fuji520
-
Posts
19 -
Joined
-
Last visited
-
I don't recall having set an automatic system restore for anything. At all. All I did was restore manually through a windows repair disc earlier.
-
Okay, here's the frst.log. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01 Ran by SYSTEM at 24-12-2012 13:53:39 Running from E:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2692008 2009-04-09] (ESET) HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1609296 2010-06-25] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2314120 2009-05-26] (Microsoft Corporation) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKU\FiaN\...\Run: [steam] "X:\Games\Steam\steam.exe" -silent [x] HKU\FiaN\...\Run: [HDDtemp4] C:\Program Files (x86)\BinarySense\HDDTemp4\\hddtemp4 /minimized [x] HKU\FiaN\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd) HKU\FiaN\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation) HKU\FiaN\...\Run: [Facebook Update] "C:\Users\FiaN\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-25] (Facebook Inc.) HKU\FiaN\...\Run: [Google Update] "C:\Users\FiaN\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-06] (Google Inc.) HKU\FiaN\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-27] (BitTorrent, Inc.) HKU\FiaN\...\Run: [Voipwise] "C:\Program Files (x86)\Voipwise.com\Voipwise\voipwise.exe" -nosplash -minimized [17792376 2012-07-28] (Voipwise) HKU\FiaN\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.) HKU\FiaN\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin [240288 2011-06-24] (Adobe Systems, Inc.) HKU\FiaN\...\Winlogon: [shell] explorer.exe HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Tcpip\..\Interfaces\{604AFE75-2B17-4487-AB5C-5F39A71B604B}: [NameServer]10.85.40.1 Tcpip\..\Interfaces\{EAAEE705-61FB-46DF-BE1F-0E6008FD0351}: [NameServer]8.8.8.8,8.8.4.4 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe (GamersFirst) Startup: C:\Users\All Users\Start Menu\Programs\Startup\PrivateTunnel.lnk ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe () Startup: C:\Users\FiaN\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon Inkjet i350.lnk ShortcutTarget: Canon IJ Status Monitor Canon Inkjet i350.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) Startup: C:\Users\FiaN\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\FiaN\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Services (Whitelisted) =================== 2 ActiveSMART Service; C:\Program Files (x86)\ActiveSMART 2.8\ASmartService.exe [586008 2009-09-04] (Ariolic Software, Ltd. (http://www.ariolic.com)) 3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [23296 2009-04-09] (ESET) 2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [731840 2009-04-09] (ESET) 2 HDD & SSD access service; "C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe" [165888 2010-06-22] (BinarySense Ltd.) 2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542040 2012-03-26] () 3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-03-26] () 2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-03-26] () 2 OpenVPNAccessClient; "C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe" [24064 2012-09-14] () 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-18] () 2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC) ==================== Drivers (Whitelisted) ===================== 3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-12] (CSR, plc) 2 eamon; C:\Windows\System32\Drivers\eamon.sys [142776 2009-04-09] (ESET) 1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [134024 2009-04-09] (ESET) 2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [121152 2009-04-09] (ESET) 0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-02] (Duplex Secure Ltd.) 3 tapoas; C:\Windows\System32\Drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) 2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] () 3 dump_wmimmc; \??\C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x] 3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-24 13:53 - 2012-12-24 13:53 - 00000000 ____D C:\FRST 2012-12-23 12:31 - 2012-12-23 12:31 - 00001932 ____A C:\Users\FiaN\Desktop\RKreport[1]_S_12232012_02d2331.txt 2012-12-23 12:31 - 2012-12-23 12:31 - 00000000 ____D C:\Users\FiaN\Desktop\RK_Quarantine 2012-12-23 12:23 - 2012-12-23 12:23 - 00003254 ____A C:\AdwCleaner[R1].txt 2012-12-23 12:19 - 2012-12-23 12:19 - 00000000 ____D C:\Windows\ERDNT 2012-12-23 12:18 - 2012-12-24 13:19 - 00000000 ____D C:\Program Files (x86)\ERUNT 2012-12-23 06:54 - 2012-12-23 06:54 - 00000000 ____D C:\Users\FiaN\Desktop\mbar-1.01.0.1011 2012-12-23 06:53 - 2012-12-23 06:53 - 13485902 ____A C:\Users\FiaN\Desktop\mbar-1.01.0.1011.zip 2012-12-23 06:03 - 2012-12-23 13:29 - 00002002 ____A C:\Users\FiaN\Desktop\Rkill.txt 2012-12-22 10:22 - 2012-12-22 10:22 - 00000207 ____A C:\Users\FiaN\Desktop\Universe Sandbox.url 2012-12-16 05:53 - 2012-12-16 05:53 - 00000000 ____D C:\Users\FiaN\AppData\Local\{AA9DB6D8-5E21-4E09-82A8-1F4989C2A99D} 2012-12-15 04:35 - 2012-12-15 04:35 - 10191699 ____A C:\Users\FiaN\Documents\LoaderBackup-(2012-12-15).bbb 2012-12-15 04:23 - 2012-12-15 04:23 - 00000718 ____A C:\Users\Public\Desktop\War Thunder.lnk 2012-12-14 00:03 - 2012-12-14 00:03 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\.mono 2012-12-13 22:33 - 2012-12-16 03:27 - 00000000 ____D C:\Users\All Users\WarThunder 2012-12-13 22:33 - 2012-12-13 22:33 - 00000000 ____D C:\Users\FiaN\AppData\Local\WarThunder 2012-12-04 10:48 - 2012-12-04 10:54 - 36608189 ____A C:\Users\FiaN\Downloads\Les Loups - Klub der Herzen EP.zip 2012-12-04 10:47 - 2012-12-10 10:05 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Mp3tag 2012-12-04 10:46 - 2012-12-04 10:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2012-12-04 10:44 - 2012-12-04 10:45 - 03204456 ____A C:\Users\FiaN\Downloads\mp3tagv253setup.exe 2012-12-02 05:19 - 2012-12-02 05:19 - 00000000 ____D C:\Users\All Users\Orbit 2012-11-29 23:49 - 2012-11-29 23:49 - 00000000 ____D C:\Users\FiaN\AppData\Local\{35E3B3F3-3DD9-4BDF-A130-B7F0AC3EBDDE} 2012-11-26 06:13 - 2012-11-26 06:13 - 00000000 ____D C:\Users\FiaN\AppData\Local\{0B059F7A-4EF7-4DEA-B889-2F2CCE588254} ==================== One Month Modified Files and Folders ======= 2012-12-24 13:46 - 2012-05-27 14:34 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\uTorrent 2012-12-24 13:46 - 2011-10-04 10:31 - 00000000 ____D C:\Windows\W7SOC 2012-12-24 13:46 - 2011-03-25 05:26 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Rainmeter 2012-12-24 13:46 - 2010-05-12 07:40 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-24 13:46 - 2010-05-12 07:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-24 13:46 - 2010-04-18 03:51 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Winamp 2012-12-24 13:46 - 2010-04-17 00:00 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\vlc 2012-12-24 13:46 - 2010-04-15 19:50 - 00000000 ____D C:\Users\All Users\FLEXnet 2012-12-24 13:46 - 2010-04-15 19:23 - 00000000 ___AD C:\users\FiaN 2012-12-24 13:46 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries 2012-12-24 13:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2012-12-24 13:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-12-24 13:45 - 2011-02-14 01:59 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Skype 2012-12-24 13:45 - 2010-04-17 07:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-12-24 13:19 - 2012-12-23 12:18 - 00000000 ____D C:\Program Files (x86)\ERUNT 2012-12-24 02:31 - 2010-11-09 04:46 - 00000000 ____D C:\Windows\SysWOW64\directx 2012-12-24 02:31 - 2010-05-14 06:34 - 00000000 ____D C:\Users\FiaN\AppData\Local\TSVNCache 2012-12-24 02:27 - 2012-09-19 10:59 - 00007951 ____A C:\Users\FiaN\ovpntray.log 2012-12-24 02:21 - 2010-04-17 03:09 - 00000000 ____D C:\Users\FiaN\Tracing 2012-12-23 13:29 - 2012-12-23 06:03 - 00002002 ____A C:\Users\FiaN\Desktop\Rkill.txt 2012-12-23 12:31 - 2012-12-23 12:31 - 00001932 ____A C:\Users\FiaN\Desktop\RKreport[1]_S_12232012_02d2331.txt 2012-12-23 12:31 - 2012-12-23 12:31 - 00000000 ____D C:\Users\FiaN\Desktop\RK_Quarantine 2012-12-23 12:23 - 2012-12-23 12:23 - 00003254 ____A C:\AdwCleaner[R1].txt 2012-12-23 12:19 - 2012-12-23 12:19 - 00000000 ____D C:\Windows\ERDNT 2012-12-23 06:54 - 2012-12-23 06:54 - 00000000 ____D C:\Users\FiaN\Desktop\mbar-1.01.0.1011 2012-12-23 06:53 - 2012-12-23 06:53 - 13485902 ____A C:\Users\FiaN\Desktop\mbar-1.01.0.1011.zip 2012-12-22 10:36 - 2011-12-30 13:35 - 00000000 ____D C:\Users\FiaN\Documents\Universe Sandbox 2012-12-22 10:22 - 2012-12-22 10:22 - 00000207 ____A C:\Users\FiaN\Desktop\Universe Sandbox.url 2012-12-21 14:39 - 2012-07-25 16:29 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032062568-3766263197-1891077631-1000UA.job 2012-12-21 14:36 - 2012-10-16 05:26 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-21 13:31 - 2012-07-25 16:26 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032062568-3766263197-1891077631-1000UA.job 2012-12-21 12:04 - 2010-07-04 12:23 - 00087197 ____A C:\Windows\setupact.log 2012-12-21 10:39 - 2012-07-25 16:29 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032062568-3766263197-1891077631-1000Core.job 2012-12-21 07:36 - 2012-10-16 05:26 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-21 06:24 - 2010-04-15 19:21 - 01970086 ____A C:\Windows\WindowsUpdate.log 2012-12-20 16:31 - 2012-07-25 16:26 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032062568-3766263197-1891077631-1000Core.job 2012-12-20 16:03 - 2010-05-04 08:01 - 00000000 ___HD C:\Users\All Users\ActiveSMART 2012-12-16 06:26 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-16 06:26 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-16 05:54 - 2011-05-02 04:47 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Dropbox 2012-12-16 05:53 - 2012-12-16 05:53 - 00000000 ____D C:\Users\FiaN\AppData\Local\{AA9DB6D8-5E21-4E09-82A8-1F4989C2A99D} 2012-12-16 05:53 - 2011-05-02 04:51 - 00000000 ___RD C:\Users\FiaN\Dropbox 2012-12-16 05:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-16 03:27 - 2012-12-13 22:33 - 00000000 ____D C:\Users\All Users\WarThunder 2012-12-15 05:40 - 2011-05-01 03:44 - 00001848 ____A C:\Users\FiaN\AppData\Roaming\Rim.Desktop.Exception.log 2012-12-15 04:35 - 2012-12-15 04:35 - 10191699 ____A C:\Users\FiaN\Documents\LoaderBackup-(2012-12-15).bbb 2012-12-15 04:30 - 2011-05-01 03:49 - 00038912 ____A C:\Users\FiaN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-12-15 04:30 - 2009-07-13 21:13 - 00793346 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-15 04:23 - 2012-12-15 04:23 - 00000718 ____A C:\Users\Public\Desktop\War Thunder.lnk 2012-12-15 04:23 - 2010-05-25 04:02 - 00000000 ____D C:\Users\FiaN\Documents\My Games 2012-12-14 00:03 - 2012-12-14 00:03 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\.mono 2012-12-13 22:33 - 2012-12-13 22:33 - 00000000 ____D C:\Users\FiaN\AppData\Local\WarThunder 2012-12-13 21:23 - 2011-01-20 19:24 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-12-13 21:23 - 2011-01-20 14:19 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-12-13 20:02 - 2011-01-20 14:19 - 00201816 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-12-13 12:41 - 2012-04-06 12:05 - 00002481 ____A C:\Users\FiaN\Desktop\Google Chrome.lnk 2012-12-10 10:05 - 2012-12-04 10:47 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\Mp3tag 2012-12-06 08:23 - 2010-04-16 13:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2012-12-04 10:54 - 2012-12-04 10:48 - 36608189 ____A C:\Users\FiaN\Downloads\Les Loups - Klub der Herzen EP.zip 2012-12-04 10:46 - 2012-12-04 10:46 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2012-12-04 10:45 - 2012-12-04 10:44 - 03204456 ____A C:\Users\FiaN\Downloads\mp3tagv253setup.exe 2012-12-04 09:32 - 2012-04-04 10:08 - 00000000 ____D C:\Users\FiaN\Documents\Watched Threads 2012-12-02 06:42 - 2010-05-25 04:02 - 00000000 ____D C:\Users\FiaN\AppData\Local\My Games 2012-12-02 05:19 - 2012-12-02 05:19 - 00000000 ____D C:\Users\All Users\Orbit 2012-12-02 05:19 - 2011-01-20 19:23 - 00000000 ____D C:\Users\FiaN\AppData\Local\PunkBuster 2012-12-02 03:59 - 2010-04-25 09:37 - 00000000 ____D C:\Users\FiaN\AppData\Roaming\BitTorrent 2012-11-29 23:49 - 2012-11-29 23:49 - 00000000 ____D C:\Users\FiaN\AppData\Local\{35E3B3F3-3DD9-4BDF-A130-B7F0AC3EBDDE} 2012-11-26 06:13 - 2012-11-26 06:13 - 00000000 ____D C:\Users\FiaN\AppData\Local\{0B059F7A-4EF7-4DEA-B889-2F2CCE588254} ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2010-04-16 12:33] - [2012-10-22 10:37] - 2870272 ____A (Microsoft Corporation) D8E98F9AB1CB4438B7C2EBEA2476057C C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-12-18 15:09:43 Restore point made on: 2012-12-21 15:10:16 Restore point made on: 2012-12-22 10:35:39 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4095.18 MB Available physical RAM: 3470.64 MB Total Pagefile: 4093.32 MB Available Pagefile: 3458.92 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:290.28 GB) (Free:86.86 GB) NTFS 2 Drive d: (Stuff) (Fixed) (Total:931.51 GB) (Free:272.28 GB) NTFS 3 Drive e: (F4GB) (Removable) (Total:3.73 GB) (Free:1.09 GB) FAT32 4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 11 Drive y: () (Fixed) (Total:7.79 GB) (Free:7.73 GB) FAT32 ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 931 GB 0 B Disk 2 Online 3830 MB 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Disk 7 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7993 MB 1024 KB Partition 2 Primary 290 GB 7994 MB ================================================================================== Disk: 0 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y FAT32 Partition 7993 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 290 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 1024 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D Stuff NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3826 MB 4096 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E F4GB FAT32 Removable 3826 MB Healthy ========================================================= Last Boot: 2012-12-14 13:50 ==================== End Of Log =============================
-
There seems to be no option named 'Repair your computer' within the advanced boot options.
-
Nevermind...
-
My computer can't seem to access the advanced boot options. It's an HP and I keep on tapping F8 but it doesn't go to the menu.
-
Also, after installation I can't seem to run mbam. It gives me a runtime error 'o' then proceeds to give me another runtime error '440'.
-
When installing, a popup appears that says "CoCreateInstance failed; code 0x80040154. Class not registered". What does this mean?
-
After this, I proceed to run Malwarebytes Chameleon, correct?
-
Yes I did, check the first post.
-
Here is the new rkill.log anyway Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/24/2012 12:28:53 AM in x64 mode. Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 12/24/2012 12:29:01 AM Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
-
I don't seem to have a 'Malwarebytes Anti-malware chameleon'.
-
# AdwCleaner v2.101 - Logfile created 12/23/2012 at 23:23:29 # Updated 16/12/2012 by Xplode # Operating system : Windows 7 Ultimate (64 bits) # User : FiaN - FIAN-PC # Boot Mode : Normal # Running from : C:\Users\FiaN\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\FiaN\AppData\Local\Temp\Uninstall.exe File Found : C:\Users\FiaN\AppData\Roaming\Mozilla\Firefox\Profiles\m3j0cnbj.default\searchplugins\Askcom.xml Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\ProgramData\Trymedia Folder Found : C:\Users\FiaN\AppData\Local\APN Folder Found : C:\Users\FiaN\AppData\Local\Temp\AskSearch ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKU\S-1-5-21-4032062568-3766263197-1891077631-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKU\S-1-5-21-4032062568-3766263197-1891077631-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16385 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.hotspotshield.com/g/?c=h -\\ Mozilla Firefox v13.0.1 (en-US) Profile name : default File : C:\Users\FiaN\AppData\Roaming\Mozilla\Firefox\Profiles\m3j0cnbj.default\prefs.js Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\FiaN\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3135 octets] - [23/12/2012 23:23:29] ########## EOF - C:\AdwCleaner[R1].txt - [3195 octets] ########## 23:25:52.0608 2704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 23:25:53.0886 2704 ============================================================ 23:25:53.0886 2704 Current date / time: 2012/12/23 23:25:53.0886 23:25:53.0886 2704 SystemInfo: 23:25:53.0886 2704 23:25:53.0886 2704 OS Version: 6.1.7600 ServicePack: 0.0 23:25:53.0886 2704 Product type: Workstation 23:25:53.0886 2704 ComputerName: FIAN-PC 23:25:53.0886 2704 UserName: FiaN 23:25:53.0886 2704 Windows directory: C:\Windows 23:25:53.0886 2704 System windows directory: C:\Windows 23:25:53.0886 2704 Running under WOW64 23:25:53.0886 2704 Processor architecture: Intel x64 23:25:53.0886 2704 Number of processors: 2 23:25:53.0886 2704 Page size: 0x1000 23:25:53.0886 2704 Boot type: Normal boot 23:25:53.0886 2704 ============================================================ 23:25:55.0013 2704 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:25:55.0028 2704 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:25:55.0068 2704 ============================================================ 23:25:55.0068 2704 \Device\Harddisk0\DR0: 23:25:55.0068 2704 MBR partitions: 23:25:55.0068 2704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0xF9C800 23:25:55.0068 2704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF9D000, BlocksNum 0x24490800 23:25:55.0068 2704 \Device\Harddisk1\DR1: 23:25:55.0068 2704 MBR partitions: 23:25:55.0068 2704 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 23:25:55.0068 2704 ============================================================ 23:25:55.0148 2704 C: <-> \Device\Harddisk0\DR0\Partition2 23:25:55.0191 2704 X: <-> \Device\Harddisk1\DR1\Partition1 23:25:55.0191 2704 ============================================================ 23:25:55.0191 2704 Initialize success 23:25:55.0191 2704 ============================================================ 23:26:03.0063 4272 ============================================================ 23:26:03.0063 4272 Scan started 23:26:03.0063 4272 Mode: Manual; 23:26:03.0063 4272 ============================================================ 23:26:04.0679 4272 ================ Scan system memory ======================== 23:26:04.0679 4272 System memory - ok 23:26:04.0679 4272 ================ Scan services ============================= 23:26:04.0819 4272 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 23:26:04.0824 4272 1394ohci - ok 23:26:04.0849 4272 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 23:26:04.0852 4272 ACPI - ok 23:26:04.0874 4272 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 23:26:04.0877 4272 AcpiPmi - ok 23:26:04.0949 4272 [ 35809C29E62BBD179A369288BB2818C6 ] ActiveSMART Service C:\Program Files (x86)\ActiveSMART 2.8\ASmartService.exe 23:26:04.0954 4272 ActiveSMART Service - ok 23:26:04.0992 4272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:26:05.0007 4272 adp94xx - ok 23:26:05.0044 4272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:26:05.0049 4272 adpahci - ok 23:26:05.0079 4272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:26:05.0099 4272 adpu320 - ok 23:26:05.0154 4272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:26:05.0172 4272 AeLookupSvc - ok 23:26:05.0199 4272 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys 23:26:05.0214 4272 AFD - ok 23:26:05.0227 4272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 23:26:05.0229 4272 agp440 - ok 23:26:05.0244 4272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 23:26:05.0247 4272 ALG - ok 23:26:05.0262 4272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 23:26:05.0262 4272 aliide - ok 23:26:05.0299 4272 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 23:26:05.0302 4272 AMD External Events Utility - ok 23:26:05.0312 4272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 23:26:05.0314 4272 amdide - ok 23:26:05.0339 4272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:26:05.0342 4272 AmdK8 - ok 23:26:05.0539 4272 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 23:26:05.0717 4272 amdkmdag - ok 23:26:05.0744 4272 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 23:26:05.0749 4272 amdkmdap - ok 23:26:05.0757 4272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:26:05.0759 4272 AmdPPM - ok 23:26:05.0787 4272 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 23:26:05.0787 4272 amdsata - ok 23:26:05.0802 4272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:26:05.0804 4272 amdsbs - ok 23:26:05.0817 4272 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 23:26:05.0817 4272 amdxata - ok 23:26:05.0844 4272 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 23:26:05.0844 4272 AppID - ok 23:26:05.0862 4272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:26:05.0864 4272 AppIDSvc - ok 23:26:05.0882 4272 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 23:26:05.0882 4272 Appinfo - ok 23:26:05.0934 4272 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:26:05.0937 4272 Apple Mobile Device - ok 23:26:05.0967 4272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 23:26:05.0969 4272 AppMgmt - ok 23:26:05.0997 4272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 23:26:05.0999 4272 arc - ok 23:26:06.0012 4272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:26:06.0012 4272 arcsas - ok 23:26:06.0094 4272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 23:26:06.0097 4272 aspnet_state - ok 23:26:06.0114 4272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:26:06.0114 4272 AsyncMac - ok 23:26:06.0129 4272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 23:26:06.0129 4272 atapi - ok 23:26:06.0349 4272 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 23:26:06.0399 4272 atikmdag - ok 23:26:06.0442 4272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:26:06.0457 4272 AudioEndpointBuilder - ok 23:26:06.0474 4272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 23:26:06.0479 4272 AudioSrv - ok 23:26:06.0507 4272 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:26:06.0507 4272 AxInstSV - ok 23:26:06.0539 4272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 23:26:06.0544 4272 b06bdrv - ok 23:26:06.0577 4272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 23:26:06.0582 4272 b57nd60a - ok 23:26:06.0597 4272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 23:26:06.0599 4272 BDESVC - ok 23:26:06.0617 4272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 23:26:06.0617 4272 Beep - ok 23:26:06.0652 4272 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 23:26:06.0667 4272 BFE - ok 23:26:06.0697 4272 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 23:26:06.0714 4272 BITS - ok 23:26:06.0739 4272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:26:06.0739 4272 blbdrive - ok 23:26:06.0807 4272 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 23:26:06.0809 4272 Bonjour Service - ok 23:26:06.0827 4272 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:26:06.0829 4272 bowser - ok 23:26:06.0844 4272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:26:06.0844 4272 BrFiltLo - ok 23:26:06.0857 4272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:26:06.0857 4272 BrFiltUp - ok 23:26:06.0884 4272 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll 23:26:06.0887 4272 Browser - ok 23:26:06.0907 4272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:26:06.0912 4272 Brserid - ok 23:26:06.0932 4272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:26:06.0932 4272 BrSerWdm - ok 23:26:06.0942 4272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:26:06.0942 4272 BrUsbMdm - ok 23:26:06.0954 4272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:26:06.0954 4272 BrUsbSer - ok 23:26:06.0979 4272 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys 23:26:06.0982 4272 BthAvrcp - ok 23:26:07.0022 4272 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 23:26:07.0024 4272 BthEnum - ok 23:26:07.0042 4272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:26:07.0042 4272 BTHMODEM - ok 23:26:07.0054 4272 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 23:26:07.0054 4272 BthPan - ok 23:26:07.0082 4272 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 23:26:07.0097 4272 BTHPORT - ok 23:26:07.0114 4272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 23:26:07.0117 4272 bthserv - ok 23:26:07.0134 4272 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 23:26:07.0134 4272 BTHUSB - ok 23:26:07.0169 4272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:26:07.0172 4272 cdfs - ok 23:26:07.0199 4272 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:26:07.0202 4272 cdrom - ok 23:26:07.0219 4272 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 23:26:07.0222 4272 CertPropSvc - ok 23:26:07.0232 4272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:26:07.0234 4272 circlass - ok 23:26:07.0252 4272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 23:26:07.0254 4272 CLFS - ok 23:26:07.0307 4272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:26:07.0317 4272 clr_optimization_v2.0.50727_32 - ok 23:26:07.0354 4272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:26:07.0357 4272 clr_optimization_v2.0.50727_64 - ok 23:26:07.0432 4272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:26:07.0434 4272 clr_optimization_v4.0.30319_32 - ok 23:26:07.0444 4272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:26:07.0444 4272 clr_optimization_v4.0.30319_64 - ok 23:26:07.0474 4272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:26:07.0474 4272 CmBatt - ok 23:26:07.0487 4272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 23:26:07.0489 4272 cmdide - ok 23:26:07.0512 4272 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys 23:26:07.0517 4272 CNG - ok 23:26:07.0534 4272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:26:07.0537 4272 Compbatt - ok 23:26:07.0554 4272 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 23:26:07.0557 4272 CompositeBus - ok 23:26:07.0569 4272 COMSysApp - ok 23:26:07.0599 4272 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys 23:26:07.0602 4272 cpuz135 - ok 23:26:07.0614 4272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:26:07.0614 4272 crcdisk - ok 23:26:07.0649 4272 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:26:07.0652 4272 CryptSvc - ok 23:26:07.0689 4272 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys 23:26:07.0704 4272 CSC - ok 23:26:07.0732 4272 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll 23:26:07.0749 4272 CscService - ok 23:26:07.0784 4272 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 23:26:07.0799 4272 DcomLaunch - ok 23:26:07.0824 4272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 23:26:07.0827 4272 defragsvc - ok 23:26:07.0862 4272 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:26:07.0862 4272 DfsC - ok 23:26:07.0889 4272 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 23:26:07.0889 4272 dg_ssudbus - ok 23:26:07.0924 4272 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 23:26:07.0929 4272 Dhcp - ok 23:26:07.0937 4272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 23:26:07.0939 4272 discache - ok 23:26:07.0964 4272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:26:07.0967 4272 Disk - ok 23:26:07.0977 4272 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:26:07.0979 4272 Dnscache - ok 23:26:08.0002 4272 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 23:26:08.0007 4272 dot3svc - ok 23:26:08.0024 4272 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 23:26:08.0027 4272 DPS - ok 23:26:08.0049 4272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:26:08.0049 4272 drmkaud - ok 23:26:08.0102 4272 dump_wmimmc - ok 23:26:08.0137 4272 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:26:08.0164 4272 DXGKrnl - ok 23:26:08.0199 4272 [ DADF326F74EEC4D759ADA18C5B73FC77 ] eamon C:\Windows\system32\DRIVERS\eamon.sys 23:26:08.0202 4272 eamon - ok 23:26:08.0227 4272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 23:26:08.0229 4272 EapHost - ok 23:26:08.0309 4272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 23:26:08.0369 4272 ebdrv - ok 23:26:08.0394 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe 23:26:08.0394 4272 EFS - ok 23:26:08.0417 4272 [ CC1B838D1A837C2957FA84658D57F809 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys 23:26:08.0419 4272 ehdrv - ok 23:26:08.0467 4272 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:26:08.0484 4272 ehRecvr - ok 23:26:08.0502 4272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 23:26:08.0504 4272 ehSched - ok 23:26:08.0579 4272 [ DE4BCFDD049DAFFAADCD66943D492B3F ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 23:26:08.0579 4272 EhttpSrv - ok 23:26:08.0614 4272 [ 8791F03854611DEAC8D2967C1C958A7E ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 23:26:08.0619 4272 ekrn - ok 23:26:08.0649 4272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:26:08.0664 4272 elxstor - ok 23:26:08.0684 4272 [ 031B3AE524D9FF2735DE08E59353AEF9 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys 23:26:08.0687 4272 epfwwfpr - ok 23:26:08.0702 4272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 23:26:08.0704 4272 ErrDev - ok 23:26:08.0749 4272 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys 23:26:08.0752 4272 EuMusDesignVirtualAudioCableWdm - ok 23:26:08.0777 4272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 23:26:08.0782 4272 EventSystem - ok 23:26:08.0802 4272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 23:26:08.0804 4272 exfat - ok 23:26:08.0832 4272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:26:08.0834 4272 fastfat - ok 23:26:08.0862 4272 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 23:26:08.0879 4272 Fax - ok 23:26:08.0892 4272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:26:08.0894 4272 fdc - ok 23:26:08.0909 4272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 23:26:08.0912 4272 fdPHost - ok 23:26:08.0924 4272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 23:26:08.0924 4272 FDResPub - ok 23:26:08.0937 4272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:26:08.0939 4272 FileInfo - ok 23:26:08.0949 4272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:26:08.0952 4272 Filetrace - ok 23:26:08.0994 4272 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 23:26:08.0999 4272 FLEXnet Licensing Service - ok 23:26:09.0022 4272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:26:09.0022 4272 flpydisk - ok 23:26:09.0047 4272 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:26:09.0049 4272 FltMgr - ok 23:26:09.0084 4272 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll 23:26:09.0109 4272 FontCache - ok 23:26:09.0149 4272 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:26:09.0149 4272 FontCache3.0.0.0 - ok 23:26:09.0157 4272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:26:09.0157 4272 FsDepends - ok 23:26:09.0177 4272 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:26:09.0177 4272 Fs_Rec - ok 23:26:09.0214 4272 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:26:09.0217 4272 fvevol - ok 23:26:09.0239 4272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:26:09.0239 4272 gagp30kx - ok 23:26:09.0267 4272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:26:09.0269 4272 GEARAspiWDM - ok 23:26:09.0307 4272 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 23:26:09.0324 4272 gpsvc - ok 23:26:09.0382 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:26:09.0384 4272 gupdate - ok 23:26:09.0397 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:26:09.0399 4272 gupdatem - ok 23:26:09.0437 4272 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 23:26:09.0439 4272 gusvc - ok 23:26:09.0457 4272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:26:09.0459 4272 hcw85cir - ok 23:26:09.0487 4272 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:26:09.0492 4272 HdAudAddService - ok 23:26:09.0517 4272 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 23:26:09.0517 4272 HDAudBus - ok 23:26:09.0564 4272 [ 9AE4747663A6C62F6FFE0B991A0F531A ] HDD & SSD access service C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe 23:26:09.0567 4272 HDD & SSD access service - ok 23:26:09.0592 4272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:26:09.0594 4272 HidBatt - ok 23:26:09.0609 4272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:26:09.0612 4272 HidBth - ok 23:26:09.0624 4272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:26:09.0627 4272 HidIr - ok 23:26:09.0644 4272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 23:26:09.0647 4272 hidserv - ok 23:26:09.0679 4272 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:26:09.0679 4272 HidUsb - ok 23:26:09.0744 4272 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 23:26:09.0747 4272 HiPatchService - ok 23:26:09.0774 4272 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:26:09.0774 4272 hkmsvc - ok 23:26:09.0792 4272 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:26:09.0797 4272 HomeGroupListener - ok 23:26:09.0824 4272 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:26:09.0827 4272 HomeGroupProvider - ok 23:26:09.0859 4272 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 23:26:09.0862 4272 HpSAMD - ok 23:26:09.0967 4272 [ 575546EE9A39DD5CB3B4E34A146A8A3E ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 23:26:09.0972 4272 hshld - ok 23:26:09.0999 4272 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys 23:26:09.0999 4272 HssDrv - ok 23:26:10.0042 4272 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 23:26:10.0047 4272 HssSrv - ok 23:26:10.0062 4272 [ 4EFB7FC2A11DB10AB6205206D60C432B ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE 23:26:10.0064 4272 HssTrayService - ok 23:26:10.0107 4272 HssWd - ok 23:26:10.0147 4272 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:26:10.0164 4272 HTTP - ok 23:26:10.0177 4272 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:26:10.0177 4272 hwpolicy - ok 23:26:10.0214 4272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 23:26:10.0214 4272 i8042prt - ok 23:26:10.0254 4272 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys 23:26:10.0259 4272 iaStorV - ok 23:26:10.0312 4272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 23:26:10.0312 4272 IDriverT - ok 23:26:10.0362 4272 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:26:10.0379 4272 idsvc - ok 23:26:10.0529 4272 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 23:26:10.0657 4272 igfx - ok 23:26:10.0682 4272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:26:10.0684 4272 iirsp - ok 23:26:10.0724 4272 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 23:26:10.0742 4272 IKEEXT - ok 23:26:10.0797 4272 [ 397AF4C77E4AC1B262E4EBAC2958188C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 23:26:10.0832 4272 IntcAzAudAddService - ok 23:26:10.0847 4272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 23:26:10.0849 4272 intelide - ok 23:26:10.0887 4272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:26:10.0887 4272 intelppm - ok 23:26:10.0909 4272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:26:10.0912 4272 IPBusEnum - ok 23:26:10.0924 4272 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:26:10.0924 4272 IpFilterDriver - ok 23:26:10.0947 4272 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:26:10.0959 4272 iphlpsvc - ok 23:26:10.0974 4272 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 23:26:10.0977 4272 IPMIDRV - ok 23:26:10.0992 4272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:26:10.0994 4272 IPNAT - ok 23:26:11.0049 4272 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:26:11.0067 4272 iPod Service - ok 23:26:11.0087 4272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:26:11.0089 4272 IRENUM - ok 23:26:11.0107 4272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 23:26:11.0107 4272 isapnp - ok 23:26:11.0122 4272 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 23:26:11.0124 4272 iScsiPrt - ok 23:26:11.0144 4272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 23:26:11.0144 4272 kbdclass - ok 23:26:11.0164 4272 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 23:26:11.0164 4272 kbdhid - ok 23:26:11.0177 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe 23:26:11.0179 4272 KeyIso - ok 23:26:11.0192 4272 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:26:11.0194 4272 KSecDD - ok 23:26:11.0214 4272 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:26:11.0214 4272 KSecPkg - ok 23:26:11.0222 4272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 23:26:11.0222 4272 ksthunk - ok 23:26:11.0244 4272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 23:26:11.0249 4272 KtmRm - ok 23:26:11.0277 4272 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll 23:26:11.0279 4272 LanmanServer - ok 23:26:11.0292 4272 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:26:11.0294 4272 LanmanWorkstation - ok 23:26:11.0367 4272 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 23:26:11.0372 4272 LBTServ - ok 23:26:11.0389 4272 [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 23:26:11.0392 4272 LHidFilt - ok 23:26:11.0424 4272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:26:11.0427 4272 lltdio - ok 23:26:11.0457 4272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:26:11.0459 4272 lltdsvc - ok 23:26:11.0484 4272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 23:26:11.0484 4272 lmhosts - ok 23:26:11.0499 4272 [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 23:26:11.0499 4272 LMouFilt - ok 23:26:11.0537 4272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:26:11.0539 4272 LSI_FC - ok 23:26:11.0544 4272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:26:11.0547 4272 LSI_SAS - ok 23:26:11.0549 4272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:26:11.0552 4272 LSI_SAS2 - ok 23:26:11.0557 4272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:26:11.0557 4272 LSI_SCSI - ok 23:26:11.0569 4272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 23:26:11.0572 4272 luafv - ok 23:26:11.0584 4272 [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 23:26:11.0584 4272 LUsbFilt - ok 23:26:11.0604 4272 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:26:11.0607 4272 Mcx2Svc - ok 23:26:11.0619 4272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:26:11.0622 4272 megasas - ok 23:26:11.0634 4272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:26:11.0637 4272 MegaSR - ok 23:26:11.0702 4272 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 23:26:11.0702 4272 Microsoft Office Groove Audit Service - ok 23:26:11.0727 4272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 23:26:11.0729 4272 MMCSS - ok 23:26:11.0742 4272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 23:26:11.0742 4272 Modem - ok 23:26:11.0772 4272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:26:11.0774 4272 monitor - ok 23:26:11.0794 4272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:26:11.0797 4272 mouclass - ok 23:26:11.0827 4272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:26:11.0827 4272 mouhid - ok 23:26:11.0837 4272 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:26:11.0837 4272 mountmgr - ok 23:26:11.0894 4272 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:26:11.0897 4272 MozillaMaintenance - ok 23:26:11.0917 4272 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 23:26:11.0919 4272 mpio - ok 23:26:11.0939 4272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:26:11.0939 4272 mpsdrv - ok 23:26:11.0982 4272 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:26:11.0999 4272 MpsSvc - ok 23:26:12.0014 4272 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:26:12.0017 4272 MRxDAV - ok 23:26:12.0047 4272 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:26:12.0047 4272 mrxsmb - ok 23:26:12.0062 4272 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:26:12.0067 4272 mrxsmb10 - ok 23:26:12.0084 4272 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:26:12.0087 4272 mrxsmb20 - ok 23:26:12.0097 4272 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 23:26:12.0097 4272 msahci - ok 23:26:12.0109 4272 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 23:26:12.0112 4272 msdsm - ok 23:26:12.0132 4272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 23:26:12.0137 4272 MSDTC - ok 23:26:12.0162 4272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:26:12.0162 4272 Msfs - ok 23:26:12.0172 4272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:26:12.0172 4272 mshidkmdf - ok 23:26:12.0182 4272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 23:26:12.0182 4272 msisadrv - ok 23:26:12.0217 4272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:26:12.0222 4272 MSiSCSI - ok 23:26:12.0227 4272 msiserver - ok 23:26:12.0249 4272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:26:12.0249 4272 MSKSSRV - ok 23:26:12.0269 4272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:26:12.0269 4272 MSPCLOCK - ok 23:26:12.0284 4272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:26:12.0284 4272 MSPQM - ok 23:26:12.0304 4272 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:26:12.0309 4272 MsRPC - ok 23:26:12.0332 4272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 23:26:12.0332 4272 mssmbios - ok 23:26:12.0349 4272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:26:12.0352 4272 MSTEE - ok 23:26:12.0367 4272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:26:12.0367 4272 MTConfig - ok 23:26:12.0384 4272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 23:26:12.0384 4272 Mup - ok 23:26:12.0409 4272 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 23:26:12.0424 4272 napagent - ok 23:26:12.0454 4272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:26:12.0459 4272 NativeWifiP - ok 23:26:12.0492 4272 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 23:26:12.0509 4272 NDIS - ok 23:26:12.0524 4272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:26:12.0527 4272 NdisCap - ok 23:26:12.0552 4272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:26:12.0552 4272 NdisTapi - ok 23:26:12.0574 4272 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:26:12.0574 4272 Ndisuio - ok 23:26:12.0594 4272 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:26:12.0597 4272 NdisWan - ok 23:26:12.0604 4272 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:26:12.0607 4272 NDProxy - ok 23:26:12.0624 4272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:26:12.0624 4272 NetBIOS - ok 23:26:12.0637 4272 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:26:12.0639 4272 NetBT - ok 23:26:12.0652 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe 23:26:12.0652 4272 Netlogon - ok 23:26:12.0682 4272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 23:26:12.0687 4272 Netman - ok 23:26:12.0717 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:26:12.0717 4272 NetMsmqActivator - ok 23:26:12.0722 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:26:12.0722 4272 NetPipeActivator - ok 23:26:12.0732 4272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 23:26:12.0737 4272 netprofm - ok 23:26:12.0742 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:26:12.0742 4272 NetTcpActivator - ok 23:26:12.0747 4272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:26:12.0747 4272 NetTcpPortSharing - ok 23:26:12.0774 4272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:26:12.0777 4272 nfrd960 - ok 23:26:12.0792 4272 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 23:26:12.0794 4272 NlaSvc - ok 23:26:12.0809 4272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:26:12.0809 4272 Npfs - ok 23:26:12.0819 4272 npggsvc - ok 23:26:12.0822 4272 NPPTNT2 - ok 23:26:12.0842 4272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 23:26:12.0842 4272 nsi - ok 23:26:12.0857 4272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:26:12.0857 4272 nsiproxy - ok 23:26:12.0894 4272 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:26:12.0919 4272 Ntfs - ok 23:26:12.0929 4272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 23:26:12.0932 4272 Null - ok 23:26:12.0952 4272 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys 23:26:12.0954 4272 nvraid - ok 23:26:12.0959 4272 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys 23:26:12.0972 4272 nvstor - ok 23:26:12.0987 4272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 23:26:12.0987 4272 nv_agp - ok 23:26:13.0057 4272 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:26:13.0072 4272 odserv - ok 23:26:13.0090 4272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 23:26:13.0090 4272 ohci1394 - ok 23:26:13.0162 4272 [ 6FF6EF1CC25E558CF0335928B658D11E ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe 23:26:13.0162 4272 OpenVPNAccessClient - ok 23:26:13.0205 4272 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:26:13.0207 4272 ose - ok 23:26:13.0242 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:26:13.0247 4272 p2pimsvc - ok 23:26:13.0270 4272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 23:26:13.0285 4272 p2psvc - ok 23:26:13.0312 4272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:26:13.0315 4272 Parport - ok 23:26:13.0327 4272 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:26:13.0332 4272 partmgr - ok 23:26:13.0345 4272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:26:13.0347 4272 PcaSvc - ok 23:26:13.0357 4272 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 23:26:13.0360 4272 pci - ok 23:26:13.0372 4272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 23:26:13.0375 4272 pciide - ok 23:26:13.0392 4272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:26:13.0395 4272 pcmcia - ok 23:26:13.0410 4272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 23:26:13.0412 4272 pcw - ok 23:26:13.0432 4272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:26:13.0447 4272 PEAUTH - ok 23:26:13.0500 4272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 23:26:13.0527 4272 PeerDistSvc - ok 23:26:13.0590 4272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 23:26:13.0592 4272 PerfHost - ok 23:26:13.0650 4272 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 23:26:13.0677 4272 pla - ok 23:26:13.0702 4272 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:26:13.0710 4272 PlugPlay - ok 23:26:13.0752 4272 PnkBstrA - ok 23:26:13.0762 4272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:26:13.0765 4272 PNRPAutoReg - ok 23:26:13.0782 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:26:13.0787 4272 PNRPsvc - ok 23:26:13.0812 4272 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys 23:26:13.0812 4272 Point64 - ok 23:26:13.0845 4272 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:26:13.0860 4272 PolicyAgent - ok 23:26:13.0877 4272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 23:26:13.0882 4272 Power - ok 23:26:13.0910 4272 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:26:13.0912 4272 PptpMiniport - ok 23:26:13.0930 4272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:26:13.0930 4272 Processor - ok 23:26:13.0960 4272 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll 23:26:13.0962 4272 ProfSvc - ok 23:26:13.0977 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe 23:26:13.0980 4272 ProtectedStorage - ok 23:26:14.0005 4272 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:26:14.0007 4272 Psched - ok 23:26:14.0045 4272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:26:14.0072 4272 ql2300 - ok 23:26:14.0102 4272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:26:14.0122 4272 ql40xx - ok 23:26:14.0182 4272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 23:26:14.0197 4272 QWAVE - ok 23:26:14.0210 4272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:26:14.0212 4272 QWAVEdrv - ok 23:26:14.0227 4272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:26:14.0230 4272 RasAcd - ok 23:26:14.0265 4272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:26:14.0267 4272 RasAgileVpn - ok 23:26:14.0275 4272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 23:26:14.0277 4272 RasAuto - ok 23:26:14.0292 4272 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:26:14.0295 4272 Rasl2tp - ok 23:26:14.0315 4272 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 23:26:14.0330 4272 RasMan - ok 23:26:14.0347 4272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:26:14.0355 4272 RasPppoe - ok 23:26:14.0372 4272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:26:14.0375 4272 RasSstp - ok 23:26:14.0392 4272 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:26:14.0397 4272 rdbss - ok 23:26:14.0407 4272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:26:14.0410 4272 rdpbus - ok 23:26:14.0417 4272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:26:14.0417 4272 RDPCDD - ok 23:26:14.0440 4272 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 23:26:14.0442 4272 RDPDR - ok 23:26:14.0460 4272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:26:14.0460 4272 RDPENCDD - ok 23:26:14.0465 4272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:26:14.0467 4272 RDPREFMP - ok 23:26:14.0485 4272 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:26:14.0487 4272 RDPWD - ok 23:26:14.0510 4272 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:26:14.0512 4272 rdyboost - ok 23:26:14.0530 4272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 23:26:14.0532 4272 RemoteAccess - ok 23:26:14.0555 4272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:26:14.0560 4272 RemoteRegistry - ok 23:26:14.0597 4272 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 23:26:14.0600 4272 RFCOMM - ok 23:26:14.0637 4272 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 23:26:14.0640 4272 RimUsb - ok 23:26:14.0660 4272 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 23:26:14.0660 4272 RimVSerPort - ok 23:26:14.0685 4272 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 23:26:14.0685 4272 ROOTMODEM - ok 23:26:14.0717 4272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:26:14.0720 4272 RpcEptMapper - ok 23:26:14.0735 4272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 23:26:14.0737 4272 RpcLocator - ok 23:26:14.0750 4272 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 23:26:14.0755 4272 RpcSs - ok 23:26:14.0775 4272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:26:14.0775 4272 rspndr - ok 23:26:14.0802 4272 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 23:26:14.0805 4272 RTL8167 - ok 23:26:14.0827 4272 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys 23:26:14.0830 4272 s3cap - ok 23:26:14.0842 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe 23:26:14.0845 4272 SamSs - ok 23:26:14.0862 4272 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 23:26:14.0865 4272 sbp2port - ok 23:26:14.0882 4272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:26:14.0885 4272 SCardSvr - ok 23:26:14.0897 4272 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:26:14.0897 4272 scfilter - ok 23:26:14.0922 4272 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll 23:26:14.0940 4272 Schedule - ok 23:26:14.0962 4272 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:26:14.0962 4272 SCPolicySvc - ok 23:26:14.0972 4272 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:26:14.0975 4272 SDRSVC - ok 23:26:14.0992 4272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:26:14.0995 4272 secdrv - ok 23:26:15.0007 4272 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 23:26:15.0007 4272 seclogon - ok 23:26:15.0017 4272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 23:26:15.0020 4272 SENS - ok 23:26:15.0030 4272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:26:15.0032 4272 SensrSvc - ok 23:26:15.0045 4272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:26:15.0045 4272 Serenum - ok 23:26:15.0055 4272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:26:15.0057 4272 Serial - ok 23:26:15.0070 4272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:26:15.0072 4272 sermouse - ok 23:26:15.0095 4272 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 23:26:15.0097 4272 SessionEnv - ok 23:26:15.0107 4272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 23:26:15.0107 4272 sffdisk - ok 23:26:15.0125 4272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys 23:26:15.0125 4272 sffp_mmc - ok 23:26:15.0135 4272 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 23:26:15.0137 4272 sffp_sd - ok 23:26:15.0150 4272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:26:15.0150 4272 sfloppy - ok 23:26:15.0185 4272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:26:15.0190 4272 SharedAccess - ok 23:26:15.0227 4272 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:26:15.0235 4272 ShellHWDetection - ok 23:26:15.0257 4272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:26:15.0257 4272 SiSRaid2 - ok 23:26:15.0275 4272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:26:15.0277 4272 SiSRaid4 - ok 23:26:15.0312 4272 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 23:26:15.0315 4272 SkypeUpdate - ok 23:26:15.0345 4272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:26:15.0347 4272 Smb - ok 23:26:15.0385 4272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:26:15.0387 4272 SNMPTRAP - ok 23:26:15.0440 4272 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys 23:26:15.0442 4272 speedfan - ok 23:26:15.0470 4272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 23:26:15.0470 4272 spldr - ok 23:26:15.0492 4272 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe 23:26:15.0510 4272 Spooler - ok 23:26:15.0587 4272 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 23:26:15.0657 4272 sppsvc - ok 23:26:15.0672 4272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:26:15.0675 4272 sppuinotify - ok 23:26:15.0722 4272 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 23:26:15.0722 4272 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 23:26:15.0722 4272 sptd ( LockedFile.Multi.Generic ) - warning 23:26:15.0722 4272 sptd - detected LockedFile.Multi.Generic (1) 23:26:15.0755 4272 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:26:15.0760 4272 srv - ok 23:26:15.0787 4272 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:26:15.0790 4272 srv2 - ok 23:26:15.0807 4272 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:26:15.0807 4272 srvnet - ok 23:26:15.0832 4272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:26:15.0835 4272 SSDPSRV - ok 23:26:15.0845 4272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:26:15.0850 4272 SstpSvc - ok 23:26:15.0877 4272 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 23:26:15.0882 4272 ssudmdm - ok 23:26:15.0922 4272 Steam Client Service - ok 23:26:15.0950 4272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:26:15.0950 4272 stexstor - ok 23:26:15.0987 4272 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 23:26:16.0000 4272 stisvc - ok 23:26:16.0027 4272 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 23:26:16.0027 4272 storflt - ok 23:26:16.0040 4272 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys 23:26:16.0042 4272 storvsc - ok 23:26:16.0057 4272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 23:26:16.0060 4272 swenum - ok 23:26:16.0080 4272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 23:26:16.0087 4272 swprv - ok 23:26:16.0120 4272 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 23:26:16.0147 4272 SysMain - ok 23:26:16.0160 4272 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:26:16.0162 4272 TabletInputService - ok 23:26:16.0177 4272 [ E965FC7627862779BA31A4FCB7D0C1EF ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 23:26:16.0180 4272 tap0901 - ok 23:26:16.0200 4272 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys 23:26:16.0200 4272 taphss - ok 23:26:16.0217 4272 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 23:26:16.0222 4272 TapiSrv - ok 23:26:16.0257 4272 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys 23:26:16.0257 4272 tapoas - ok 23:26:16.0265 4272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 23:26:16.0267 4272 TBS - ok 23:26:16.0320 4272 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:26:16.0355 4272 Tcpip - ok 23:26:16.0397 4272 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:26:16.0407 4272 TCPIP6 - ok 23:26:16.0420 4272 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:26:16.0420 4272 tcpipreg - ok 23:26:16.0432 4272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:26:16.0435 4272 TDPIPE - ok 23:26:16.0445 4272 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:26:16.0445 4272 TDTCP - ok 23:26:16.0467 4272 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:26:16.0467 4272 tdx - ok 23:26:16.0595 4272 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 23:26:16.0617 4272 TeamViewer7 - ok 23:26:16.0630 4272 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 23:26:16.0632 4272 TermDD - ok 23:26:16.0660 4272 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 23:26:16.0672 4272 TermService - ok 23:26:16.0685 4272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 23:26:16.0687 4272 Themes - ok 23:26:16.0702 4272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 23:26:16.0705 4272 THREADORDER - ok 23:26:16.0725 4272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 23:26:16.0727 4272 TrkWks - ok 23:26:16.0772 4272 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 23:26:16.0775 4272 truecrypt - ok 23:26:16.0817 4272 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:26:16.0820 4272 TrustedInstaller - ok 23:26:16.0825 4272 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:26:16.0827 4272 tssecsrv - ok 23:26:16.0867 4272 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:26:16.0870 4272 tunnel - ok 23:26:16.0882 4272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:26:16.0885 4272 uagp35 - ok 23:26:16.0907 4272 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:26:16.0910 4272 udfs - ok 23:26:16.0942 4272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:26:16.0945 4272 UI0Detect - ok 23:26:16.0960 4272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 23:26:16.0960 4272 uliagpkx - ok 23:26:16.0982 4272 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 23:26:16.0985 4272 umbus - ok 23:26:16.0992 4272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:26:16.0995 4272 UmPass - ok 23:26:17.0020 4272 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll 23:26:17.0022 4272 UmRdpService - ok 23:26:17.0072 4272 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe 23:26:17.0072 4272 UnsignedThemes - ok 23:26:17.0107 4272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 23:26:17.0112 4272 upnphost - ok 23:26:17.0130 4272 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:26:17.0132 4272 usbccgp - ok 23:26:17.0155 4272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 23:26:17.0155 4272 usbcir - ok 23:26:17.0167 4272 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:26:17.0167 4272 usbehci - ok 23:26:17.0197 4272 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:26:17.0202 4272 usbhub - ok 23:26:17.0220 4272 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 23:26:17.0222 4272 usbohci - ok 23:26:17.0242 4272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:26:17.0242 4272 usbprint - ok 23:26:17.0260 4272 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:26:17.0262 4272 USBSTOR - ok 23:26:17.0277 4272 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:26:17.0280 4272 usbuhci - ok 23:26:17.0290 4272 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys 23:26:17.0290 4272 uxpatch - ok 23:26:17.0305 4272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 23:26:17.0310 4272 UxSms - ok 23:26:17.0317 4272 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe 23:26:17.0320 4272 VaultSvc - ok 23:26:17.0357 4272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 23:26:17.0360 4272 vdrvroot - ok 23:26:17.0377 4272 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 23:26:17.0392 4272 vds - ok 23:26:17.0410 4272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:26:17.0410 4272 vga - ok 23:26:17.0425 4272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 23:26:17.0425 4272 VgaSave - ok 23:26:17.0442 4272 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 23:26:17.0445 4272 vhdmp - ok 23:26:17.0455 4272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 23:26:17.0455 4272 viaide - ok 23:26:17.0477 4272 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys 23:26:17.0480 4272 vmbus - ok 23:26:17.0487 4272 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys 23:26:17.0487 4272 VMBusHID - ok 23:26:17.0497 4272 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 23:26:17.0500 4272 volmgr - ok 23:26:17.0515 4272 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:26:17.0520 4272 volmgrx - ok 23:26:17.0530 4272 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys 23:26:17.0532 4272 volsnap - ok 23:26:17.0552 4272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:26:17.0555 4272 vsmraid - ok 23:26:17.0595 4272 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 23:26:17.0620 4272 VSS - ok 23:26:17.0640 4272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:26:17.0640 4272 vwifibus - ok 23:26:17.0657 4272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 23:26:17.0662 4272 W32Time - ok 23:26:17.0675 4272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:26:17.0675 4272 WacomPen - ok 23:26:17.0697 4272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:26:17.0697 4272 WANARP - ok 23:26:17.0712 4272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:26:17.0712 4272 Wanarpv6 - ok 23:26:17.0757 4272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 23:26:17.0785 4272 WatAdminSvc - ok 23:26:17.0820 4272 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 23:26:17.0857 4272 wbengine - ok 23:26:17.0887 4272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:26:17.0892 4272 WbioSrvc - ok 23:26:17.0912 4272 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:26:17.0927 4272 wcncsvc - ok 23:26:17.0945 4272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:26:17.0947 4272 WcsPlugInService - ok 23:26:17.0970 4272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:26:17.0972 4272 Wd - ok 23:26:17.0997 4272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:26:18.0012 4272 Wdf01000 - ok 23:26:18.0022 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:26:18.0027 4272 WdiServiceHost - ok 23:26:18.0032 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:26:18.0037 4272 WdiSystemHost - ok 23:26:18.0057 4272 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll 23:26:18.0072 4272 WebClient - ok 23:26:18.0092 4272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:26:18.0097 4272 Wecsvc - ok 23:26:18.0112 4272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:26:18.0117 4272 wercplsupport - ok 23:26:18.0140 4272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 23:26:18.0142 4272 WerSvc - ok 23:26:18.0172 4272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:26:18.0172 4272 WfpLwf - ok 23:26:18.0185 4272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:26:18.0187 4272 WIMMount - ok 23:26:18.0197 4272 WinDefend - ok 23:26:18.0207 4272 WinHttpAutoProxySvc - ok 23:26:18.0250 4272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:26:18.0255 4272 Winmgmt - ok 23:26:18.0315 4272 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 23:26:18.0355 4272 WinRM - ok 23:26:18.0400 4272 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:26:18.0402 4272 WinUsb - ok 23:26:18.0437 4272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 23:26:18.0465 4272 Wlansvc - ok 23:26:18.0575 4272 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:26:18.0617 4272 wlidsvc - ok 23:26:18.0642 4272 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 23:26:18.0642 4272 WmBEnum - ok 23:26:18.0667 4272 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 23:26:18.0670 4272 WmFilter - ok 23:26:18.0682 4272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 23:26:18.0685 4272 WmiAcpi - ok 23:26:18.0710 4272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:26:18.0710 4272 wmiApSrv - ok 23:26:18.0742 4272 WMPNetworkSvc - ok 23:26:18.0752 4272 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 23:26:18.0755 4272 WmVirHid - ok 23:26:18.0775 4272 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 23:26:18.0777 4272 WmXlCore - ok 23:26:18.0792 4272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:26:18.0795 4272 WPCSvc - ok 23:26:18.0807 4272 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:26:18.0812 4272 WPDBusEnum - ok 23:26:18.0837 4272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:26:18.0837 4272 ws2ifsl - ok 23:26:18.0845 4272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 23:26:18.0850 4272 wscsvc - ok 23:26:18.0855 4272 WSearch - ok 23:26:18.0902 4272 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll 23:26:18.0950 4272 wuauserv - ok 23:26:18.0970 4272 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:26:18.0972 4272 WudfPf - ok 23:26:18.0982 4272 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:26:18.0985 4272 WUDFRd - ok 23:26:19.0000 4272 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:26:19.0002 4272 wudfsvc - ok 23:26:19.0015 4272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 23:26:19.0020 4272 WwanSvc - ok 23:26:19.0048 4272 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 23:26:19.0051 4272 xusb21 - ok 23:26:19.0086 4272 ================ Scan global =============================== 23:26:19.0103 4272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 23:26:19.0121 4272 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll 23:26:19.0136 4272 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll 23:26:19.0153 4272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 23:26:19.0181 4272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 23:26:19.0186 4272 [Global] - ok 23:26:19.0186 4272 ================ Scan MBR ================================== 23:26:19.0196 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 23:26:19.0568 4272 \Device\Harddisk0\DR0 - ok 23:26:19.0568 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 23:26:19.0611 4272 \Device\Harddisk1\DR1 - ok 23:26:19.0611 4272 ================ Scan VBR ================================== 23:26:19.0613 4272 [ 39C3CDCCB5DDA2A7D6D9EEC52BE683B8 ] \Device\Harddisk0\DR0\Partition1 23:26:19.0613 4272 \Device\Harddisk0\DR0\Partition1 - ok 23:26:19.0623 4272 [ 6428E826863F055B1A4E94ED31924093 ] \Device\Harddisk0\DR0\Partition2 23:26:19.0623 4272 \Device\Harddisk0\DR0\Partition2 - ok 23:26:19.0626 4272 [ 579CD46870C2F6CFA9962861E70FC392 ] \Device\Harddisk1\DR1\Partition1 23:26:19.0628 4272 \Device\Harddisk1\DR1\Partition1 - ok 23:26:19.0628 4272 ============================================================ 23:26:19.0628 4272 Scan finished 23:26:19.0628 4272 ============================================================ 23:26:19.0638 4576 Detected object count: 1 23:26:19.0638 4576 Actual detected object count: 1 23:27:00.0430 4576 sptd ( LockedFile.Multi.Generic ) - skipped by user 23:27:00.0430 4576 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 23:27:59.0138 3140 Deinitialize success RogueKiller V8.4.0 [Dec 20 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : FiaN [Admin rights] Mode : Scan -- Date : 12/23/2012 23:31:40 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{604AFE75-2B17-4487-AB5C-5F39A71B604B} : NameServer (10.85.40.1) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{604AFE75-2B17-4487-AB5C-5F39A71B604B} : NameServer (10.85.40.1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] b60c6e9e601d4aee33120901e7f70b7c [bSP] a0ce0ba8bcb6d3c7b35b83ac27ccafc1 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 7993 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16371712 | Size: 297249 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] 112632015c992eb27c16a9f774d63654 [bSP] 685ff115e1d8dcbf88b8deae8829da9f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12232012_02d2331.txt >> RKreport[1]_S_12232012_02d2331.txt
-
MBAR log: Malwarebytes Anti-Rootkit 1.01.0.1011 v2012.12.23.04 Windows 7 x64 NTFS 8.0.7600.16385 F**N :: F**N-PC 23/12/12 6:24:59 PM mbar-log-2012-12-23 (18-24-59).txt 33563 27 , 42 0 0 0 0 0 0 0 System log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, X:\ DRIVE_FIXED CPU speed: 2.926000 GHz Memory total: 4294103040, free: 2617991168 ------------ Kernel report ------------ 12/23/2012 17:55:36 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\spxt.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\ehdrv.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\drivers\truecrypt.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\System32\Drivers\abj9ae2j.SYS \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\vrtaucbl.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\HssDrv.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\taphss.sys \SystemRoot\system32\DRIVERS\tapoas.sys \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\drivers\WmBEnum.sys \SystemRoot\system32\drivers\WmXlCore.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\xusb21.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64k.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\eamon.sys \SystemRoot\system32\drivers\WudfPf.sys \??\C:\Windows\system32\drivers\uxpatch.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz135_x64.sys \SystemRoot\system32\DRIVERS\epfwwfpr.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\WmVirHid.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\msctf.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\sechost.dll \Windows\System32\nsi.dll \Windows\System32\normaliz.dll \Windows\System32\ws2_32.dll \Windows\System32\oleaut32.dll \Windows\System32\rpcrt4.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\shell32.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\difxapi.dll \Windows\System32\comdlg32.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\imm32.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll \Windows\System32\iertutil.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8005b04790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xfffffa8005934b70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8005afa790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xfffffa800592eb70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8005af8790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xfffffa8005931b70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8005af6790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xfffffa8005930b70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8005af4790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000084\ Lower Device Object: 0xfffffa8005923b70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80049d5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xfffffa8004868060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80049d4060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004857060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2012.12.23.04 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80049d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80049d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80049d4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048789b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004857060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a011a5c540, 0xfffffa80049d4060, 0xfffffa8005edc790 Lower DeviceData: 0xfffff8a012866940, 0xfffffa8004857060, 0xfffffa8004826c70 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: DE4DFC5D Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 16369664 Partition file system is FAT32 Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 16371712 Numsec = 608765952 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa80049d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80049d5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80049d5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048854e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004868060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a012b9bf50, 0xfffffa80049d5060, 0xfffffa8005e65790 Lower DeviceData: 0xfffff8a012595860, 0xfffffa8004868060, 0xfffffa800674b090 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 8B0783E1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8005af4790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005937910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005af4790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005923b70, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8005af6790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005936b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005af6790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005930b70, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8005af8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005935b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005af8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005931b70, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8005afa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005938b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005afa790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800592eb70, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8005b04790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005939b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005b04790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005934b70, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished =======================================
-
Sorry about that, only reason I had that was to download an MMO client. It's completely disabled now.
-
Hehe, sorry about that. Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 12/23/2012 05:03:05 PM in x64 mode. Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Possibly Patched Files. * C:\Windows\Explorer.EXE Checking Registry for malware related settings: * Advanced Explorer Setting Removed: HideIcons [HKCU] * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\FiaN\Desktop\rkill\rkill-12-23-2012-05-03-20.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * C:\Windows\explorer.exe [NoSig] +-> C:\Windows\SysWOW64\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl] +-> C:\Windows\W7SOC\explorer.exe : 2,870,272 : 01/09/2011 05:57 PM : 45dfd444ea07d50efa17277228403f85 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe : 2,868,224 : 07/14/2009 00:39 AM : c235a51cb740e45ffa0ebfb9bafcda64 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe : 2,868,224 : 08/03/2009 00:17 AM : f170b4a061c9e026437b193b4d571799 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe : 2,870,272 : 10/31/2009 00:34 AM : 9aaaec8dac27aa17b053e6352ad233ae [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe : 2,868,224 : 08/03/2009 00:19 AM : 700073016dac1c3d2e7e2ce4223334b6 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe : 2,870,272 : 10/31/2009 00:38 AM : b8ec4bd49ce8f6fc457721bfc210b67f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe : 2,613,248 : 07/14/2009 00:14 AM : 15bc38a7492befe831966adb477cf76f [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe : 2,613,248 : 08/03/2009 00:35 AM : b95eeb0f4e5efbf1038a35b3351cf047 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe : 2,614,272 : 10/31/2009 00:45 AM : 2626fc9755be22f805d3cfa0ce3ee727 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe : 2,613,248 : 08/03/2009 00:49 AM : 9ff6c4c91a3711c0a3b18f87b08b518d [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe : 2,614,272 : 10/31/2009 00:00 AM : c76153c7eca00fa852bb0c193378f917 [Pos Repl] Checking HOSTS File: * No issues found. Program finished at: 12/23/2012 05:04:15 PM Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)