0062] -> usbuhci : [usbuhci.sys] C:\Windows\system32\drivers\usbuhci.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] usbvideo :
[00:10:0062] -> usbvideo : [usbvideo.sys] C:\Windows\System32\Drivers\usbvideo.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] UxSms :
[00:10:0062] -> UxSms : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0062] -> UxSms : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] VaultSvc :
[00:10:0062] -> VaultSvc : [lsass.exe] C:\Windows\system32\lsass.exe
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] vdrvroot :
[00:10:0062] -> vdrvroot : [vdrvroot.sys] C:\Windows\system32\drivers\vdrvroot.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] vds :
[00:10:0062] -> vds : [vds.exe] C:\Windows\System32\vds.exe
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] vga :
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] VgaSave :
[00:10:0062] -> VgaSave : [vga.sys] C:\Windows\System32\drivers\vga.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] VGPU :
[00:10:0062] -> VGPU : [rdvgkmd.sys] C:\Windows\System32\drivers\rdvgkmd.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] vhdmp :
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] viaide :
[00:10:0062] -> viaide : [viaide.sys] C:\Windows\system32\drivers\viaide.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] vmbus :
[00:10:0062] -> vmbus : [vmbus.sys] C:\Windows\system32\drivers\vmbus.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] VMBusHID :
[00:10:0062] -> VMBusHID : [VMBusHID.sys] C:\Windows\system32\drivers\VMBusHID.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] volmgr :
[00:10:0062] -> volmgr : [volmgr.sys] C:\Windows\system32\drivers\volmgr.sys
[00:10:0062] [Services] -Next-
[00:10:0062] [Services][0x0] volmgrx :
[00:10:0062] -> volmgrx : [volmgrx.sys] C:\Windows\System32\drivers\volmgrx.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] volsnap :
[00:10:0078] -> volsnap : [volsnap.sys] C:\Windows\system32\drivers\volsnap.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] vsmraid :
[00:10:0078] -> vsmraid : [vsmraid.sys] C:\Windows\system32\drivers\vsmraid.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] VSS :
[00:10:0078] -> VSS : [vssvc.exe] C:\Windows\system32\vssvc.exe
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] vwifibus :
[00:10:0078] -> vwifibus : [vwifibus.sys] C:\Windows\System32\drivers\vwifibus.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] W32Time :
[00:10:0078] -> W32Time : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0078] -> W32Time : [LocalService] LocalService
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] W3SVC :
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] WacomPen :
[00:10:0078] -> WacomPen : [wacompen.sys] C:\Windows\system32\drivers\wacompen.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] WANARP :
[00:10:0078] -> WANARP : [wanarp.sys] C:\Windows\system32\DRIVERS\wanarp.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] Wanarpv6 :
[00:10:0078] -> Wanarpv6 : [wanarp.sys] C:\Windows\system32\DRIVERS\wanarp.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] wbengine :
[00:10:0078] -> wbengine : [wbengine.exe] C:\Windows\system32\wbengine.exe
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] WbioSrvc :
[00:10:0078] -> WbioSrvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0078] -> WbioSrvc : [WbioSvcGroup] WbioSvcGroup
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] wcncsvc :
[00:10:0078] -> wcncsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0078] -> wcncsvc : [LocalServiceAndNoImpersonation] LocalServiceAndNoImpersonation
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] WcsPlugInService :
[00:10:0078] -> WcsPlugInService : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0078] -> WcsPlugInService : [wcssvc] wcssvc
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] Wd :
[00:10:0078] -> Wd : [wd.sys] C:\Windows\system32\drivers\wd.sys
[00:10:0078] [Services] -Next-
[00:10:0078] [Services][0x0] Wdf01000 :
[00:10:0078] -> Wdf01000 : [Wdf01000.sys] C:\Windows\system32\drivers\Wdf01000.sys
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WdiServiceHost :
[00:10:0094] -> WdiServiceHost : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> WdiServiceHost : [LocalService] LocalService
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WdiSystemHost :
[00:10:0094] -> WdiSystemHost : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> WdiSystemHost : [LocalSystemNetworkRestricted] LocalSystemNetworkRestricted
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WebClient :
[00:10:0094] -> WebClient : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> WebClient : [LocalService] LocalService
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] Wecsvc :
[00:10:0094] -> Wecsvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> Wecsvc : [NetworkService] NetworkService
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] wercplsupport :
[00:10:0094] -> wercplsupport : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> wercplsupport : [netsvcs] netsvcs
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WerSvc :
[00:10:0094] -> WerSvc : [svchost.exe] C:\Windows\System32\svchost.exe
[00:10:0094] -> WerSvc : [WerSvcGroup] WerSvcGroup
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WfpLwf :
[00:10:0094] -> WfpLwf : [wfplwf.sys] C:\Windows\system32\DRIVERS\wfplwf.sys
[00:10:0094] [Services] -Next-
[00:10:0094] [Services][0x0] WIMMount :
[00:10:0109] -> WIMMount : [wimmount.sys] C:\Windows\System32\drivers\wimmount.sys
[09:09:0529] Release mutex
[09:09:0529] Delete Mutex File


What should I do?
  • 0

#10
emeraldnzl
Posted 29 November 2012 - 11:20 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

What should I do?


Sometimes you do need to try several times.

Try renaming it to winlogon.exe

Right click on it and rename.

Then try to run it.

If that doesn't work try running it in Safe Mode.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.
  • 0

#11
marinavictal
Posted 03 December 2012 - 09:58 AM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello, emeraldnzl.

I did what you said, but it didn't help. Even in safe mode RoggueKill didn't run. It stopped working in one specific point of the progress bar, at the beginning of the scan. I tried twice. At the first time I kind of lost my patience and restarted the pc, but the second time lasted about 8 hours (I felt asleep) and when I woke up, the progress bar was stuck in the exactly same point.
But the problem seems to be over. My computer has been working ok for a while. Is it just coincidence or do you thing the virus might have been removed?
  • 0

#12
emeraldnzl
Posted 03 December 2012 - 12:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again marinavictal,

Is it just coincidence or do you thing the virus might have been removed?


Something must have happened somewhere along the way.

Assuming things are working okay then we have a couple of last steps to perform and you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
marinavictal
Posted 05 December 2012 - 12:17 PM

marinavictal

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Emeraldnzl, I've no words to thank you.
I followed your last tips and I will be more careful from now. I’m glad I’ve found geekstogo. You are really, really kind and helpful. There aren’t enough words to say how grateful I am, indeed. Thank you a million times!!!
  • 0

#14
emeraldnzl
Posted 05 December 2012 - 12:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You are very welcome :happy:
  • 0

#15
emeraldnzl
Posted 05 December 2012 - 12:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP