Jump to content

Infected with Trojan.Agent.BRVGen?


Recommended Posts

I keep getting a popup warning from Trend Micro Client/Server Security Agent that says "Unauthorized URL Detected". (The URLs are zolyaworldtraf.com and colexity777.com.)

I ran MalWareBytes in Safe Mode with a full scan, and it claimed to remove 6 instances of Trojan.Agent.BRVGen. But on reboot I still seem to be reinfected. I'd be really grateful if someone could walk me through nailing these.

Results of initial DDS.scr scan follow. I also have the Attach.txt if needed? Many thanks in advance!

----------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32

Run by Nick at 16:30:05 on 2012-08-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4010.2001 [GMT -4:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\vcsFPService.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Users\Nick\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\conhost.exe

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/advanced_search

uDefault_Page_URL = hxxp://www.dell.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [7 Taskbar Tweaker] "C:\Users\Nick\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd

uRun: [MediaGet2] C:\Users\Nick\AppData\Local\MediaGet2\mediaget.exe --minimized

uRun: [AdobeBridge]

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OE] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote-us.mcgraw-hill.com/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

TCP: Interfaces\{8EB7CE39-ADE5-4293-87F3-1A420B87DFB4} : DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

TCP: Interfaces\{8EB7CE39-ADE5-4293-87F3-1A420B87DFB4}\245616368647275656020527F607562747965637 : DhcpNameServer = 68.87.71.226 68.87.73.242

TCP: Interfaces\{965ADB34-16C5-4520-8136-9CD1B9AABCC7} : DhcpNameServer = 13.35.0.1 13.35.0.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

LSA: Notification Packages = DPPassFilter scecli

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1051\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [OE] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p6swhzft.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search

FF - prefs.js: network.proxy.http - corp-apps-proxy

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-4 98208]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-4 2009704]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-2-7 50704]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-5-11 342288]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2010-5-11 42768]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-4 2656280]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-10-7 2692400]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 918064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-09 19:24:33 20480 ------w- C:\Windows\svchost.exe

2012-08-09 15:51:41 -------- d-----w- C:\Windows\pss

2012-08-09 15:19:14 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes

2012-08-09 15:19:03 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-09 15:19:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-09 15:19:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-01 19:12:44 -------- d-----w- C:\Program Files (x86)\EA GAMES

2012-07-12 07:06:34 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 10:06:34 2004480 ----a-w- C:\Windows\System32\msxml6.dll

.

==================== Find3M ====================

.

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-05 18:31:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-05 18:31:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-05 18:31:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-06-04 15:23:19 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-04 15:23:19 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 16:30:47.43 ===============

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks Mr C! Here's the RogueKiller report:

--------------------------------------------------------------------------

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Nick [Admin rights]

Mode: Scan -- Date: 08/09/2012 19:02:52

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : 7 Taskbar Tweaker ("C:\Users\Nick\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3950330392-3544514729-2435179646-1002[...]\Run : 7 Taskbar Tweaker ("C:\Users\Nick\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" -hidewnd) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++

--- User ---

[MBR] c5bbad98daec81ef35ea1cbe1f8906e6

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 21900 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45060096 | Size: 283242 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] b9409bfc8d070b4155756c5e6b8ec80f

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 21900 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45060096 | Size: 283242 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] b9409bfc8d070b4155756c5e6b8ec80f

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 21900 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45060096 | Size: 283242 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Hi MrC: Here's the TDSSKiller log report. And that annoying warning hasn't popped up yet, so I am cautiously optimistic that we are clean?

----------------------------------------------------------

20:07:30.0736 1808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

20:07:30.0970 1808 ============================================================

20:07:30.0970 1808 Current date / time: 2012/08/09 20:07:30.0970

20:07:30.0970 1808 SystemInfo:

20:07:30.0970 1808

20:07:30.0970 1808 OS Version: 6.1.7601 ServicePack: 1.0

20:07:30.0970 1808 Product type: Workstation

20:07:30.0970 1808 ComputerName: ANTONINUS

20:07:30.0970 1808 UserName: Nick

20:07:30.0970 1808 Windows directory: C:\Windows

20:07:30.0970 1808 System windows directory: C:\Windows

20:07:30.0970 1808 Running under WOW64

20:07:30.0970 1808 Processor architecture: Intel x64

20:07:30.0970 1808 Number of processors: 4

20:07:30.0970 1808 Page size: 0x1000

20:07:30.0970 1808 Boot type: Normal boot

20:07:30.0970 1808 ============================================================

20:07:31.0672 1808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:07:31.0672 1808 ============================================================

20:07:31.0672 1808 \Device\Harddisk0\DR0:

20:07:31.0672 1808 MBR partitions:

20:07:31.0672 1808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x2AC6000

20:07:31.0672 1808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF9000, BlocksNum 0x229352B0

20:07:31.0672 1808 ============================================================

20:07:31.0719 1808 C: <-> \Device\Harddisk0\DR0\Partition1

20:07:31.0719 1808 ============================================================

20:07:31.0719 1808 Initialize success

20:07:31.0719 1808 ============================================================

20:08:07.0864 1516 ============================================================

20:08:07.0864 1516 Scan started

20:08:07.0864 1516 Mode: Manual; SigCheck; TDLFS;

20:08:07.0864 1516 ============================================================

20:08:10.0516 1516 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:08:10.0766 1516 1394ohci - ok

20:08:10.0906 1516 Acceler (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys

20:08:11.0327 1516 Acceler - ok

20:08:11.0436 1516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:08:11.0514 1516 ACPI - ok

20:08:11.0546 1516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:08:11.0717 1516 AcpiPmi - ok

20:08:11.0904 1516 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:08:11.0920 1516 AdobeARMservice - ok

20:08:12.0107 1516 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:08:12.0123 1516 AdobeFlashPlayerUpdateSvc - ok

20:08:12.0216 1516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

20:08:12.0372 1516 adp94xx - ok

20:08:12.0419 1516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

20:08:12.0482 1516 adpahci - ok

20:08:12.0513 1516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

20:08:12.0528 1516 adpu320 - ok

20:08:12.0560 1516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:08:12.0716 1516 AeLookupSvc - ok

20:08:12.0794 1516 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

20:08:12.0825 1516 AERTFilters - ok

20:08:12.0965 1516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:08:13.0043 1516 AFD - ok

20:08:13.0121 1516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:08:13.0152 1516 agp440 - ok

20:08:13.0184 1516 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:08:13.0246 1516 ALG - ok

20:08:13.0277 1516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:08:13.0293 1516 aliide - ok

20:08:13.0293 1516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:08:13.0308 1516 amdide - ok

20:08:13.0324 1516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

20:08:13.0355 1516 AmdK8 - ok

20:08:13.0371 1516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

20:08:13.0418 1516 AmdPPM - ok

20:08:13.0464 1516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:08:13.0527 1516 amdsata - ok

20:08:13.0558 1516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

20:08:13.0605 1516 amdsbs - ok

20:08:13.0620 1516 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:08:13.0667 1516 amdxata - ok

20:08:13.0745 1516 ApfiltrService (6690e42ced5d067233abad42da141213) C:\Windows\system32\DRIVERS\Apfiltr.sys

20:08:13.0808 1516 ApfiltrService - ok

20:08:13.0839 1516 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:08:14.0088 1516 AppID - ok

20:08:14.0120 1516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:08:14.0213 1516 AppIDSvc - ok

20:08:14.0244 1516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:08:14.0291 1516 Appinfo - ok

20:08:14.0369 1516 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

20:08:14.0478 1516 AppMgmt - ok

20:08:14.0510 1516 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

20:08:14.0525 1516 arc - ok

20:08:14.0556 1516 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

20:08:14.0603 1516 arcsas - ok

20:08:14.0759 1516 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:08:14.0806 1516 aspnet_state - ok

20:08:14.0853 1516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:08:14.0946 1516 AsyncMac - ok

20:08:15.0040 1516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:08:15.0071 1516 atapi - ok

20:08:15.0149 1516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:08:15.0258 1516 AudioEndpointBuilder - ok

20:08:15.0274 1516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:08:15.0305 1516 AudioSrv - ok

20:08:15.0383 1516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:08:15.0570 1516 AxInstSV - ok

20:08:15.0680 1516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

20:08:15.0820 1516 b06bdrv - ok

20:08:15.0914 1516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:08:16.0007 1516 b57nd60a - ok

20:08:16.0070 1516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:08:16.0179 1516 BDESVC - ok

20:08:16.0226 1516 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:08:16.0335 1516 Beep - ok

20:08:16.0428 1516 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:08:16.0522 1516 BFE - ok

20:08:16.0616 1516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:08:16.0725 1516 BITS - ok

20:08:16.0803 1516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:08:16.0850 1516 blbdrive - ok

20:08:17.0021 1516 Bluetooth Device Monitor (c620c59d46f43beecc556f65e801312b) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

20:08:17.0068 1516 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning

20:08:17.0068 1516 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)

20:08:17.0177 1516 Bluetooth Media Service (5e5edcceea4fa3fdf3a907ac204b5828) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

20:08:17.0240 1516 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning

20:08:17.0240 1516 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)

20:08:17.0349 1516 Bluetooth OBEX Service (826e65c945738cbd64f89eae4406687f) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

20:08:17.0474 1516 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning

20:08:17.0474 1516 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)

20:08:17.0598 1516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:08:17.0708 1516 bowser - ok

20:08:17.0770 1516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

20:08:17.0848 1516 BrFiltLo - ok

20:08:17.0848 1516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

20:08:17.0864 1516 BrFiltUp - ok

20:08:17.0910 1516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:08:18.0020 1516 Browser - ok

20:08:18.0160 1516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:08:18.0254 1516 Brserid - ok

20:08:18.0269 1516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:08:18.0316 1516 BrSerWdm - ok

20:08:18.0316 1516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:08:18.0394 1516 BrUsbMdm - ok

20:08:18.0410 1516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:08:18.0425 1516 BrUsbSer - ok

20:08:18.0488 1516 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

20:08:18.0628 1516 BthEnum - ok

20:08:18.0690 1516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:08:18.0784 1516 BTHMODEM - ok

20:08:18.0878 1516 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

20:08:18.0924 1516 BthPan - ok

20:08:18.0971 1516 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

20:08:19.0143 1516 BTHPORT - ok

20:08:19.0236 1516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:08:19.0314 1516 bthserv - ok

20:08:19.0361 1516 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

20:08:19.0439 1516 BTHUSB - ok

20:08:19.0486 1516 btmaux (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys

20:08:19.0533 1516 btmaux - ok

20:08:19.0595 1516 btmhsf (ec1220b647f0d995da5cad4153454779) C:\Windows\system32\DRIVERS\btmhsf.sys

20:08:19.0736 1516 btmhsf - ok

20:08:19.0767 1516 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:08:19.0829 1516 cdfs - ok

20:08:19.0876 1516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:08:19.0954 1516 cdrom - ok

20:08:20.0001 1516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:08:20.0110 1516 CertPropSvc - ok

20:08:20.0141 1516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

20:08:20.0157 1516 circlass - ok

20:08:20.0219 1516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:08:20.0266 1516 CLFS - ok

20:08:20.0344 1516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:08:20.0422 1516 clr_optimization_v2.0.50727_32 - ok

20:08:20.0453 1516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:08:20.0500 1516 clr_optimization_v2.0.50727_64 - ok

20:08:20.0578 1516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:08:20.0625 1516 clr_optimization_v4.0.30319_32 - ok

20:08:20.0703 1516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:08:20.0718 1516 clr_optimization_v4.0.30319_64 - ok

20:08:20.0781 1516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:08:20.0859 1516 CmBatt - ok

20:08:20.0906 1516 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:08:20.0952 1516 cmdide - ok

20:08:21.0030 1516 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

20:08:21.0093 1516 CNG - ok

20:08:21.0140 1516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:08:21.0186 1516 Compbatt - ok

20:08:21.0249 1516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:08:21.0296 1516 CompositeBus - ok

20:08:21.0311 1516 COMSysApp - ok

20:08:21.0342 1516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

20:08:21.0374 1516 crcdisk - ok

20:08:21.0420 1516 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:08:21.0483 1516 CryptSvc - ok

20:08:21.0545 1516 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

20:08:21.0670 1516 CSC - ok

20:08:21.0717 1516 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

20:08:21.0779 1516 CscService - ok

20:08:21.0842 1516 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys

20:08:21.0935 1516 CtClsFlt - ok

20:08:21.0998 1516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:08:22.0091 1516 DcomLaunch - ok

20:08:22.0138 1516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:08:22.0278 1516 defragsvc - ok

20:08:22.0310 1516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:08:22.0403 1516 DfsC - ok

20:08:22.0497 1516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:08:22.0590 1516 Dhcp - ok

20:08:22.0622 1516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:08:22.0700 1516 discache - ok

20:08:22.0746 1516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

20:08:22.0809 1516 Disk - ok

20:08:22.0840 1516 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

20:08:22.0949 1516 dmvsc - ok

20:08:22.0980 1516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:08:23.0090 1516 Dnscache - ok

20:08:23.0121 1516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:08:23.0261 1516 dot3svc - ok

20:08:23.0386 1516 DpHost (c43618154fc0c8480f53b04ba7a2f371) C:\Program Files\DigitalPersona\Bin\DpHostW.exe

20:08:23.0417 1516 DpHost - ok

20:08:23.0448 1516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:08:23.0511 1516 DPS - ok

20:08:23.0573 1516 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:08:23.0636 1516 drmkaud - ok

20:08:23.0682 1516 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

20:08:23.0760 1516 dsNcAdpt - ok

20:08:23.0885 1516 dsNcService (1467fb71face93569fd681a922005aad) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

20:08:23.0948 1516 dsNcService - ok

20:08:24.0026 1516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:08:24.0088 1516 DXGKrnl - ok

20:08:24.0119 1516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:08:24.0166 1516 EapHost - ok

20:08:24.0384 1516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

20:08:24.0587 1516 ebdrv - ok

20:08:24.0728 1516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:08:24.0821 1516 EFS - ok

20:08:24.0915 1516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:08:25.0071 1516 ehRecvr - ok

20:08:25.0086 1516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:08:25.0164 1516 ehSched - ok

20:08:25.0258 1516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

20:08:25.0352 1516 elxstor - ok

20:08:25.0352 1516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:08:25.0398 1516 ErrDev - ok

20:08:25.0508 1516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:08:25.0632 1516 EventSystem - ok

20:08:25.0804 1516 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

20:08:25.0882 1516 EvtEng - ok

20:08:26.0054 1516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:08:26.0147 1516 exfat - ok

20:08:26.0194 1516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:08:26.0334 1516 fastfat - ok

20:08:26.0428 1516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:08:26.0553 1516 Fax - ok

20:08:26.0584 1516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

20:08:26.0646 1516 fdc - ok

20:08:26.0724 1516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:08:26.0756 1516 fdPHost - ok

20:08:26.0787 1516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:08:26.0865 1516 FDResPub - ok

20:08:26.0927 1516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:08:26.0974 1516 FileInfo - ok

20:08:26.0990 1516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:08:27.0021 1516 Filetrace - ok

20:08:27.0130 1516 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:08:27.0270 1516 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

20:08:27.0270 1516 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

20:08:27.0317 1516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

20:08:27.0348 1516 flpydisk - ok

20:08:27.0380 1516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:08:27.0442 1516 FltMgr - ok

20:08:27.0520 1516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:08:27.0676 1516 FontCache - ok

20:08:27.0738 1516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:08:27.0770 1516 FontCache3.0.0.0 - ok

20:08:27.0801 1516 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:08:27.0832 1516 FsDepends - ok

20:08:27.0863 1516 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:08:27.0894 1516 Fs_Rec - ok

20:08:27.0957 1516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:08:27.0988 1516 fvevol - ok

20:08:28.0035 1516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

20:08:28.0097 1516 gagp30kx - ok

20:08:28.0160 1516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:08:28.0238 1516 gpsvc - ok

20:08:28.0253 1516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:08:28.0331 1516 hcw85cir - ok

20:08:28.0394 1516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:08:28.0456 1516 HDAudBus - ok

20:08:28.0456 1516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

20:08:28.0503 1516 HidBatt - ok

20:08:28.0550 1516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:08:28.0659 1516 HidBth - ok

20:08:28.0706 1516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

20:08:28.0752 1516 HidIr - ok

20:08:28.0784 1516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:08:28.0846 1516 hidserv - ok

20:08:28.0893 1516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:08:28.0940 1516 HidUsb - ok

20:08:28.0955 1516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:08:29.0064 1516 hkmsvc - ok

20:08:29.0111 1516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:08:29.0158 1516 HomeGroupListener - ok

20:08:29.0189 1516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:08:29.0236 1516 HomeGroupProvider - ok

20:08:29.0267 1516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:08:29.0314 1516 HpSAMD - ok

20:08:29.0423 1516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:08:29.0532 1516 HTTP - ok

20:08:29.0548 1516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:08:29.0564 1516 hwpolicy - ok

20:08:29.0626 1516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:08:29.0657 1516 i8042prt - ok

20:08:29.0751 1516 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

20:08:29.0782 1516 iaStor - ok

20:08:29.0876 1516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:08:29.0985 1516 iaStorV - ok

20:08:30.0032 1516 iBtFltCoex (e44f0b4dc753c14930b8dc48bb7a1644) C:\Windows\system32\DRIVERS\iBtFltCoex.sys

20:08:30.0094 1516 iBtFltCoex - ok

20:08:30.0234 1516 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:08:30.0297 1516 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:08:30.0297 1516 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:08:30.0422 1516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:08:30.0515 1516 idsvc - ok

20:08:31.0248 1516 igfx (a47d902f5c0c43dcf5ee2cae02bf39a8) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:08:31.0685 1516 igfx - ok

20:08:31.0826 1516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

20:08:31.0872 1516 iirsp - ok

20:08:31.0950 1516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:08:32.0013 1516 IKEEXT - ok

20:08:32.0075 1516 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys

20:08:32.0169 1516 Impcd - ok

20:08:32.0247 1516 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys

20:08:32.0278 1516 intaud_WaveExtensible - ok

20:08:32.0450 1516 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys

20:08:32.0512 1516 IntcAzAudAddService - ok

20:08:32.0637 1516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:08:32.0684 1516 intelide - ok

20:08:32.0730 1516 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:08:32.0762 1516 intelppm - ok

20:08:32.0808 1516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:08:32.0918 1516 IPBusEnum - ok

20:08:32.0949 1516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:08:32.0996 1516 IpFilterDriver - ok

20:08:33.0074 1516 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:08:33.0167 1516 iphlpsvc - ok

20:08:33.0183 1516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:08:33.0261 1516 IPMIDRV - ok

20:08:33.0276 1516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:08:33.0308 1516 IPNAT - ok

20:08:33.0339 1516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:08:33.0354 1516 IRENUM - ok

20:08:33.0370 1516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:08:33.0386 1516 isapnp - ok

20:08:33.0432 1516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:08:33.0495 1516 iScsiPrt - ok

20:08:33.0573 1516 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys

20:08:33.0604 1516 iwdbus - ok

20:08:33.0620 1516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:08:33.0635 1516 kbdclass - ok

20:08:33.0666 1516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

20:08:33.0713 1516 kbdhid - ok

20:08:33.0744 1516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:33.0776 1516 KeyIso - ok

20:08:33.0822 1516 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

20:08:33.0869 1516 KSecDD - ok

20:08:33.0885 1516 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

20:08:33.0947 1516 KSecPkg - ok

20:08:33.0963 1516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:08:34.0010 1516 ksthunk - ok

20:08:34.0072 1516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:08:34.0212 1516 KtmRm - ok

20:08:34.0275 1516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:08:34.0368 1516 LanmanServer - ok

20:08:34.0431 1516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:08:34.0524 1516 LanmanWorkstation - ok

20:08:34.0587 1516 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:08:34.0665 1516 lltdio - ok

20:08:34.0712 1516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:08:34.0774 1516 lltdsvc - ok

20:08:34.0821 1516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:08:34.0899 1516 lmhosts - ok

20:08:34.0992 1516 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

20:08:35.0024 1516 LMS - ok

20:08:35.0070 1516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

20:08:35.0117 1516 LSI_FC - ok

20:08:35.0148 1516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

20:08:35.0180 1516 LSI_SAS - ok

20:08:35.0195 1516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

20:08:35.0211 1516 LSI_SAS2 - ok

20:08:35.0226 1516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

20:08:35.0242 1516 LSI_SCSI - ok

20:08:35.0258 1516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:08:35.0304 1516 luafv - ok

20:08:35.0351 1516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:08:35.0414 1516 Mcx2Svc - ok

20:08:35.0414 1516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

20:08:35.0429 1516 megasas - ok

20:08:35.0460 1516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

20:08:35.0523 1516 MegaSR - ok

20:08:35.0601 1516 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

20:08:35.0632 1516 MEIx64 - ok

20:08:35.0679 1516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:08:35.0741 1516 MMCSS - ok

20:08:35.0788 1516 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:08:35.0850 1516 Modem - ok

20:08:35.0897 1516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:08:35.0944 1516 monitor - ok

20:08:35.0975 1516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:08:36.0006 1516 mouclass - ok

20:08:36.0053 1516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:08:36.0131 1516 mouhid - ok

20:08:36.0162 1516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:08:36.0194 1516 mountmgr - ok

20:08:36.0256 1516 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:08:36.0318 1516 MozillaMaintenance - ok

20:08:36.0350 1516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:08:36.0412 1516 mpio - ok

20:08:36.0443 1516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:08:36.0490 1516 mpsdrv - ok

20:08:36.0568 1516 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:08:36.0708 1516 MpsSvc - ok

20:08:36.0740 1516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:08:36.0818 1516 MRxDAV - ok

20:08:36.0864 1516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:08:36.0989 1516 mrxsmb - ok

20:08:37.0020 1516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:08:37.0098 1516 mrxsmb10 - ok

20:08:37.0114 1516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:08:37.0208 1516 mrxsmb20 - ok

20:08:37.0223 1516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:08:37.0239 1516 msahci - ok

20:08:37.0286 1516 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:08:37.0317 1516 msdsm - ok

20:08:37.0364 1516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:08:37.0442 1516 MSDTC - ok

20:08:37.0488 1516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:08:37.0566 1516 Msfs - ok

20:08:37.0629 1516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:08:37.0722 1516 mshidkmdf - ok

20:08:37.0754 1516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:08:37.0800 1516 msisadrv - ok

20:08:37.0832 1516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:08:37.0894 1516 MSiSCSI - ok

20:08:37.0894 1516 msiserver - ok

20:08:37.0941 1516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:08:38.0034 1516 MSKSSRV - ok

20:08:38.0034 1516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:08:38.0066 1516 MSPCLOCK - ok

20:08:38.0097 1516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:08:38.0159 1516 MSPQM - ok

20:08:38.0190 1516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:08:38.0284 1516 MsRPC - ok

20:08:38.0300 1516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

20:08:38.0315 1516 mssmbios - ok

20:08:38.0331 1516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:08:38.0424 1516 MSTEE - ok

20:08:38.0424 1516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

20:08:38.0440 1516 MTConfig - ok

20:08:38.0471 1516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:08:38.0487 1516 Mup - ok

20:08:38.0627 1516 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

20:08:38.0752 1516 MyWiFiDHCPDNS - ok

20:08:38.0799 1516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:08:38.0892 1516 napagent - ok

20:08:38.0970 1516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:08:39.0095 1516 NativeWifiP - ok

20:08:39.0204 1516 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

20:08:39.0251 1516 NDIS - ok

20:08:39.0267 1516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:08:39.0298 1516 NdisCap - ok

20:08:39.0314 1516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:08:39.0360 1516 NdisTapi - ok

20:08:39.0376 1516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:08:39.0438 1516 Ndisuio - ok

20:08:39.0470 1516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:08:39.0532 1516 NdisWan - ok

20:08:39.0563 1516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:08:39.0610 1516 NDProxy - ok

20:08:39.0626 1516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:08:39.0704 1516 NetBIOS - ok

20:08:39.0735 1516 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:08:39.0766 1516 NetBT - ok

20:08:39.0797 1516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:39.0828 1516 Netlogon - ok

20:08:39.0922 1516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:08:40.0016 1516 Netman - ok

20:08:40.0125 1516 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:40.0187 1516 NetMsmqActivator - ok

20:08:40.0187 1516 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:40.0218 1516 NetPipeActivator - ok

20:08:40.0250 1516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:08:40.0343 1516 netprofm - ok

20:08:40.0359 1516 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:40.0359 1516 NetTcpActivator - ok

20:08:40.0359 1516 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:08:40.0374 1516 NetTcpPortSharing - ok

20:08:40.0437 1516 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

20:08:40.0499 1516 netvsc - ok

20:08:41.0014 1516 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys

20:08:41.0466 1516 NETwNs64 - ok

20:08:41.0607 1516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

20:08:41.0654 1516 nfrd960 - ok

20:08:41.0716 1516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:08:41.0810 1516 NlaSvc - ok

20:08:41.0841 1516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:08:41.0872 1516 Npfs - ok

20:08:41.0888 1516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:08:41.0966 1516 nsi - ok

20:08:41.0981 1516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:08:42.0012 1516 nsiproxy - ok

20:08:42.0137 1516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:08:42.0231 1516 Ntfs - ok

20:08:42.0449 1516 ntrtscan (f632dd8aa5c388d1d0528a876a71320d) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

20:08:42.0527 1516 ntrtscan - ok

20:08:42.0636 1516 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:08:42.0683 1516 Null - ok

20:08:42.0761 1516 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys

20:08:42.0964 1516 nusb3hub - ok

20:08:43.0042 1516 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys

20:08:43.0136 1516 nusb3xhc - ok

20:08:43.0697 1516 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:08:43.0900 1516 nvlddmkm - ok

20:08:43.0978 1516 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys

20:08:44.0009 1516 nvpciflt - ok

20:08:44.0072 1516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:08:44.0118 1516 nvraid - ok

20:08:44.0165 1516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:08:44.0212 1516 nvstor - ok

20:08:44.0321 1516 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe

20:08:44.0352 1516 NVSvc - ok

20:08:44.0524 1516 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

20:08:44.0618 1516 nvUpdatusService - ok

20:08:44.0774 1516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:08:44.0836 1516 nv_agp - ok

20:08:44.0836 1516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:08:44.0867 1516 ohci1394 - ok

20:08:44.0945 1516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:08:45.0023 1516 ose - ok

20:08:45.0320 1516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:08:45.0538 1516 osppsvc - ok

20:08:45.0694 1516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:08:45.0788 1516 p2pimsvc - ok

20:08:45.0834 1516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:08:45.0928 1516 p2psvc - ok

20:08:45.0975 1516 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

20:08:46.0053 1516 Parport - ok

20:08:46.0084 1516 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:08:46.0115 1516 partmgr - ok

20:08:46.0146 1516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:08:46.0178 1516 PcaSvc - ok

20:08:46.0224 1516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:08:46.0271 1516 pci - ok

20:08:46.0271 1516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:08:46.0287 1516 pciide - ok

20:08:46.0334 1516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

20:08:46.0396 1516 pcmcia - ok

20:08:46.0427 1516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:08:46.0443 1516 pcw - ok

20:08:46.0474 1516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:08:46.0661 1516 PEAUTH - ok

20:08:46.0770 1516 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

20:08:46.0880 1516 PeerDistSvc - ok

20:08:46.0989 1516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:08:47.0051 1516 PerfHost - ok

20:08:47.0223 1516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:08:47.0410 1516 pla - ok

20:08:47.0488 1516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:08:47.0613 1516 PlugPlay - ok

20:08:47.0628 1516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:08:47.0675 1516 PNRPAutoReg - ok

20:08:47.0722 1516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:08:47.0753 1516 PNRPsvc - ok

20:08:47.0800 1516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:08:47.0925 1516 PolicyAgent - ok

20:08:47.0956 1516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:08:48.0018 1516 Power - ok

20:08:48.0081 1516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:08:48.0174 1516 PptpMiniport - ok

20:08:48.0190 1516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

20:08:48.0252 1516 Processor - ok

20:08:48.0284 1516 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:08:48.0377 1516 ProfSvc - ok

20:08:48.0408 1516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:48.0440 1516 ProtectedStorage - ok

20:08:48.0502 1516 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:08:48.0564 1516 Psched - ok

20:08:48.0674 1516 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:08:48.0705 1516 PxHlpa64 - ok

20:08:48.0845 1516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

20:08:49.0064 1516 ql2300 - ok

20:08:49.0173 1516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

20:08:49.0220 1516 ql40xx - ok

20:08:49.0251 1516 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:08:49.0344 1516 QWAVE - ok

20:08:49.0344 1516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:08:49.0407 1516 QWAVEdrv - ok

20:08:49.0422 1516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:08:49.0454 1516 RasAcd - ok

20:08:49.0485 1516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:08:49.0516 1516 RasAgileVpn - ok

20:08:49.0563 1516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:08:49.0610 1516 RasAuto - ok

20:08:49.0641 1516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:08:49.0734 1516 Rasl2tp - ok

20:08:49.0797 1516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:08:50.0000 1516 RasMan - ok

20:08:50.0031 1516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:08:50.0109 1516 RasPppoe - ok

20:08:50.0124 1516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:08:50.0202 1516 RasSstp - ok

20:08:50.0249 1516 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:08:50.0343 1516 rdbss - ok

20:08:50.0358 1516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:08:50.0405 1516 rdpbus - ok

20:08:50.0436 1516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:08:50.0514 1516 RDPCDD - ok

20:08:50.0561 1516 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

20:08:50.0639 1516 RDPDR - ok

20:08:50.0686 1516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:08:50.0748 1516 RDPENCDD - ok

20:08:50.0811 1516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:08:50.0858 1516 RDPREFMP - ok

20:08:50.0936 1516 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:08:51.0029 1516 RDPWD - ok

20:08:51.0092 1516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:08:51.0138 1516 rdyboost - ok

20:08:51.0310 1516 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

20:08:51.0372 1516 RegSrvc - ok

20:08:51.0404 1516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:08:51.0528 1516 RemoteAccess - ok

20:08:51.0560 1516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:08:51.0716 1516 RemoteRegistry - ok

20:08:51.0809 1516 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

20:08:51.0918 1516 RFCOMM - ok

20:08:52.0121 1516 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

20:08:52.0262 1516 RoxMediaDB12OEM - ok

20:08:52.0340 1516 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

20:08:52.0355 1516 RoxWatch12 - ok

20:08:52.0480 1516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:08:52.0574 1516 RpcEptMapper - ok

20:08:52.0605 1516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:08:52.0620 1516 RpcLocator - ok

20:08:52.0667 1516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:08:52.0714 1516 RpcSs - ok

20:08:52.0761 1516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:08:52.0870 1516 rspndr - ok

20:08:52.0932 1516 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys

20:08:52.0964 1516 RSUSBSTOR - ok

20:08:53.0042 1516 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:08:53.0135 1516 RTL8167 - ok

20:08:53.0166 1516 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

20:08:53.0198 1516 s3cap - ok

20:08:53.0244 1516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:08:53.0260 1516 SamSs - ok

20:08:53.0291 1516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:08:53.0322 1516 sbp2port - ok

20:08:53.0369 1516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:08:53.0510 1516 SCardSvr - ok

20:08:53.0525 1516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:08:53.0603 1516 scfilter - ok

20:08:53.0681 1516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:08:53.0790 1516 Schedule - ok

20:08:53.0822 1516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:08:53.0884 1516 SCPolicySvc - ok

20:08:53.0915 1516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:08:53.0931 1516 SDRSVC - ok

20:08:54.0024 1516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:08:54.0102 1516 secdrv - ok

20:08:54.0134 1516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:08:54.0258 1516 seclogon - ok

20:08:54.0290 1516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:08:54.0383 1516 SENS - ok

20:08:54.0414 1516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:08:54.0477 1516 SensrSvc - ok

20:08:54.0539 1516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

20:08:54.0602 1516 Serenum - ok

20:08:54.0617 1516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

20:08:54.0680 1516 Serial - ok

20:08:54.0711 1516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

20:08:54.0742 1516 sermouse - ok

20:08:54.0773 1516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:08:54.0882 1516 SessionEnv - ok

20:08:54.0882 1516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:08:54.0898 1516 sffdisk - ok

20:08:54.0898 1516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:08:54.0914 1516 sffp_mmc - ok

20:08:54.0929 1516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:08:54.0945 1516 sffp_sd - ok

20:08:54.0960 1516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

20:08:54.0976 1516 sfloppy - ok

20:08:55.0054 1516 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:08:55.0179 1516 SharedAccess - ok

20:08:55.0210 1516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:08:55.0272 1516 ShellHWDetection - ok

20:08:55.0304 1516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

20:08:55.0319 1516 SiSRaid2 - ok

20:08:55.0335 1516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

20:08:55.0366 1516 SiSRaid4 - ok

20:08:55.0397 1516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:08:55.0491 1516 Smb - ok

20:08:55.0538 1516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:08:55.0584 1516 SNMPTRAP - ok

20:08:55.0616 1516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:08:55.0631 1516 spldr - ok

20:08:55.0694 1516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:08:55.0772 1516 Spooler - ok

20:08:55.0943 1516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:08:56.0084 1516 sppsvc - ok

20:08:56.0240 1516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:08:56.0380 1516 sppuinotify - ok

20:08:56.0458 1516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:08:56.0598 1516 srv - ok

20:08:56.0661 1516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:08:56.0739 1516 srv2 - ok

20:08:56.0786 1516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:08:56.0832 1516 srvnet - ok

20:08:56.0895 1516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:08:56.0973 1516 SSDPSRV - ok

20:08:56.0988 1516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:08:57.0082 1516 SstpSvc - ok

20:08:57.0144 1516 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys

20:08:57.0160 1516 stdcfltn - ok

20:08:57.0238 1516 Steam Client Service - ok

20:08:57.0332 1516 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

20:08:57.0363 1516 Stereo Service - ok

20:08:57.0394 1516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

20:08:57.0410 1516 stexstor - ok

20:08:57.0488 1516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:08:57.0534 1516 stisvc - ok

20:08:57.0566 1516 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:08:57.0581 1516 stllssvr - ok

20:08:57.0612 1516 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

20:08:57.0690 1516 StorSvc - ok

20:08:57.0737 1516 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

20:08:57.0768 1516 storvsc - ok

20:08:57.0893 1516 svcGenericHost (15323ae5d254aa1d389522166e6f4244) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

20:08:57.0940 1516 svcGenericHost - ok

20:08:57.0956 1516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

20:08:57.0987 1516 swenum - ok

20:08:58.0127 1516 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

20:08:58.0221 1516 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

20:08:58.0221 1516 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

20:08:58.0283 1516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:08:58.0424 1516 swprv - ok

20:08:58.0486 1516 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

20:08:58.0517 1516 SynthVid - ok

20:08:58.0626 1516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:08:58.0689 1516 SysMain - ok

20:08:58.0798 1516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:08:58.0860 1516 TabletInputService - ok

20:08:58.0876 1516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:08:59.0032 1516 TapiSrv - ok

20:08:59.0094 1516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:08:59.0141 1516 TBS - ok

20:08:59.0282 1516 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:08:59.0469 1516 Tcpip - ok

20:08:59.0640 1516 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:08:59.0672 1516 TCPIP6 - ok

20:08:59.0750 1516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:08:59.0843 1516 tcpipreg - ok

20:08:59.0874 1516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:08:59.0906 1516 TDPIPE - ok

20:08:59.0937 1516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:08:59.0984 1516 TDTCP - ok

20:09:00.0015 1516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:09:00.0093 1516 tdx - ok

20:09:00.0155 1516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

20:09:00.0202 1516 TermDD - ok

20:09:00.0264 1516 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:09:00.0420 1516 TermService - ok

20:09:00.0436 1516 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:09:00.0514 1516 Themes - ok

20:09:00.0545 1516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:09:00.0608 1516 THREADORDER - ok

20:09:00.0701 1516 TMBMServer (963c903e5176c5cdcae321d48635b21f) c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

20:09:00.0748 1516 TMBMServer - ok

20:09:00.0904 1516 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys

20:09:00.0998 1516 TmFilter - ok

20:09:01.0216 1516 tmlisten (e5f23152b394fdebc53b07e2b2e64c62) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

20:09:01.0294 1516 tmlisten - ok

20:09:01.0388 1516 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys

20:09:01.0419 1516 TmPreFilter - ok

20:09:01.0497 1516 TmProxy (6b322de56d58daf1daba4740dea86925) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

20:09:01.0637 1516 TmProxy - ok

20:09:01.0793 1516 tmtdi (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys

20:09:01.0824 1516 tmtdi - ok

20:09:01.0840 1516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:09:01.0934 1516 TrkWks - ok

20:09:01.0980 1516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:09:02.0090 1516 TrustedInstaller - ok

20:09:02.0121 1516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:09:02.0214 1516 tssecsrv - ok

20:09:02.0246 1516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:09:02.0292 1516 TsUsbFlt - ok

20:09:02.0308 1516 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

20:09:02.0324 1516 TsUsbGD - ok

20:09:02.0386 1516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:09:02.0480 1516 tunnel - ok

20:09:02.0526 1516 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

20:09:02.0573 1516 TurboB - ok

20:09:02.0636 1516 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

20:09:02.0714 1516 TurboBoost - ok

20:09:02.0745 1516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

20:09:02.0776 1516 uagp35 - ok

20:09:02.0807 1516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:09:02.0932 1516 udfs - ok

20:09:02.0979 1516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:09:02.0994 1516 UI0Detect - ok

20:09:03.0026 1516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:09:03.0072 1516 uliagpkx - ok

20:09:03.0088 1516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

20:09:03.0150 1516 umbus - ok

20:09:03.0182 1516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

20:09:03.0228 1516 UmPass - ok

20:09:03.0275 1516 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

20:09:03.0416 1516 UmRdpService - ok

20:09:03.0634 1516 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

20:09:03.0681 1516 UNS - ok

20:09:03.0790 1516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:09:03.0915 1516 upnphost - ok

20:09:03.0962 1516 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

20:09:04.0055 1516 usbccgp - ok

20:09:04.0086 1516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:09:04.0133 1516 usbcir - ok

20:09:04.0164 1516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

20:09:04.0227 1516 usbehci - ok

20:09:04.0289 1516 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys

20:09:04.0414 1516 usbhub - ok

20:09:04.0445 1516 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

20:09:04.0508 1516 usbohci - ok

20:09:04.0539 1516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

20:09:04.0586 1516 usbprint - ok

20:09:04.0617 1516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:09:04.0726 1516 USBSTOR - ok

20:09:04.0742 1516 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:09:04.0788 1516 usbuhci - ok

20:09:04.0835 1516 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

20:09:04.0882 1516 usbvideo - ok

20:09:04.0913 1516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:09:05.0007 1516 UxSms - ok

20:09:05.0054 1516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:09:05.0069 1516 VaultSvc - ok

20:09:05.0272 1516 vcsFPService (20bf96c13db4ba085d98f4700f3b05fe) C:\Windows\system32\vcsFPService.exe

20:09:05.0381 1516 vcsFPService - ok

20:09:05.0522 1516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:09:05.0553 1516 vdrvroot - ok

20:09:05.0615 1516 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:09:05.0756 1516 vds - ok

20:09:05.0771 1516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:09:05.0787 1516 vga - ok

20:09:05.0818 1516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:09:05.0880 1516 VgaSave - ok

20:09:05.0943 1516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:09:05.0990 1516 vhdmp - ok

20:09:05.0990 1516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:09:06.0005 1516 viaide - ok

20:09:06.0036 1516 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

20:09:06.0099 1516 VMBusHID - ok

20:09:06.0130 1516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:09:06.0146 1516 volmgr - ok

20:09:06.0192 1516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:09:06.0224 1516 volmgrx - ok

20:09:06.0255 1516 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:09:06.0348 1516 volsnap - ok

20:09:06.0364 1516 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys

20:09:06.0442 1516 vpcbus - ok

20:09:06.0473 1516 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys

20:09:06.0520 1516 vpcnfltr - ok

20:09:06.0551 1516 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys

20:09:06.0629 1516 vpcusb - ok

20:09:06.0676 1516 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys

20:09:06.0723 1516 vpcvmm - ok

20:09:06.0972 1516 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys

20:09:07.0144 1516 VSApiNt - ok

20:09:07.0347 1516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

20:09:07.0425 1516 vsmraid - ok

20:09:07.0534 1516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:09:07.0643 1516 VSS - ok

20:09:07.0737 1516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:09:07.0799 1516 vwifibus - ok

20:09:07.0830 1516 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:09:07.0893 1516 vwififlt - ok

20:09:07.0940 1516 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

20:09:07.0986 1516 vwifimp - ok

20:09:08.0080 1516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:09:08.0189 1516 W32Time - ok

20:09:08.0205 1516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

20:09:08.0252 1516 WacomPen - ok

20:09:08.0283 1516 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:09:08.0376 1516 WANARP - ok

20:09:08.0376 1516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:09:08.0408 1516 Wanarpv6 - ok

20:09:08.0548 1516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:09:08.0673 1516 WatAdminSvc - ok

20:09:08.0766 1516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:09:08.0860 1516 wbengine - ok

20:09:08.0985 1516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:09:09.0016 1516 WbioSrvc - ok

20:09:09.0063 1516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:09:09.0110 1516 wcncsvc - ok

20:09:09.0125 1516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:09:09.0156 1516 WcsPlugInService - ok

20:09:09.0188 1516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

20:09:09.0219 1516 Wd - ok

20:09:09.0312 1516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:09:09.0390 1516 Wdf01000 - ok

20:09:09.0406 1516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:09:09.0515 1516 WdiServiceHost - ok

20:09:09.0531 1516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:09:09.0546 1516 WdiSystemHost - ok

20:09:09.0578 1516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:09:09.0671 1516 WebClient - ok

20:09:09.0702 1516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:09:09.0796 1516 Wecsvc - ok

20:09:09.0827 1516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:09:09.0890 1516 wercplsupport - ok

20:09:09.0936 1516 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:09:10.0030 1516 WerSvc - ok

20:09:10.0092 1516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:09:10.0155 1516 WfpLwf - ok

20:09:10.0170 1516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:09:10.0186 1516 WIMMount - ok

20:09:10.0217 1516 WinDefend - ok

20:09:10.0217 1516 WinHttpAutoProxySvc - ok

20:09:10.0280 1516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:09:10.0326 1516 Winmgmt - ok

20:09:10.0451 1516 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:09:10.0654 1516 WinRM - ok

20:09:10.0763 1516 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

20:09:10.0794 1516 WinUSB - ok

20:09:10.0857 1516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:09:10.0966 1516 Wlansvc - ok

20:09:11.0060 1516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:09:11.0091 1516 wlcrasvc - ok

20:09:11.0309 1516 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:09:11.0418 1516 wlidsvc - ok

20:09:11.0559 1516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:09:11.0606 1516 WmiAcpi - ok

20:09:11.0699 1516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:09:11.0730 1516 wmiApSrv - ok

20:09:11.0793 1516 WMPNetworkSvc - ok

20:09:11.0824 1516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:09:11.0855 1516 WPCSvc - ok

20:09:11.0902 1516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:09:11.0964 1516 WPDBusEnum - ok

20:09:11.0980 1516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:09:12.0011 1516 ws2ifsl - ok

20:09:12.0042 1516 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:09:12.0105 1516 wscsvc - ok

20:09:12.0105 1516 WSearch - ok

20:09:12.0292 1516 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:09:12.0370 1516 wuauserv - ok

20:09:12.0479 1516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:09:12.0588 1516 WudfPf - ok

20:09:12.0635 1516 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:09:12.0744 1516 WUDFRd - ok

20:09:12.0791 1516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:09:12.0822 1516 wudfsvc - ok

20:09:12.0854 1516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:09:12.0900 1516 WwanSvc - ok

20:09:12.0963 1516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:09:13.0041 1516 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

20:09:13.0041 1516 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

20:09:13.0134 1516 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:09:13.0134 1516 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:09:13.0150 1516 Boot (0x1200) (be00559886a3178b06f882bcedec14a3) \Device\Harddisk0\DR0\Partition0

20:09:13.0150 1516 \Device\Harddisk0\DR0\Partition0 - ok

20:09:13.0181 1516 Boot (0x1200) (e4a3d06f99e279d0e8b6d7a4fdcbc53d) \Device\Harddisk0\DR0\Partition1

20:09:13.0181 1516 \Device\Harddisk0\DR0\Partition1 - ok

20:09:13.0181 1516 ============================================================

20:09:13.0181 1516 Scan finished

20:09:13.0181 1516 ============================================================

20:09:13.0197 5488 Detected object count: 8

20:09:13.0197 5488 Actual detected object count: 8

20:10:12.0368 5488 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0368 5488 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:12.0383 5488 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0383 5488 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:12.0383 5488 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0383 5488 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:12.0383 5488 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0383 5488 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:12.0383 5488 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0383 5488 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:12.0383 5488 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

20:10:12.0383 5488 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:10:13.0273 5488 \Device\Harddisk0\DR0\# - copied to quarantine

20:10:13.0273 5488 \Device\Harddisk0\DR0 - copied to quarantine

20:10:13.0397 5488 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:10:13.0881 5488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:10:13.0897 5488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:10:14.0287 5488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:10:14.0879 5488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:10:14.0942 5488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:10:15.0410 5488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

20:10:15.0410 5488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

20:10:15.0410 5488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:10:15.0425 5488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:10:15.0441 5488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:10:15.0971 5488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

20:10:15.0971 5488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

20:10:15.0971 5488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

20:10:16.0018 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

20:10:16.0018 5488 \Device\Harddisk0\DR0 - ok

20:10:17.0968 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

20:10:17.0968 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:10:17.0968 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:10:21.0946 5276 Deinitialize success

Link to post
Share on other sites

Just run TDSSKiller again and delete this one only:

20:10:17.0968 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:10:17.0968 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~

Then..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Hi MrC:

Here's the ComboFix log:

--------------------------------------------------------------------

ComboFix 12-08-09.01 - Nick 08/09/2012 21:22:51.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4010.2572 [GMT -4:00]

Running from: c:\users\Nick\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll

c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll

c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll

c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll

c:\programdata\Roaming

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 01:27 . 2012-08-10 01:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-10 01:27 . 2012-08-10 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 00:10 . 2012-08-10 01:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-09 15:19 . 2012-08-09 15:19 -------- d-----w- c:\users\Nick\AppData\Roaming\Malwarebytes

2012-08-09 15:19 . 2012-08-09 15:19 -------- d-----w- c:\programdata\Malwarebytes

2012-08-09 15:19 . 2012-08-09 15:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-09 15:19 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-01 19:12 . 2012-08-01 19:12 -------- d-----w- c:\program files (x86)\EA GAMES

2012-07-12 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 10:06 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 07:03 . 2011-08-28 13:45 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-05 18:31 . 2012-06-05 18:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-05 18:31 . 2011-09-03 06:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-05 18:31 . 2012-06-05 18:31 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-04 15:23 . 2012-06-04 15:23 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-04 15:23 . 2011-07-04 22:03 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-02 22:19 . 2012-06-22 00:46 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 00:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 00:46 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 00:46 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 00:46 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 00:46 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 00:46 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 00:45 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 00:45 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"7 Taskbar Tweaker"="c:\users\Nick\AppData\Roaming\7 Taskbar Tweaker\7 Taskbar Tweaker.exe" [2011-08-20 131584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 257696]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-04-26 34200]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-06-26 918064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-08 50704]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-04-26 25496]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 54864042

*Deregistered* - 54864042

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 18:31]

.

2012-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-09 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 415064]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ca/advanced_search

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187

FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\p6swhzft.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search

FF - prefs.js: network.proxy.http - corp-apps-proxy

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-MediaGet2 - c:\users\Nick\AppData\Local\MediaGet2\mediaget.exe

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3950330392-3544514729-2435179646-1002\Software\SecuROM\License information*]

"datasecu"=hex:95,19,1e,15,11,bb,57,88,00,7f,07,b6,73,42,6e,68,96,d7,fc,09,76,

ba,2e,bc,ac,2e,88,c8,f3,26,24,92,9d,ba,1e,f8,a0,b3,3a,cd,1e,25,27,2b,2e,60,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-09 21:30:28

ComboFix-quarantined-files.txt 2012-08-10 01:30

.

Pre-Run: 187,839,758,336 bytes free

Post-Run: 188,062,347,264 bytes free

.

- - End Of File - - 16290881D61B15642B39D5A62718365B

Link to post
Share on other sites

Seems to be running great. Here's the log from updated MWB.

----------------------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.10.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Nick :: ANTONINUS [administrator]

8/9/2012 10:03:38 PM

mbam-log-2012-08-09 (22-03-38).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219842

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.