Jump to content
hg341

redirect on google plus svchost.exe is hoging bandwith

Recommended Posts

Hello hg341 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall µTorrent.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

walked away from computer got bsod during dds scan had to redo every thing

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.08.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Thomas :: THOMAS-PC [administrator]

Protection: Enabled

7/8/2012 12:09:44 PM

mbam-log-2012-07-08 (12-09-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232490

Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR.txt

Attach.txt

DDS.txt

TDSSKiller.2.7.44.0_08.07.2012_10.49.09_log.txt

Share this post


Link to post
Share on other sites

Please follow my instructions:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Copy&Paste the entire report in your next reply.
On completion of the scan click save log, save it to your desktop and post in your next reply
In your next reply, post the following log files:

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-08 12:19:29

-----------------------------

12:19:29.071 OS Version: Windows x64 6.1.7601 Service Pack 1

12:19:29.071 Number of processors: 8 586 0x2A07

12:19:29.071 ComputerName: THOMAS-PC UserName: Thomas

12:19:32.769 Initialize success

12:28:24.161 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

12:28:24.171 Disk 0 Vendor: WDC_WD10 17.0 Size: 953869MB BusType: 3

12:28:24.191 Disk 0 MBR read successfully

12:28:24.191 Disk 0 MBR scan

12:28:24.201 Disk 0 Windows 7 default MBR code

12:28:24.201 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

12:28:24.201 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13566 MB offset 81920

12:28:24.221 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 940261 MB offset 27865088

12:28:24.231 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**

12:28:24.231 Disk 0 scanning C:\Windows\system32\drivers

12:28:28.167 Service scanning

12:28:40.436 Modules scanning

12:28:40.436 Disk 0 trace - called modules:

12:28:40.456 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

12:28:40.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092f3790]

12:28:40.786 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007845050]

12:28:40.796 Scan finished successfully

12:29:04.172 Disk 0 MBR has been saved successfully to "C:\Users\Thomas\Desktop\New folder\MBR.dat"

12:29:04.172 The log file has been saved successfully to "C:\Users\Thomas\Desktop\New folder\aswMBR.txt"

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Thomas at 12:29:25 on 2012-07-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5411 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\dleacoms.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Thomas\Desktop\icons\Skype.exe

C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [skype] "C:\Users\Thomas\Desktop\icons\Skype.exe" /nosplash /minimized

uRun: [$Volumouse$] "C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe" /nodlg

uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [<NO NAME>]

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{ECE5FA19-E0FF-47EE-8CAA-5E8282107F06} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{ECE5FA19-E0FF-47EE-8CAA-5E8282107F06}\07162737F6E6167656 : DhcpNameServer = 12.189.32.61 192.168.1.1

TCP: Interfaces\{ECE5FA19-E0FF-47EE-8CAA-5E8282107F06}\07162737F6E6167656D27657563747 : DhcpNameServer = 12.189.32.61 192.168.33.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\y4q93t3p.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-8 8704]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-7-7 108392]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-19 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/19 10:35:04;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dleaserv.exe [2011-8-13 45224]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250056]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]

S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-08 04:52:15 -------- d-----w- C:\Program Files (x86)\Exato Game Studios

2012-07-08 04:51:53 -------- d-----w- C:\ProgramData\Package Cache

2012-07-08 02:54:12 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Malwarebytes

2012-07-08 02:54:09 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-08 02:54:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-08 02:54:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-08 02:21:08 -------- d-----w- C:\Users\Thomas\AppData\Local\Macromedia

2012-07-07 04:33:46 -------- d-----w- C:\Program Files\HitmanPro

2012-07-07 04:33:37 -------- d-----w- C:\ProgramData\HitmanPro

2012-07-06 15:18:26 -------- d-----w- C:\Program Files (x86)\PCSX2 0.9.8

.

==================== Find3M ====================

.

2012-07-08 02:18:40 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-08 02:18:40 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-19 03:04:06 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-25 00:36:41 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-05-12 16:31:00 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys

2012-04-30 16:53:09 86016 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-04-30 16:53:09 426496 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-04-30 16:53:09 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-04-30 16:53:09 116736 ----a-w- C:\Windows\System32\OpenAL32.dll

.

============= FINISH: 12:29:36.20 ===============

10:49:09.0495 5440 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

10:49:11.0292 5440 ============================================================

10:49:11.0292 5440 Current date / time: 2012/07/08 10:49:11.0292

10:49:11.0292 5440 SystemInfo:

10:49:11.0292 5440

10:49:11.0292 5440 OS Version: 6.1.7601 ServicePack: 1.0

10:49:11.0292 5440 Product type: Workstation

10:49:11.0292 5440 ComputerName: THOMAS-PC

10:49:11.0292 5440 UserName: Thomas

10:49:11.0292 5440 Windows directory: C:\Windows

10:49:11.0292 5440 System windows directory: C:\Windows

10:49:11.0292 5440 Running under WOW64

10:49:11.0292 5440 Processor architecture: Intel x64

10:49:11.0292 5440 Number of processors: 8

10:49:11.0292 5440 Page size: 0x1000

10:49:11.0292 5440 Boot type: Normal boot

10:49:11.0292 5440 ============================================================

10:49:11.0542 5440 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:49:11.0552 5440 Drive \Device\Harddisk1\DR1 - Size: 0x3CA3FFE00 (15.16 Gb), SectorSize: 0x200, Cylinders: 0x7BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:49:11.0562 5440 ============================================================

10:49:11.0562 5440 \Device\Harddisk0\DR0:

10:49:11.0562 5440 MBR partitions:

10:49:11.0562 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A7F000

10:49:11.0562 5440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A93000, BlocksNum 0x72C72800

10:49:11.0562 5440 \Device\Harddisk1\DR1:

10:49:11.0562 5440 MBR partitions:

10:49:11.0562 5440 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E51FDF

10:49:11.0562 5440 ============================================================

10:49:11.0602 5440 C: <-> \Device\Harddisk0\DR0\Partition1

10:49:11.0602 5440 ============================================================

10:49:11.0602 5440 Initialize success

10:49:11.0602 5440 ============================================================

10:49:16.0412 2924 ============================================================

10:49:16.0412 2924 Scan started

10:49:16.0412 2924 Mode: Manual; SigCheck; TDLFS;

10:49:16.0412 2924 ============================================================

10:49:18.0242 2924 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:49:18.0285 2924 1394ohci - ok

10:49:18.0329 2924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:49:18.0341 2924 ACPI - ok

10:49:18.0363 2924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:49:18.0374 2924 AcpiPmi - ok

10:49:18.0467 2924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:49:18.0476 2924 AdobeARMservice - ok

10:49:18.0597 2924 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:49:18.0605 2924 AdobeFlashPlayerUpdateSvc - ok

10:49:18.0659 2924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:49:18.0675 2924 adp94xx - ok

10:49:18.0722 2924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:49:18.0735 2924 adpahci - ok

10:49:18.0752 2924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:49:18.0758 2924 adpu320 - ok

10:49:18.0781 2924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:49:18.0818 2924 AeLookupSvc - ok

10:49:18.0905 2924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:49:18.0925 2924 AFD - ok

10:49:18.0961 2924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:49:18.0971 2924 agp440 - ok

10:49:18.0993 2924 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:49:19.0004 2924 ALG - ok

10:49:19.0025 2924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:49:19.0033 2924 aliide - ok

10:49:19.0085 2924 AMD External Events Utility (c8a4c897ab335d885d0ecb9357d1638f) C:\Windows\system32\atiesrxx.exe

10:49:19.0101 2924 AMD External Events Utility - ok

10:49:19.0143 2924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:49:19.0152 2924 amdide - ok

10:49:19.0180 2924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:49:19.0193 2924 AmdK8 - ok

10:49:19.0523 2924 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys

10:49:19.0620 2924 amdkmdag - ok

10:49:19.0741 2924 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys

10:49:19.0761 2924 amdkmdap - ok

10:49:19.0798 2924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:49:19.0811 2924 AmdPPM - ok

10:49:19.0853 2924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:49:19.0865 2924 amdsata - ok

10:49:19.0879 2924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:49:19.0892 2924 amdsbs - ok

10:49:19.0913 2924 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:49:19.0918 2924 amdxata - ok

10:49:19.0951 2924 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:49:19.0986 2924 AppID - ok

10:49:20.0022 2924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:49:20.0053 2924 AppIDSvc - ok

10:49:20.0070 2924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:49:20.0090 2924 Appinfo - ok

10:49:20.0158 2924 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

10:49:20.0170 2924 AppMgmt - ok

10:49:20.0192 2924 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:49:20.0199 2924 arc - ok

10:49:20.0225 2924 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:49:20.0232 2924 arcsas - ok

10:49:20.0311 2924 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:49:20.0319 2924 aspnet_state - ok

10:49:20.0337 2924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:49:20.0359 2924 AsyncMac - ok

10:49:20.0529 2924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:49:20.0539 2924 atapi - ok

10:49:20.0604 2924 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys

10:49:20.0625 2924 AtiHDAudioService - ok

10:49:20.0704 2924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:49:20.0742 2924 AudioEndpointBuilder - ok

10:49:20.0746 2924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:49:20.0769 2924 AudioSrv - ok

10:49:20.0808 2924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:49:20.0825 2924 AxInstSV - ok

10:49:20.0878 2924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:49:20.0892 2924 b06bdrv - ok

10:49:20.0927 2924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:49:20.0938 2924 b57nd60a - ok

10:49:21.0221 2924 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:49:21.0264 2924 BCM43XX - ok

10:49:21.0359 2924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:49:21.0373 2924 BDESVC - ok

10:49:21.0735 2924 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:49:21.0763 2924 Beep - ok

10:49:21.0840 2924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:49:21.0879 2924 BITS - ok

10:49:21.0906 2924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:49:21.0919 2924 blbdrive - ok

10:49:21.0942 2924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:49:21.0955 2924 bowser - ok

10:49:21.0964 2924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:49:21.0971 2924 BrFiltLo - ok

10:49:21.0974 2924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:49:21.0982 2924 BrFiltUp - ok

10:49:22.0001 2924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:49:22.0022 2924 Browser - ok

10:49:22.0063 2924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:49:22.0080 2924 Brserid - ok

10:49:22.0110 2924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:49:22.0119 2924 BrSerWdm - ok

10:49:22.0145 2924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:49:22.0161 2924 BrUsbMdm - ok

Share this post


Link to post
Share on other sites

10:49:22.0166 2924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:49:22.0175 2924 BrUsbSer - ok

10:49:22.0199 2924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:49:22.0213 2924 BTHMODEM - ok

10:49:22.0248 2924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:49:22.0269 2924 bthserv - ok

10:49:22.0301 2924 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:49:22.0322 2924 cdfs - ok

10:49:22.0371 2924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:49:22.0383 2924 cdrom - ok

10:49:22.0413 2924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:49:22.0447 2924 CertPropSvc - ok

10:49:22.0467 2924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:49:22.0475 2924 circlass - ok

10:49:22.0511 2924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:49:22.0519 2924 CLFS - ok

10:49:22.0621 2924 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe

10:49:22.0628 2924 CLKMSVC10_9EC60124 - ok

10:49:22.0679 2924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:49:22.0684 2924 clr_optimization_v2.0.50727_32 - ok

10:49:22.0725 2924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:49:22.0734 2924 clr_optimization_v2.0.50727_64 - ok

10:49:22.0783 2924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:49:22.0793 2924 clr_optimization_v4.0.30319_32 - ok

10:49:22.0836 2924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:49:22.0845 2924 clr_optimization_v4.0.30319_64 - ok

10:49:22.0909 2924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:49:22.0915 2924 CmBatt - ok

10:49:22.0917 2924 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:49:22.0922 2924 cmdide - ok

10:49:22.0983 2924 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:49:23.0009 2924 CNG - ok

10:49:23.0014 2924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:49:23.0019 2924 Compbatt - ok

10:49:23.0049 2924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:49:23.0071 2924 CompositeBus - ok

10:49:23.0099 2924 COMSysApp - ok

10:49:23.0111 2924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:49:23.0121 2924 crcdisk - ok

10:49:23.0152 2924 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

10:49:23.0184 2924 CryptSvc - ok

10:49:23.0246 2924 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

10:49:23.0265 2924 CSC - ok

10:49:23.0324 2924 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

10:49:23.0343 2924 CscService - ok

10:49:23.0408 2924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:49:23.0444 2924 DcomLaunch - ok

10:49:23.0517 2924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:49:23.0557 2924 defragsvc - ok

10:49:23.0606 2924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:49:23.0645 2924 DfsC - ok

10:49:23.0697 2924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:49:23.0737 2924 Dhcp - ok

10:49:23.0764 2924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:49:23.0799 2924 discache - ok

10:49:23.0880 2924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:49:23.0890 2924 Disk - ok

10:49:23.0949 2924 dleaCATSCustConnectService (1017d70abe5483f40c10b7774397d120) C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe

10:49:23.0958 2924 dleaCATSCustConnectService - ok

10:49:23.0999 2924 dlea_device - ok

10:49:24.0023 2924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:49:24.0036 2924 Dnscache - ok

10:49:24.0097 2924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:49:24.0131 2924 dot3svc - ok

10:49:24.0157 2924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:49:24.0177 2924 DPS - ok

10:49:24.0241 2924 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

10:49:24.0254 2924 DragonSvc - ok

10:49:24.0284 2924 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:49:24.0291 2924 drmkaud - ok

10:49:24.0348 2924 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

10:49:24.0361 2924 dtsoftbus01 - ok

10:49:24.0375 2924 dump_wmimmc - ok

10:49:24.0434 2924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:49:24.0454 2924 DXGKrnl - ok

10:49:24.0471 2924 EagleX64 - ok

10:49:24.0487 2924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:49:24.0521 2924 EapHost - ok

10:49:24.0660 2924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:49:24.0690 2924 ebdrv - ok

10:49:24.0786 2924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:49:24.0792 2924 EFS - ok

10:49:24.0853 2924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:49:24.0874 2924 ehRecvr - ok

10:49:24.0888 2924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:49:24.0895 2924 ehSched - ok

10:49:24.0953 2924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:49:24.0972 2924 elxstor - ok

10:49:24.0981 2924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:49:24.0993 2924 ErrDev - ok

10:49:25.0028 2924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:49:25.0064 2924 EventSystem - ok

10:49:25.0205 2924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:49:25.0241 2924 exfat - ok

10:49:25.0342 2924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:49:25.0382 2924 fastfat - ok

10:49:25.0466 2924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:49:25.0488 2924 Fax - ok

10:49:25.0506 2924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:49:25.0512 2924 fdc - ok

10:49:25.0517 2924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:49:25.0537 2924 fdPHost - ok

10:49:25.0549 2924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:49:25.0569 2924 FDResPub - ok

10:49:25.0589 2924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:49:25.0596 2924 FileInfo - ok

10:49:25.0603 2924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:49:25.0633 2924 Filetrace - ok

10:49:25.0741 2924 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

10:49:25.0768 2924 FLEXnet Licensing Service - ok

10:49:25.0773 2924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:49:25.0779 2924 flpydisk - ok

10:49:25.0819 2924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:49:25.0826 2924 FltMgr - ok

10:49:25.0921 2924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:49:25.0949 2924 FontCache - ok

10:49:26.0006 2924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:49:26.0014 2924 FontCache3.0.0.0 - ok

10:49:26.0037 2924 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:49:26.0048 2924 FsDepends - ok

10:49:26.0079 2924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:49:26.0088 2924 Fs_Rec - ok

10:49:26.0122 2924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:49:26.0139 2924 fvevol - ok

10:49:26.0152 2924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:49:26.0162 2924 gagp30kx - ok

10:49:26.0218 2924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:49:26.0261 2924 gpsvc - ok

10:49:26.0303 2924 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

10:49:26.0308 2924 hamachi - ok

10:49:26.0327 2924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:49:26.0334 2924 hcw85cir - ok

10:49:26.0370 2924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:49:26.0388 2924 HdAudAddService - ok

10:49:26.0417 2924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:49:26.0434 2924 HDAudBus - ok

10:49:26.0444 2924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:49:26.0456 2924 HidBatt - ok

10:49:26.0469 2924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:49:26.0477 2924 HidBth - ok

10:49:26.0495 2924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:49:26.0504 2924 HidIr - ok

10:49:26.0516 2924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:49:26.0537 2924 hidserv - ok

10:49:26.0559 2924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:49:26.0565 2924 HidUsb - ok

10:49:26.0658 2924 HiPatchService (7388756bc5f9fe857c400e340b878af2) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

10:49:26.0660 2924 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

10:49:26.0660 2924 HiPatchService - detected UnsignedFile.Multi.Generic (1)

10:49:26.0744 2924 HitmanProScheduler (f9d7af93b7171d566f533e4401393fc0) C:\Program Files\HitmanPro\hmpsched.exe

10:49:26.0754 2924 HitmanProScheduler - ok

10:49:26.0768 2924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:49:26.0799 2924 hkmsvc - ok

10:49:26.0821 2924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:49:26.0829 2924 HomeGroupListener - ok

10:49:26.0851 2924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:49:26.0858 2924 HomeGroupProvider - ok

10:49:26.0882 2924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:49:26.0887 2924 HpSAMD - ok

10:49:26.0936 2924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:49:26.0962 2924 HTTP - ok

10:49:26.0972 2924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:49:26.0977 2924 hwpolicy - ok

10:49:27.0007 2924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:49:27.0020 2924 i8042prt - ok

10:49:27.0054 2924 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys

10:49:27.0062 2924 iaStor - ok

10:49:27.0235 2924 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

10:49:27.0242 2924 IAStorDataMgrSvc - ok

10:49:27.0294 2924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:49:27.0312 2924 iaStorV - ok

10:49:27.0409 2924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:49:27.0421 2924 idsvc - ok

10:49:27.0436 2924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:49:27.0441 2924 iirsp - ok

10:49:27.0504 2924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:49:27.0529 2924 IKEEXT - ok

10:49:27.0554 2924 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

10:49:27.0560 2924 Impcd - ok

10:49:27.0682 2924 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys

10:49:27.0714 2924 IntcAzAudAddService - ok

10:49:27.0805 2924 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

10:49:27.0819 2924 IntcDAud - ok

10:49:27.0832 2924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:49:27.0841 2924 intelide - ok

10:49:27.0852 2924 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:49:27.0858 2924 intelppm - ok

10:49:27.0887 2924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:49:27.0908 2924 IPBusEnum - ok

10:49:27.0920 2924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:49:27.0940 2924 IpFilterDriver - ok

10:49:27.0945 2924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:49:27.0952 2924 IPMIDRV - ok

10:49:27.0964 2924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:49:27.0999 2924 IPNAT - ok

10:49:28.0025 2924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:49:28.0043 2924 IRENUM - ok

10:49:28.0055 2924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:49:28.0060 2924 isapnp - ok

10:49:28.0077 2924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:49:28.0084 2924 iScsiPrt - ok

10:49:28.0126 2924 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys

10:49:28.0134 2924 k57nd60a - ok

10:49:28.0147 2924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:49:28.0152 2924 kbdclass - ok

10:49:28.0168 2924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:49:28.0174 2924 kbdhid - ok

10:49:28.0203 2924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:49:28.0215 2924 KeyIso - ok

10:49:28.0226 2924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:49:28.0237 2924 KSecDD - ok

10:49:28.0285 2924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:49:28.0295 2924 KSecPkg - ok

10:49:28.0301 2924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:49:28.0330 2924 ksthunk - ok

10:49:28.0366 2924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:49:28.0397 2924 KtmRm - ok

10:49:28.0438 2924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:49:28.0476 2924 LanmanServer - ok

10:49:28.0496 2924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:49:28.0521 2924 LanmanWorkstation - ok

10:49:28.0549 2924 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:49:28.0573 2924 lltdio - ok

10:49:28.0607 2924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:49:28.0631 2924 lltdsvc - ok

10:49:28.0644 2924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:49:28.0666 2924 lmhosts - ok

10:49:28.0694 2924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:49:28.0699 2924 LSI_FC - ok

10:49:28.0719 2924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:49:28.0725 2924 LSI_SAS - ok

10:49:28.0740 2924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:49:28.0745 2924 LSI_SAS2 - ok

10:49:28.0754 2924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:49:28.0759 2924 LSI_SCSI - ok

10:49:28.0794 2924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:49:28.0814 2924 luafv - ok

10:49:28.0858 2924 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys

10:49:28.0862 2924 LVUSBS64 - ok

10:49:28.0912 2924 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

10:49:28.0922 2924 MBAMProtector - ok

10:49:29.0007 2924 MBAMService (27531f504e618b6d6560704301c46340) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:49:29.0012 2924 Suspicious file (Forged): C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe. Real md5: 27531f504e618b6d6560704301c46340, Fake md5: ba400ed640bca1eae5c727ae17c10207

10:49:29.0013 2924 MBAMService ( ForgedFile.Multi.Generic ) - warning

10:49:29.0013 2924 MBAMService - detected ForgedFile.Multi.Generic (1)

10:49:29.0048 2924 McMPFSvc - ok

10:49:29.0073 2924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:49:29.0088 2924 Mcx2Svc - ok

10:49:29.0104 2924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:49:29.0109 2924 megasas - ok

10:49:29.0147 2924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:49:29.0154 2924 MegaSR - ok

10:49:29.0227 2924 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys

10:49:29.0236 2924 MEIx64 - ok

10:49:29.0262 2924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:49:29.0294 2924 MMCSS - ok

10:49:29.0305 2924 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:49:29.0326 2924 Modem - ok

10:49:29.0335 2924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:49:29.0343 2924 monitor - ok

10:49:29.0390 2924 MotioninJoyXFilter (c030f9e822a057c1a7a9bb4ea3e8877e) C:\Windows\system32\DRIVERS\MijXfilt.sys

10:49:29.0400 2924 MotioninJoyXFilter - ok

10:49:29.0411 2924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:49:29.0421 2924 mouclass - ok

10:49:29.0431 2924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:49:29.0442 2924 mouhid - ok

10:49:29.0467 2924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:49:29.0477 2924 mountmgr - ok

10:49:29.0490 2924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:49:29.0500 2924 mpio - ok

10:49:29.0517 2924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:49:29.0540 2924 mpsdrv - ok

10:49:29.0548 2924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:49:29.0558 2924 MRxDAV - ok

10:49:29.0584 2924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:49:29.0598 2924 mrxsmb - ok

10:49:29.0654 2924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:49:29.0670 2924 mrxsmb10 - ok

10:49:29.0685 2924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:49:29.0691 2924 mrxsmb20 - ok

10:49:29.0709 2924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:49:29.0714 2924 msahci - ok

10:49:29.0727 2924 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:49:29.0733 2924 msdsm - ok

10:49:29.0755 2924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:49:29.0763 2924 MSDTC - ok

10:49:29.0780 2924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:49:29.0806 2924 Msfs - ok

10:49:29.0825 2924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:49:29.0844 2924 mshidkmdf - ok

10:49:29.0852 2924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:49:29.0856 2924 msisadrv - ok

10:49:29.0878 2924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:49:29.0900 2924 MSiSCSI - ok

10:49:29.0901 2924 msiserver - ok

10:49:29.0919 2924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:49:29.0942 2924 MSKSSRV - ok

10:49:29.0948 2924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:49:29.0968 2924 MSPCLOCK - ok

10:49:29.0970 2924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:49:29.0990 2924 MSPQM - ok

10:49:30.0015 2924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:49:30.0023 2924 MsRPC - ok

10:49:30.0026 2924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

10:49:30.0031 2924 mssmbios - ok

10:49:30.0033 2924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:49:30.0053 2924 MSTEE - ok

10:49:30.0058 2924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:49:30.0065 2924 MTConfig - ok

10:49:30.0073 2924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:49:30.0078 2924 Mup - ok

10:49:30.0114 2924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:49:30.0138 2924 napagent - ok

10:49:30.0175 2924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:49:30.0186 2924 NativeWifiP - ok

10:49:30.0257 2924 NDIS (2c9eab3138a88016da9bdd5be08d018f) C:\Windows\system32\drivers\ndis.sys

10:49:30.0264 2924 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 2c9eab3138a88016da9bdd5be08d018f, Fake md5: c38b8ae57f78915905064a9a24dc1586

10:49:30.0266 2924 NDIS ( ForgedFile.Multi.Generic ) - warning

10:49:30.0266 2924 NDIS - detected ForgedFile.Multi.Generic (1)

10:49:30.0274 2924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:49:30.0310 2924 NdisCap - ok

10:49:30.0335 2924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:49:30.0355 2924 NdisTapi - ok

10:49:30.0360 2924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:49:30.0380 2924 Ndisuio - ok

10:49:30.0411 2924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:49:30.0431 2924 NdisWan - ok

10:49:30.0452 2924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:49:30.0473 2924 NDProxy - ok

10:49:30.0476 2924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:49:30.0496 2924 NetBIOS - ok

10:49:30.0520 2924 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:49:30.0541 2924 NetBT - ok

10:49:30.0558 2924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:49:30.0564 2924 Netlogon - ok

10:49:30.0606 2924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:49:30.0643 2924 Netman - ok

10:49:30.0705 2924 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:49:30.0714 2924 NetMsmqActivator - ok

10:49:30.0718 2924 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:49:30.0725 2924 NetPipeActivator - ok

10:49:30.0756 2924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:49:30.0794 2924 netprofm - ok

10:49:30.0795 2924 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:49:30.0800 2924 NetTcpActivator - ok

10:49:30.0802 2924 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:49:30.0806 2924 NetTcpPortSharing - ok

10:49:30.0848 2924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:49:30.0858 2924 nfrd960 - ok

10:49:30.0902 2924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:49:30.0924 2924 NlaSvc - ok

10:49:30.0939 2924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:49:30.0959 2924 Npfs - ok

10:49:30.0961 2924 NPPTNT2 - ok

10:49:30.0967 2924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:49:30.0988 2924 nsi - ok

10:49:30.0990 2924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:49:31.0010 2924 nsiproxy - ok

10:49:31.0117 2924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:49:31.0150 2924 Ntfs - ok

10:49:31.0209 2924 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:49:31.0242 2924 Null - ok

10:49:31.0273 2924 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys

10:49:31.0279 2924 nusb3hub - ok

10:49:31.0311 2924 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys

10:49:31.0322 2924 nusb3xhc - ok

10:49:31.0355 2924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:49:31.0367 2924 nvraid - ok

10:49:31.0387 2924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:49:31.0399 2924 nvstor - ok

10:49:31.0432 2924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:49:31.0443 2924 nv_agp - ok

10:49:31.0452 2924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:49:31.0465 2924 ohci1394 - ok

10:49:31.0521 2924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:49:31.0531 2924 ose - ok

10:49:31.0776 2924 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:49:31.0827 2924 osppsvc - ok

10:49:31.0923 2924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:49:31.0940 2924 p2pimsvc - ok

10:49:31.0975 2924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:49:31.0985 2924 p2psvc - ok

10:49:32.0007 2924 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:49:32.0017 2924 Parport - ok

10:49:32.0028 2924 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:49:32.0035 2924 partmgr - ok

10:49:32.0057 2924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:49:32.0073 2924 PcaSvc - ok

10:49:32.0156 2924 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

10:49:32.0190 2924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:49:32.0203 2924 pci - ok

10:49:32.0229 2924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:49:32.0233 2924 pciide - ok

10:49:32.0253 2924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:49:32.0266 2924 pcmcia - ok

10:49:32.0280 2924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:49:32.0286 2924 pcw - ok

10:49:32.0326 2924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:49:32.0359 2924 PEAUTH - ok

10:49:32.0442 2924 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

10:49:32.0467 2924 PeerDistSvc - ok

10:49:32.0534 2924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:49:32.0548 2924 PerfHost - ok

10:49:32.0751 2924 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS

10:49:32.0785 2924 PID_PEPI - ok

10:49:32.0899 2924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:49:32.0935 2924 pla - ok

10:49:32.0988 2924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:49:33.0007 2924 PlugPlay - ok

10:49:33.0018 2924 PnkBstrA - ok

10:49:33.0036 2924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:49:33.0049 2924 PNRPAutoReg - ok

10:49:33.0106 2924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:49:33.0123 2924 PNRPsvc - ok

10:49:33.0178 2924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:49:33.0215 2924 PolicyAgent - ok

10:49:33.0264 2924 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:49:33.0306 2924 Power - ok

10:49:33.0370 2924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:49:33.0401 2924 PptpMiniport - ok

10:49:33.0411 2924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:49:33.0417 2924 Processor - ok

10:49:33.0440 2924 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

10:49:33.0470 2924 ProfSvc - ok

10:49:33.0511 2924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:49:33.0523 2924 ProtectedStorage - ok

10:49:33.0532 2924 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:49:33.0557 2924 Psched - ok

10:49:33.0585 2924 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

10:49:33.0589 2924 PxHlpa64 - ok

10:49:33.0660 2924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:49:33.0680 2924 ql2300 - ok

10:49:33.0738 2924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:49:33.0750 2924 ql40xx - ok

10:49:33.0776 2924 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:49:33.0787 2924 QWAVE - ok

10:49:33.0801 2924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:49:33.0811 2924 QWAVEdrv - ok

10:49:33.0817 2924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:49:33.0838 2924 RasAcd - ok

10:49:33.0870 2924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:49:33.0907 2924 RasAgileVpn - ok

10:49:33.0912 2924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:49:33.0933 2924 RasAuto - ok

10:49:33.0959 2924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:49:33.0994 2924 Rasl2tp - ok

10:49:34.0019 2924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:49:34.0042 2924 RasMan - ok

10:49:34.0059 2924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:49:34.0080 2924 RasPppoe - ok

10:49:34.0091 2924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:49:34.0111 2924 RasSstp - ok

10:49:34.0138 2924 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:49:34.0175 2924 rdbss - ok

10:49:34.0181 2924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:49:34.0189 2924 rdpbus - ok

10:49:34.0207 2924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:49:34.0227 2924 RDPCDD - ok

10:49:34.0253 2924 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

10:49:34.0259 2924 RDPDR - ok

10:49:34.0264 2924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:49:34.0285 2924 RDPENCDD - ok

10:49:34.0293 2924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:49:34.0313 2924 RDPREFMP - ok

10:49:34.0344 2924 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

10:49:34.0350 2924 RDPWD - ok

10:49:34.0368 2924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:49:34.0375 2924 rdyboost - ok

10:49:34.0401 2924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:49:34.0423 2924 RemoteAccess - ok

10:49:34.0444 2924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:49:34.0467 2924 RemoteRegistry - ok

10:49:34.0606 2924 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

10:49:34.0626 2924 RoxMediaDB12OEM - ok

10:49:34.0655 2924 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

10:49:34.0667 2924 RoxWatch12 - ok

10:49:34.0739 2924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:49:34.0777 2924 RpcEptMapper - ok

10:49:34.0799 2924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:49:34.0811 2924 RpcLocator - ok

10:49:34.0842 2924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:49:34.0875 2924 RpcSs - ok

10:49:34.0933 2924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:49:34.0970 2924 rspndr - ok

10:49:35.0003 2924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:49:35.0012 2924 SamSs - ok

10:49:35.0027 2924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:49:35.0035 2924 sbp2port - ok

10:49:35.0053 2924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:49:35.0074 2924 SCardSvr - ok

10:49:35.0104 2924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:49:35.0138 2924 scfilter - ok

10:49:35.0222 2924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:49:35.0265 2924 Schedule - ok

10:49:35.0289 2924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:49:35.0309 2924 SCPolicySvc - ok

10:49:35.0323 2924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:49:35.0330 2924 SDRSVC - ok

10:49:35.0342 2924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:49:35.0363 2924 secdrv - ok

10:49:35.0384 2924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:49:35.0404 2924 seclogon - ok

10:49:35.0409 2924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:49:35.0429 2924 SENS - ok

10:49:35.0442 2924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:49:35.0448 2924 SensrSvc - ok

10:49:35.0450 2924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:49:35.0456 2924 Serenum - ok

10:49:35.0461 2924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:49:35.0468 2924 Serial - ok

10:49:35.0483 2924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:49:35.0489 2924 sermouse - ok

10:49:35.0506 2924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:49:35.0526 2924 SessionEnv - ok

10:49:35.0535 2924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:49:35.0543 2924 sffdisk - ok

10:49:35.0545 2924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:49:35.0552 2924 sffp_mmc - ok

10:49:35.0555 2924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:49:35.0563 2924 sffp_sd - ok

10:49:35.0567 2924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:49:35.0573 2924 sfloppy - ok

10:49:35.0617 2924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:49:35.0652 2924 SharedAccess - ok

10:49:35.0674 2924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:49:35.0696 2924 ShellHWDetection - ok

10:49:35.0710 2924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:49:35.0715 2924 SiSRaid2 - ok

10:49:35.0721 2924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:49:35.0726 2924 SiSRaid4 - ok

10:49:35.0732 2924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:49:35.0752 2924 Smb - ok

10:49:35.0762 2924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:49:35.0769 2924 SNMPTRAP - ok

10:49:35.0777 2924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:49:35.0781 2924 spldr - ok

10:49:35.0818 2924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:49:35.0857 2924 Spooler - ok

10:49:36.0005 2924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:49:36.0048 2924 sppsvc - ok

10:49:36.0117 2924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:49:36.0146 2924 sppuinotify - ok

10:49:36.0191 2924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:49:36.0210 2924 srv - ok

10:49:36.0237 2924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:49:36.0249 2924 srv2 - ok

10:49:36.0271 2924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:49:36.0278 2924 srvnet - ok

10:49:36.0306 2924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:49:36.0341 2924 SSDPSRV - ok

10:49:36.0352 2924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:49:36.0373 2924 SstpSvc - ok

10:49:36.0421 2924 Steam Client Service - ok

10:49:36.0437 2924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:49:36.0447 2924 stexstor - ok

10:49:36.0505 2924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:49:36.0531 2924 stisvc - ok

10:49:36.0575 2924 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

10:49:36.0583 2924 stllssvr - ok

10:49:36.0599 2924 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

10:49:36.0611 2924 StorSvc - ok

10:49:36.0622 2924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

10:49:36.0630 2924 swenum - ok

10:49:36.0662 2924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:49:36.0701 2924 swprv - ok

10:49:36.0785 2924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:49:36.0806 2924 SysMain - ok

10:49:36.0883 2924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:49:36.0903 2924 TabletInputService - ok

10:49:36.0926 2924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:49:36.0948 2924 TapiSrv - ok

10:49:36.0963 2924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:49:36.0984 2924 TBS - ok

10:49:37.0110 2924 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:49:37.0132 2924 Tcpip - ok

10:49:37.0269 2924 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:49:37.0302 2924 TCPIP6 - ok

10:49:37.0346 2924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:49:37.0380 2924 tcpipreg - ok

10:49:37.0433 2924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:49:37.0443 2924 TDPIPE - ok

10:49:37.0469 2924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:49:37.0478 2924 TDTCP - ok

10:49:37.0498 2924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:49:37.0533 2924 tdx - ok

10:49:37.0547 2924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

10:49:37.0552 2924 TermDD - ok

10:49:37.0593 2924 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:49:37.0623 2924 TermService - ok

10:49:37.0633 2924 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:49:37.0643 2924 Themes - ok

10:49:37.0653 2924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:49:37.0673 2924 THREADORDER - ok

10:49:37.0693 2924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:49:37.0713 2924 TrkWks - ok

10:49:37.0773 2924 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys

10:49:37.0783 2924 truecrypt - ok

10:49:37.0823 2924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:49:37.0863 2924 TrustedInstaller - ok

10:49:37.0883 2924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:49:37.0903 2924 tssecsrv - ok

10:49:37.0923 2924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:49:37.0933 2924 TsUsbFlt - ok

10:49:37.0943 2924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:49:37.0943 2924 TsUsbGD - ok

10:49:37.0983 2924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:49:38.0003 2924 tunnel - ok

10:49:38.0013 2924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:49:38.0023 2924 uagp35 - ok

10:49:38.0043 2924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:49:38.0063 2924 udfs - ok

10:49:38.0073 2924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:49:38.0083 2924 UI0Detect - ok

10:49:38.0103 2924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:49:38.0103 2924 uliagpkx - ok

10:49:38.0123 2924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:49:38.0123 2924 umbus - ok

10:49:38.0153 2924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:49:38.0153 2924 UmPass - ok

10:49:38.0193 2924 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

10:49:38.0213 2924 UmRdpService - ok

10:49:38.0253 2924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:49:38.0293 2924 upnphost - ok

10:49:38.0323 2924 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

10:49:38.0323 2924 usbccgp - ok

10:49:38.0343 2924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:49:38.0353 2924 usbcir - ok

10:49:38.0393 2924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:49:38.0393 2924 usbehci - ok

10:49:38.0423 2924 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

10:49:38.0433 2924 usbhub - ok

10:49:38.0463 2924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:49:38.0473 2924 usbohci - ok

10:49:38.0493 2924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:49:38.0503 2924 usbprint - ok

10:49:38.0543 2924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:49:38.0553 2924 usbscan - ok

10:49:38.0593 2924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:49:38.0603 2924 USBSTOR - ok

10:49:38.0623 2924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:49:38.0633 2924 usbuhci - ok

10:49:38.0643 2924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:49:38.0673 2924 UxSms - ok

10:49:38.0703 2924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:49:38.0713 2924 VaultSvc - ok

10:49:38.0723 2924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:49:38.0733 2924 vdrvroot - ok

10:49:38.0763 2924 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:49:38.0783 2924 vds - ok

10:49:38.0803 2924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:49:38.0803 2924 vga - ok

10:49:38.0823 2924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:49:38.0863 2924 VgaSave - ok

10:49:38.0893 2924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:49:38.0893 2924 vhdmp - ok

10:49:38.0903 2924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:49:38.0913 2924 viaide - ok

10:49:38.0933 2924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:49:38.0943 2924 volmgr - ok

10:49:38.0963 2924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:49:38.0983 2924 volmgrx - ok

10:49:39.0023 2924 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:49:39.0043 2924 volsnap - ok

10:49:39.0093 2924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:49:39.0103 2924 vsmraid - ok

10:49:39.0193 2924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:49:39.0233 2924 VSS - ok

10:49:39.0323 2924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:49:39.0343 2924 vwifibus - ok

10:49:39.0363 2924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:49:39.0383 2924 vwififlt - ok

10:49:39.0423 2924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:49:39.0463 2924 W32Time - ok

10:49:39.0483 2924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:49:39.0493 2924 WacomPen - ok

10:49:39.0513 2924 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:49:39.0553 2924 WANARP - ok

10:49:39.0553 2924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:49:39.0573 2924 Wanarpv6 - ok

10:49:39.0673 2924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:49:39.0693 2924 WatAdminSvc - ok

10:49:39.0783 2924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:49:39.0813 2924 wbengine - ok

10:49:39.0883 2924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:49:39.0903 2924 WbioSrvc - ok

10:49:39.0943 2924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:49:39.0963 2924 wcncsvc - ok

10:49:39.0973 2924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:49:39.0973 2924 WcsPlugInService - ok

10:49:40.0003 2924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:49:40.0003 2924 Wd - ok

10:49:40.0053 2924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:49:40.0073 2924 Wdf01000 - ok

10:49:40.0093 2924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:49:40.0113 2924 WdiServiceHost - ok

10:49:40.0113 2924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:49:40.0123 2924 WdiSystemHost - ok

10:49:40.0153 2924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:49:40.0163 2924 WebClient - ok

10:49:40.0183 2924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:49:40.0213 2924 Wecsvc - ok

10:49:40.0223 2924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:49:40.0243 2924 wercplsupport - ok

10:49:40.0273 2924 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:49:40.0293 2924 WerSvc - ok

10:49:40.0323 2924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:49:40.0363 2924 WfpLwf - ok

10:49:40.0403 2924 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

10:49:40.0403 2924 WimFltr - ok

10:49:40.0413 2924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:49:40.0423 2924 WIMMount - ok

10:49:40.0423 2924 WinHttpAutoProxySvc - ok

10:49:40.0473 2924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:49:40.0493 2924 Winmgmt - ok

10:49:40.0593 2924 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:49:40.0623 2924 WinRM - ok

10:49:40.0733 2924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:49:40.0743 2924 WinUsb - ok

10:49:40.0793 2924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:49:40.0803 2924 Wlansvc - ok

10:49:40.0883 2924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:49:40.0883 2924 wlcrasvc - ok

10:49:41.0013 2924 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:49:41.0053 2924 wlidsvc - ok

10:49:41.0123 2924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:49:41.0133 2924 WmiAcpi - ok

10:49:41.0193 2924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:49:41.0203 2924 wmiApSrv - ok

10:49:41.0223 2924 WMPNetworkSvc - ok

10:49:41.0233 2924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:49:41.0243 2924 WPCSvc - ok

10:49:41.0253 2924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:49:41.0263 2924 WPDBusEnum - ok

10:49:41.0273 2924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:49:41.0293 2924 ws2ifsl - ok

10:49:41.0343 2924 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

10:49:41.0363 2924 WSDPrintDevice - ok

10:49:41.0363 2924 WSearch - ok

10:49:41.0493 2924 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:49:41.0543 2924 wuauserv - ok

10:49:41.0593 2924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:49:41.0623 2924 WudfPf - ok

10:49:41.0643 2924 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:49:41.0663 2924 WUDFRd - ok

10:49:41.0673 2924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:49:41.0693 2924 wudfsvc - ok

10:49:41.0713 2924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:49:41.0723 2924 WwanSvc - ok

10:49:41.0823 2924 X6va005 - ok

10:49:41.0873 2924 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

10:49:41.0883 2924 xusb21 - ok

10:49:41.0903 2924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:49:42.0193 2924 \Device\Harddisk0\DR0 - ok

10:49:42.0193 2924 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1

10:49:49.0423 2924 \Device\Harddisk1\DR1 - ok

10:49:49.0423 2924 Boot (0x1200) (be112e53949fea31862b21f07bda50f1) \Device\Harddisk0\DR0\Partition0

10:49:49.0423 2924 \Device\Harddisk0\DR0\Partition0 - ok

10:49:49.0433 2924 Boot (0x1200) (e2ac9e58a721e4ba410c0b1b9068577f) \Device\Harddisk0\DR0\Partition1

10:49:49.0433 2924 \Device\Harddisk0\DR0\Partition1 - ok

10:49:49.0433 2924 Boot (0x1200) (801b23c621804c4268b5ef6de8285d07) \Device\Harddisk1\DR1\Partition0

10:49:49.0433 2924 \Device\Harddisk1\DR1\Partition0 - ok

10:49:49.0433 2924 ============================================================

10:49:49.0433 2924 Scan finished

10:49:49.0433 2924 ============================================================

10:49:49.0443 4136 Detected object count: 3

10:49:49.0443 4136 Actual detected object count: 3

10:49:52.0083 4136 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

10:49:52.0083 4136 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:49:52.0083 4136 MBAMService ( ForgedFile.Multi.Generic ) - skipped by user

10:49:52.0083 4136 MBAMService ( ForgedFile.Multi.Generic ) - User select action: Skip

10:49:52.0083 4136 NDIS ( ForgedFile.Multi.Generic ) - skipped by user

10:49:52.0083 4136 NDIS ( ForgedFile.Multi.Generic ) - User select action: Skip

10:49:53.0863 6852 Deinitialize success

Share this post


Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix 12-07-08.02 - Thomas 07/09/2012 11:38:05.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.6143 [GMT -4:00]

Running from: c:\users\Thomas\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Thomas\AppData\Roaming\7413e1a0.dat

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\system32\consrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-08 17:11 . 2012-07-08 17:11 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2012-07-08 04:52 . 2012-07-08 04:52 -------- d-----w- c:\program files (x86)\Exato Game Studios

2012-07-08 04:51 . 2012-07-08 04:52 -------- d-----w- c:\programdata\Package Cache

2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes

2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\programdata\Malwarebytes

2012-07-08 02:54 . 2012-07-08 02:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-08 02:54 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-08 02:21 . 2012-07-08 02:21 -------- d-----w- c:\users\Thomas\AppData\Local\Macromedia

2012-07-07 04:33 . 2012-07-07 05:08 -------- d-----w- c:\programdata\HitmanPro

2012-07-06 15:18 . 2012-07-06 15:19 -------- d-----w- c:\program files (x86)\PCSX2 0.9.8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-08 02:18 . 2012-03-30 05:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-08 02:18 . 2011-07-24 15:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-19 03:04 . 2012-03-30 05:50 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-12 16:31 . 2012-01-13 21:34 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys

2012-04-30 16:53 . 2012-04-30 16:39 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-04-30 16:53 . 2012-04-30 16:39 426496 ----a-w- c:\windows\system32\wrap_oal.dll

2012-04-30 16:53 . 2012-04-30 16:39 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-04-30 16:53 . 2012-04-30 16:39 116736 ----a-w- c:\windows\system32\OpenAL32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-25 1242448]

"Skype"="c:\users\Thomas\Desktop\icons\Skype.exe" [2011-06-15 15141768]

"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2009-08-05 33280]

"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-07-26 1496528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/19 10:35;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-21 45224]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 250056]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 X6va005;X6va005;c:\users\Thomas\AppData\Local\Temp\0059E6C.tmp [x]

R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-05 279616]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-14 204288]

S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-21 1052328]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-14 10207232]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-14 317952]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_9EC60124

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:18]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"combofix"="c:\combofix\CF10832.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\y4q93t3p.default\

FF - user.js: general.useragent.extra.brc -

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Toolbar-Locked - (no file)

SafeBoot-14231181.sys

SafeBoot-26600632.sys

SafeBoot-29396714.sys

SafeBoot-63756001.sys

SafeBoot-64120403.sys

SafeBoot-82084519.sys

SafeBoot-84295779.sys

SafeBoot-97027029.sys

Toolbar-Locked - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

AddRemove-DAEMON Tools Lite - c:\program files (x86)\DAEMON Tools Lite\uninst.exe

AddRemove-Half-Life Dedicated Server Update Tool - c:\progra~2\Valve\HLServer\UNWISE.EXE

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Thomas\AppData\Local\Temp\0059E6C.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1495706375-3656030395-2056764506-1001\Software\SecuROM\License information*]

"datasecu"=hex:4b,df,8d,e6,ff,24,42,f1,ab,88,28,ca,d0,75,6a,09,91,94,14,93,ac,

60,ec,ab,42,0e,8a,56,73,f2,e7,d3,df,26,d6,d9,13,51,b4,b1,de,9e,be,1f,cf,1f,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-07-09 11:49:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-09 15:49

.

Pre-Run: 161,394,663,424 bytes free

Post-Run: 162,420,580,352 bytes free

.

- - End Of File - - C9D3F10B4DC9C9AB2D78EBEA5619268E

Share this post


Link to post
Share on other sites

Thanks a lot! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Status: Disinfected (events: 4)

7/11/2012 7:55:31 PM Disinfected Trojan program Backdoor.Win64.ZAccess.bk C:\Qoobox\Quarantine.zip High

7/11/2012 7:55:31 PM Disinfected Trojan program Backdoor.Win32.ZAccess.aug C:\Qoobox\Quarantine.zip/Quarantine/C/Windows/assembly/GAC_32/Desktop.ini.vir High

7/11/2012 7:55:31 PM Disinfected Trojan program Backdoor.Win64.ZAccess.at C:\Qoobox\Quarantine.zip/Quarantine/C/Windows/assembly/GAC_64/Desktop.ini.vir High

7/11/2012 7:55:31 PM Disinfected Trojan program Backdoor.Win64.ZAccess.bk C:\Qoobox\Quarantine.zip/Quarantine/C/Windows/System32/consrv.dll.vir High

Status: Deleted (events: 3)

7/11/2012 8:52:46 PM Deleted Trojan program Backdoor.Win32.ZAccess.uan C:\Windows\assembly\temp\U\80000064.@ High

7/11/2012 8:52:46 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\Windows\assembly\temp\U\80000000.@ High

7/11/2012 9:04:16 PM Deleted Trojan program Backdoor.Win64.ZAccess.bh C:\Windows\System32\ftpqueue.dll High

wow that scan took 9 hours

Share this post


Link to post
Share on other sites

it seems fine svchost is still connecting out but its useing barely anything at all

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.