Jump to content

Trojan / temp files / Zero access rootkit / Win64/Alureon.D

jonesda
 Share

Recommended Posts

jonesda

jonesda

Posted
Posted

A couple of days back i found a wierd proccess in my task manager named 0.5#####... with the description guarder pro. So I decided to go to the file location and scan the file with malwarebytes. The file was said to be two infected items with the name trojan.dropper.ed. Now today I run into another issue adobe reader keeps wanting to install. I keep saying no ill install it later but it just keeps comming back. So i decided to tab out of that and look at my processes again. there is another file that was odd and after scanning it with malware bytes said it was a trojan.faker.ms or something cant remember exactly.

Ive had an issue with an fbi virus earlier and one of the adiministrators i believe helped me out with that, but he also mentioned that it would appear that i have a backdoor trojan. He helped me get rid of a few but it seems im still infected. Please help me out here I would rather not rebuild my computer.

Also ive noticed my symantec keep finding a DWH###.tmp and considers it a virus or malware.

Link to post
Share on other sites
  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Maurice Naggar

Maurice Naggar

Posted
Posted

Hello,

Let me suggest, if you're an MBAM PRO customer, you contact the consumer help desk directly here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

IF you wish to continue here on the forum:

Please do not run any fix tools (including your antivirus or MBAM) on your own.

Please advise exactly when you last ran MBAM & get me a copy of the last scan log, for review.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the otlDesktopIcon.png icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Keep in mind that sometimes a system is so infected that the only thing to do is a wipe/erase & a rebuild from scratch.

Do you have the Windows operating system CD/DVD that should have come when you bought this system now icon_question.gif

Do you have a system image backup, on Offline media, from before this last set of infections icon_question.gif

If this is Windows 7 or 8, then Do you have a system rescue disc icon_question.gif

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

I ran OTL and then SecurityCHeck but I have an issue with OTL it is not giving out a Extras.txt

OTL logfile created on: 4/21/2013 12:22:55 AM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daivd\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.39 Gb Available Physical Memory | 67.45% Memory free

15.99 Gb Paging File | 13.78 Gb Available in Paging File | 86.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1397.17 Gb Total Space | 832.73 Gb Free Space | 59.60% Space Free | Partition Type: NTFS

Computer Name: DAIVD-PC | User Name: Daivd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 00:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daivd\Desktop\OTL.exe

PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/14 11:08:52 | 002,255,360 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2012/10/11 10:55:32 | 000,336,304 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

PRC - [2012/08/09 02:05:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/02/22 05:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe

PRC - [2010/11/08 12:40:10 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2010/11/08 12:39:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

PRC - [2010/08/10 16:44:14 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

PRC - [2010/08/10 16:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/11 13:33:43 | 000,112,318 | ---- | M] () -- C:\Users\Daivd\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll

MOD - [2013/02/14 04:57:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/02/14 04:23:31 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll

MOD - [2013/01/09 04:39:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll

MOD - [2013/01/09 04:39:26 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.Wrapper.dll

MOD - [2013/01/09 04:39:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll

MOD - [2013/01/09 04:39:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll

MOD - [2013/01/09 04:39:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/09 04:39:00 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll

MOD - [2013/01/09 04:38:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/09 04:38:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/09 04:38:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/09 04:38:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2013/01/09 04:27:45 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2024a7339aa5ad2712d239d454d3c355\System.Management.ni.dll

MOD - [2013/01/09 04:26:23 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\92a212ecc0518acff05c1719236b9302\UIAutomationProvider.ni.dll

MOD - [2013/01/09 04:26:11 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll

MOD - [2013/01/09 04:26:11 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll

MOD - [2013/01/09 04:26:10 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll

MOD - [2013/01/09 04:26:09 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\84068bac0b3859c94652214e0b90dfc6\System.Xml.Linq.ni.dll

MOD - [2013/01/09 04:25:44 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll

MOD - [2013/01/09 04:25:40 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll

MOD - [2013/01/09 04:16:03 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll

MOD - [2013/01/09 04:15:52 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll

MOD - [2013/01/09 04:15:47 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll

MOD - [2013/01/09 04:15:46 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll

MOD - [2013/01/09 04:15:44 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll

MOD - [2013/01/09 04:15:44 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll

MOD - [2013/01/09 04:15:43 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll

MOD - [2013/01/09 04:15:41 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll

MOD - [2013/01/09 04:15:40 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll

MOD - [2013/01/09 04:15:35 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll

MOD - [2012/05/30 15:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 15:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/16 08:38:44 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll

MOD - [2010/11/20 00:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/11/09 22:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012/08/09 02:05:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/03/06 11:36:00 | 004,199,520 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/11/17 15:43:06 | 000,428,912 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)

SRV - [2010/11/12 02:14:04 | 003,249,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2010/11/08 12:40:10 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2010/09/07 11:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2010/08/10 16:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2010/08/10 16:43:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/04 21:22:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/10/05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/17 03:01:22 | 000,110,592 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)

DRV:64bit: - [2012/07/15 21:41:57 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/09 22:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/11/09 22:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/11/09 21:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/12 02:14:04 | 000,053,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)

DRV:64bit: - [2010/09/17 08:10:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)

DRV:64bit: - [2010/09/17 08:10:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010/09/17 08:10:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2010/08/16 12:39:38 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)

DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2007/07/23 04:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)

DRV:64bit: - [2007/03/20 06:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)

DRV - [2013/01/16 05:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130420.003\ex64.sys -- (NAVEX15)

DRV - [2013/01/16 05:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130420.003\eng64.sys -- (NAVENG)

DRV - [2012/08/09 04:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/09 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/09/17 08:10:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)

DRV - [2010/09/17 08:10:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

DRV - [2010/09/17 08:10:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{37B91586-6F1B-44FE-B3F7-AD67679E7BE1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS493

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.2

FF - prefs.js..extensions.enabledItems: optout@dubfire.net:2.0

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.15

FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29

FF - prefs.js..extensions.enabledItems: daplinkchecker@speedbit.com:1.0.0.9

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:10.0.2.6

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2012/08/20 01:41:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2.0\Extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\Components [2012/12/05 16:14:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2.0\Extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\Plugins [2013/04/20 20:17:29 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2012/08/20 01:41:46 | 000,000,000 | ---D | M]

[2012/07/25 02:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daivd\AppData\Roaming\Mozilla\Extensions

[2013/02/24 08:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daivd\AppData\Roaming\Mozilla\Firefox\Profiles\epeey5gn.default\extensions

[2013/01/19 20:23:44 | 000,000,000 | ---D | M] (Mozilla Framework Assistant) -- C:\Users\Daivd\AppData\Roaming\Mozilla\Firefox\Profiles\epeey5gn.default\extensions\{20f9dacf-6a3a-4f1e-b786-29852ef7d6ac}

[2012/11/04 17:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/15 21:21:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012/07/15 21:21:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2012/07/15 21:21:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2012/07/15 21:21:43 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2012/07/15 21:21:45 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Program Files (x86)\Mozilla Firefox\extensions\allglassv2@ambroos.neowin.net

[2012/07/15 21:21:45 | 000,000,000 | ---D | M] (Targeted Advertising Cookie Opt-Out (TACO)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\optout@dubfire.net

[2012/07/15 21:21:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Program Files (x86)\Mozilla Firefox\extensions\piclens@cooliris.com

[2012/08/20 01:41:46 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES (X86)\DAP\DAPFIREFOX

[2012/08/20 01:41:47 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES (X86)\DAP\DAPLINKCHECKER

[2012/07/19 18:10:02 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\lib/npdapchrome.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: YouTube = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: YouTube = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: DAP Link Checker = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.9_0\

CHR - Extension: Google Search = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Google Search = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\

CHR - Extension: Gmail = C:\Users\Daivd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/11 13:14:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)

O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Daivd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (Speedbit Ltd.)

O4 - HKCU..\Run: [Rundll32] Rundll32.exe "C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\unicode2.nls",0 File not found

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A783F02-E1B6-47FE-AE9F-B539B1C7F906}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Users\Daivd\AppData\Roaming\mcafee.ini) - C:\Users\Daivd\AppData\Roaming\mcafee.ini ()

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 00:22:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daivd\Desktop\OTL.exe

[2013/04/20 23:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/20 20:25:01 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/04/20 20:25:01 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/04/11 14:59:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/04/11 13:19:33 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/04/11 08:00:49 | 000,000,000 | ---D | C] -- C:\Users\Daivd\AppData\Local\VirtualStore

[2013/04/11 00:00:46 | 000,000,000 | ---D | C] -- C:\Users\Daivd\Desktop\RK_Quarantine

[2013/04/10 22:24:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/10 22:24:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/04/10 22:24:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/04/10 22:24:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/04/10 22:24:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/04/10 22:24:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/04/10 22:24:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/04/10 22:24:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/04/10 22:24:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/04/10 22:24:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/04/10 22:24:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/04/10 22:24:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/04/10 22:24:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/04/10 22:24:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/10 22:24:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/04/10 20:07:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/04/10 15:42:42 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/04/10 15:42:42 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/04/10 15:42:39 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/04/10 15:42:38 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/04/10 15:42:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/04/10 15:42:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/04/10 11:42:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/04/10 11:42:24 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/04/10 11:42:23 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/04/10 11:42:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/04/10 11:42:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/04/10 11:42:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

[2013/04/10 05:15:11 | 000,000,000 | ---D | C] -- C:\FRST

[2013/04/10 00:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\sve

[2013/04/05 03:06:49 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/04/05 03:06:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/04/05 03:06:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/04/05 03:06:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/04/05 03:06:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/04/05 03:06:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/04/05 03:06:48 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/04/05 03:06:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/04/05 03:06:48 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/04/05 03:06:48 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/04/05 03:06:48 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/04/05 03:06:48 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/04/05 03:06:48 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/04/05 03:06:48 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/04/05 03:06:48 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/04/05 03:06:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/04/05 03:06:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/04/05 03:06:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/04/05 03:06:48 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/04/05 03:06:48 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/04/05 03:06:48 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/04/05 03:06:48 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/04/05 03:06:48 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/04/05 03:06:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/04/05 03:06:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/04/05 03:06:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/04/05 03:06:48 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/04/05 03:06:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/04/05 03:06:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/04/05 03:06:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/04/05 03:06:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/04/05 03:06:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/04/05 03:06:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/04/05 03:06:47 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/04/05 03:06:47 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/04/05 03:06:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/04/05 03:06:47 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/04/05 03:06:47 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/04/05 03:06:47 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/04/05 03:06:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/04/05 03:06:47 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/04/05 03:06:47 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/04/05 03:06:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/04/05 03:06:47 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/04/05 03:06:47 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/04/05 03:06:47 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/04/05 03:06:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/04/05 03:06:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/04/05 03:06:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/04/05 03:06:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/04/05 03:06:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/04/05 03:06:47 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/04/05 03:06:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/04/05 03:04:45 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/04/05 03:04:45 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/04/05 03:04:45 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/04/05 03:04:45 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/04/05 03:04:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/04/05 03:04:45 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/04/05 03:04:45 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/04/05 03:04:45 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/04/05 03:04:45 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/04/05 03:04:45 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/04/05 03:04:45 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/04/05 03:04:45 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/04/05 03:04:45 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/04/05 03:04:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/04/05 03:04:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/04/05 03:04:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/04/05 03:04:45 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/04/05 03:04:45 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/04/05 03:04:45 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/04/05 03:04:45 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/04/05 03:04:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/04/05 03:04:45 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/04/05 03:04:45 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/04/05 03:04:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 03:04:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 03:04:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/04/05 03:04:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/04/01 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BioShock Infinite

[2013/04/01 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite

[2013/03/23 14:14:52 | 000,000,000 | ---D | C] -- C:\Users\Daivd\AppData\Local\WarThunder

[2013/03/23 14:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder

[2013/03/23 14:14:41 | 000,000,000 | ---D | C] -- C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder

[2013/03/23 14:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\War Thunder

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 00:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daivd\Desktop\OTL.exe

[2013/04/21 00:05:34 | 000,890,815 | ---- | M] () -- C:\Users\Daivd\Desktop\SecurityCheck.exe

[2013/04/20 23:57:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/20 22:56:16 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/20 22:56:16 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/20 20:25:01 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/04/20 20:25:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/04/20 03:03:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/19 17:10:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/19 17:09:53 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/17 17:49:40 | 000,434,946 | ---- | M] () -- C:\Users\Daivd\Desktop\Tidepools Poster2.pdf

[2013/04/15 10:18:01 | 002,447,264 | ---- | M] () -- C:\Users\Daivd\Desktop\TechnicLauncher.exe

[2013/04/15 00:21:48 | 000,782,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/15 00:21:48 | 000,669,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/15 00:21:48 | 000,127,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/11 22:58:23 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/04/11 13:14:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/04/11 03:20:53 | 000,433,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/10 23:54:03 | 000,791,040 | ---- | M] () -- C:\Users\Daivd\Desktop\RogueKillerX64.exe

[2013/04/10 23:54:02 | 000,001,298 | ---- | M] () -- C:\Users\Daivd\Desktop\My DAP Downloads.lnk

[2013/04/05 03:06:49 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2013/04/05 03:06:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll

[2013/04/05 03:06:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll

[2013/04/05 03:06:48 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/04/05 03:06:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2013/04/05 03:06:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2013/04/05 03:06:48 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2013/04/05 03:06:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll

[2013/04/05 03:06:48 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2013/04/05 03:06:48 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2013/04/05 03:06:48 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2013/04/05 03:06:48 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2013/04/05 03:06:48 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2013/04/05 03:06:48 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/04/05 03:06:48 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/04/05 03:06:48 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2013/04/05 03:06:48 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2013/04/05 03:06:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2013/04/05 03:06:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2013/04/05 03:06:48 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2013/04/05 03:06:48 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/04/05 03:06:48 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2013/04/05 03:06:48 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2013/04/05 03:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2013/04/05 03:06:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2013/04/05 03:06:48 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2013/04/05 03:06:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/04/05 03:06:48 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2013/04/05 03:06:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2013/04/05 03:06:48 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2013/04/05 03:06:48 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2013/04/05 03:06:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2013/04/05 03:06:48 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/05 03:06:48 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/05 03:06:48 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2013/04/05 03:06:48 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2013/04/05 03:06:47 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/04/05 03:06:47 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll

[2013/04/05 03:06:47 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/04/05 03:06:47 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/04/05 03:06:47 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2013/04/05 03:06:47 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2013/04/05 03:06:47 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2013/04/05 03:06:47 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2013/04/05 03:06:47 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2013/04/05 03:06:47 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2013/04/05 03:06:47 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/04/05 03:06:47 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2013/04/05 03:06:47 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2013/04/05 03:06:47 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2013/04/05 03:06:47 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2013/04/05 03:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2013/04/05 03:06:47 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2013/04/05 03:06:47 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2013/04/05 03:06:47 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2013/04/05 03:04:45 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/04/05 03:04:45 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/04/05 03:04:45 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/04/05 03:04:45 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/04/05 03:04:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/04/05 03:04:45 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/04/05 03:04:45 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/04/05 03:04:45 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/04/05 03:04:45 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/04/05 03:04:45 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/04/05 03:04:45 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/04/05 03:04:45 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/04/05 03:04:45 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/04/05 03:04:45 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/04/05 03:04:45 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/04/05 03:04:45 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/04/05 03:04:45 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/04/05 03:04:45 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/04/05 03:04:45 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/04/05 03:04:45 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/04/05 03:04:45 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/04/05 03:04:45 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/04/05 03:04:45 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/04/05 03:04:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 03:04:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 03:04:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/04/05 03:04:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/04/05 03:04:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/01 21:09:35 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk

[2013/04/01 21:09:35 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\Launch BioShock Infinite Benchmarking Utility.lnk

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 00:05:33 | 000,890,815 | ---- | C] () -- C:\Users\Daivd\Desktop\SecurityCheck.exe

[2013/04/17 17:49:30 | 000,434,946 | ---- | C] () -- C:\Users\Daivd\Desktop\Tidepools Poster2.pdf

[2013/04/10 23:54:02 | 000,791,040 | ---- | C] () -- C:\Users\Daivd\Desktop\RogueKillerX64.exe

[2013/04/05 03:06:48 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/05 03:06:48 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/04/01 21:09:35 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk

[2013/04/01 21:09:35 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\Launch BioShock Infinite Benchmarking Utility.lnk

[2013/03/21 00:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2012/11/29 10:58:11 | 000,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI

[2012/10/19 16:58:03 | 000,769,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/20 01:41:45 | 000,109,256 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll

[2012/08/20 01:41:45 | 000,090,824 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll

[2012/08/06 03:35:54 | 000,007,615 | ---- | C] () -- C:\Users\Daivd\AppData\Local\Resmon.ResmonCfg

[2012/07/17 19:16:32 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/07/17 19:16:31 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/07/15 21:24:36 | 000,000,990 | ---- | C] () -- C:\Users\Daivd\AppData\Local\7F68A003.il

[2012/07/15 21:24:36 | 000,000,832 | ---- | C] () -- C:\Users\Daivd\AppData\Local\IndexIE_7F68A003.il

[2012/07/15 21:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/07/15 21:07:43 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012/07/15 21:07:43 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012/07/15 20:46:41 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/06/14 13:41:30 | 000,150,016 | ---- | C] () -- C:\Users\Daivd\AppData\Roaming\mcafee.ini

[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/09/12 18:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"ThreadingModel" = Both

"" = C:\$Recycle.Bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/15 10:24:33 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\.minecraft

[2013/04/15 10:17:53 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\.technic

[2013/03/14 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\.techniclauncher

[2012/12/04 21:34:01 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\DAEMON Tools Lite

[2012/08/21 17:42:58 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\e-academy Inc

[2013/02/11 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Fatshark

[2012/07/16 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Ideazon

[2012/07/17 10:43:03 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\LolClient

[2012/12/21 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Mount&Blade Warband

[2013/01/20 01:40:36 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Natural Selection 2

[2012/12/09 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Origin

[2013/01/03 18:18:45 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\Play withSIX

[2012/07/31 22:02:49 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\The Creative Assembly

[2012/12/13 04:24:16 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\TS3Client

[2012/07/15 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\uTorrent

[2013/03/22 00:57:30 | 000,000,000 | ---D | M] -- C:\Users\Daivd\AppData\Roaming\wargaming.net

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

JavaFX 2.1.1

Java 7 Update 7

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (en-US). Firefox out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

forgot to include the malwarebytes log and also I have the windows 7 install disc I do not have a systems back up or a rescue disc

Internet Explorer 10.0.9200.16540

Daivd :: DAIVD-PC [administrator]

4/17/2013 7:04:48 AM

mbam-log-2013-04-17 (07-04-48).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 659352

Time elapsed: 2 hour(s), 37 minute(s), 37 second(s)

Memory Processes Detected: 2

C:\Users\Daivd\AppData\Local\Temp\5B85.tmp (Trojan.FakeMS) -> 8508 -> Delete on reboot.

C:\Users\Daivd\AppData\Local\Temp\5B85.tmp (Trojan.FakeMS) -> 57232 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Daivd\AppData\Roaming\mcafee.ini,explorer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Daivd\AppData\Local\Temp\5B85.tmp (Trojan.FakeMS) -> Delete on reboot.

C:\Users\Daivd\AppData\Local\Temp\msimg32.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Users\Daivd\Desktop\hjaa.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Let's have you do the following. Do as much as possible of the tasks. If and only if you hit a "block" doing one task, proceed forward and do the following task that I outlined.

Task 1

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Task 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file JonesOTL.txt and SAVE to your DESKTOP
  • Start NOTEPAD
    Start NOTEPAD. Check and make sure "word wrap" is off.
    From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
    IF it -is- checkmarked, click that one time so that it is un-checked.
  • Open the JonesOTL.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Task 3

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and display information and disclaimer in a Command prompt window.
  • I'd suggest you close all internet browsers at this point.
  • Press a key on keyboard to start scanning your system.
  • Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  • There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

DO tell me, How is the system now :excl:

There will be more to do later.

Your Java runtime & Adobe Reader & Firefox are out of date & pose a possible security risk.

DO not do any websurfing with this system, until I give the all clear.

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

my mistake the acctual thing that showed up for adobe flash player is ...

User account control

do you want to allow the following program to make changes to this computer?

Program name: adobe flash player

verified publisher: adobe system incorporated

file origin: hard drive on this computer

Porgram location: "c:\users\daivd\appdata\local\temp\in....

Then behind that is it asking if i want to run OTL im guessing yes...

and behind that it is showing symantec antivirus. it seemed to have reactivated its self after the restart. and also it seems to have found something but i cannot check untill i get past the User account control for adobe.

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

sorry forgot about the log

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37B91586-6F1B-44FE-B3F7-AD67679E7BE1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B91586-6F1B-44FE-B3F7-AD67679E7BE1}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rundll32 deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Daivd\AppData\Roaming\mcafee.ini deleted successfully.

File move failed. C:\Users\Daivd\AppData\Roaming\mcafee.ini scheduled to be moved on reboot.

========== FILES ==========

C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.

C:\Users\Daivd\AppData\Roaming\uTorrent folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daivd

->Temp folder emptied: 86180547 bytes

->Temporary Internet Files folder emptied: 237293382 bytes

->Java cache emptied: 240553 bytes

->FireFox cache emptied: 4768282 bytes

->Google Chrome cache emptied: 231542996 bytes

->Flash cache emptied: 2448 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 3797504 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 139 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46437664 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 582.00 mb

[EMPTYFLASH]

User: All Users

User: Daivd

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Daivd

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04212013_131317

Files\Folders moved on Reboot...

File move failed. C:\Users\Daivd\AppData\Roaming\mcafee.ini scheduled to be moved on reboot.

C:\Users\Daivd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Daivd\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

This is the log from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.7 (04.21.2013:1)

OS: Windows 7 Ultimate x64

Ran by Daivd on Sun 04/21/2013 at 14:01:22.58

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\savings sidekick

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3201318

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Daivd\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Daivd\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\Daivd\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Daivd\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\user.js

~~~ Chrome

Dumping contents of C:\Users\Daivd\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Daivd\appdata\local\Google\Chrome\User Data\Default\Default\aadgdadfdaddgcgbgfddgcgcdededbde

C:\Users\Daivd\appdata\local\Google\Chrome\User Data\Default\Default\aadgdadfdaddgcgbgfddgcgcdededbde\manifest.json

Successfully deleted: [Folder] C:\Users\Daivd\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cdjbnddbclciabnckgeahmneohjlahdm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 04/21/2013 at 14:03:35.80

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Always, always have infinite patience when Windows starts up. A few seconds here or there before seeing a fully started Windows 7 is normal.

This is not an instant-on device like a cell-phone. <lol>

Please make sure you dig thru your Antivirus product and learn how to "completely" turn it off, as often enough, we ask 1st that you turn it off before we have you run some special tool.

If need be, visit and search for how-to at your antivirus manufacturer's support website.

You had had more than a couple of items in temp areas that now should be gone.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

there will me more to do later.

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

Here is the malwarebytes log

alwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.21.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

Daivd :: DAIVD-PC [administrator]

4/21/2013 2:47:31 PM

mbam-log-2013-04-21 (14-47-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217380

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Daivd\AppData\Roaming\mcafee.ini,explorer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Daivd\AppData\Local\Temp\37D1.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I am bothered by the find of a backdoor bot noted above. This system is not "out of the woods, yet".

Do not do any websurfing of any sort; NO online transactions or online banking.

Task 1

Turn OFF your antivirus program (in full. Do not give it any time limits. All off.)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

IF you have Avast installed, Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 2

Delete any prior copy of Tdsskiller.exe :excl:

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Task 3

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

Sorry this took a while I haven't had the time to sit down and start the computer.

here is the scan log for asw

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-23 12:22:16

-----------------------------

12:22:16.684 OS Version: Windows x64 6.1.7601 Service Pack 1

12:22:16.684 Number of processors: 4 586 0x1E05

12:22:16.684 ComputerName: DAIVD-PC UserName: Daivd

12:22:19.274 Initialize success

12:22:25.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3

12:22:25.640 Disk 0 Vendor: WDC_WD15EADS-00P8B0 01.00A01 Size: 1430799MB BusType: 3

12:22:25.749 Disk 0 MBR read successfully

12:22:25.749 Disk 0 MBR scan

12:22:25.749 Disk 0 Windows 7 default MBR code

12:22:25.749 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:22:25.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848

12:22:25.765 Disk 0 scanning C:\Windows\system32\drivers

12:22:31.911 Service scanning

12:22:42.488 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32

12:22:44.033 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32

12:22:44.079 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32

12:22:44.781 Modules scanning

12:22:44.781 Scan finished successfully

12:26:25.725 Disk 0 MBR has been saved successfully to "C:\Users\Daivd\Desktop\MBR.dat"

12:26:25.725 The log file has been saved successfully to "C:\Users\Daivd\Desktop\aswMBR.txt"

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

Here is the log for tdss killer

12:28:12.0463 52468 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

12:28:12.0946 52468 ============================================================

12:28:12.0946 52468 Current date / time: 2013/04/23 12:28:12.0946

12:28:12.0946 52468 SystemInfo:

12:28:12.0946 52468

12:28:12.0946 52468 OS Version: 6.1.7601 ServicePack: 1.0

12:28:12.0946 52468 Product type: Workstation

12:28:12.0946 52468 ComputerName: DAIVD-PC

12:28:12.0946 52468 UserName: Daivd

12:28:12.0946 52468 Windows directory: C:\Windows

12:28:12.0946 52468 System windows directory: C:\Windows

12:28:12.0946 52468 Running under WOW64

12:28:12.0946 52468 Processor architecture: Intel x64

12:28:12.0946 52468 Number of processors: 4

12:28:12.0946 52468 Page size: 0x1000

12:28:12.0946 52468 Boot type: Normal boot

12:28:12.0946 52468 ============================================================

12:28:13.0929 52468 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

12:28:13.0929 52468 ============================================================

12:28:13.0929 52468 \Device\Harddisk0\DR0:

12:28:13.0929 52468 MBR partitions:

12:28:13.0929 52468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

12:28:13.0929 52468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800

12:28:13.0929 52468 ============================================================

12:28:13.0945 52468 C: <-> \Device\Harddisk0\DR0\Partition2

12:28:13.0945 52468 ============================================================

12:28:13.0945 52468 Initialize success

12:28:13.0945 52468 ============================================================

12:28:41.0526 41356 ============================================================

12:28:41.0526 41356 Scan started

12:28:41.0526 41356 Mode: Manual; SigCheck; TDLFS;

12:28:41.0526 41356 ============================================================

12:28:41.0916 41356 ================ Scan system memory ========================

12:28:41.0916 41356 System memory - ok

12:28:41.0916 41356 ================ Scan services =============================

12:28:42.0072 41356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:28:42.0134 41356 1394ohci - ok

12:28:42.0165 41356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:28:42.0181 41356 ACPI - ok

12:28:42.0212 41356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:28:42.0274 41356 AcpiPmi - ok

12:28:42.0384 41356 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:28:42.0384 41356 AdobeARMservice - ok

12:28:42.0415 41356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:28:42.0430 41356 adp94xx - ok

12:28:42.0446 41356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:28:42.0446 41356 adpahci - ok

12:28:42.0477 41356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:28:42.0493 41356 adpu320 - ok

12:28:42.0524 41356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:28:42.0633 41356 AeLookupSvc - ok

12:28:42.0664 41356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

12:28:42.0696 41356 AFD - ok

12:28:42.0727 41356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:28:42.0742 41356 agp440 - ok

12:28:42.0758 41356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:28:42.0789 41356 ALG - ok

12:28:42.0789 41356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:28:42.0805 41356 aliide - ok

12:28:42.0836 41356 [ B3E801135E0C81733542C14D9AA8120A ] Alpham1 C:\Windows\system32\DRIVERS\Alpham164.sys

12:28:42.0898 41356 Alpham1 - ok

12:28:42.0914 41356 [ 6493983FEDBC49D9112703ECE9B251FE ] Alpham2 C:\Windows\system32\DRIVERS\Alpham264.sys

12:28:42.0930 41356 Alpham2 - ok

12:28:42.0961 41356 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

12:28:42.0992 41356 AMD External Events Utility - ok

12:28:43.0008 41356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:28:43.0008 41356 amdide - ok

12:28:43.0039 41356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:28:43.0054 41356 AmdK8 - ok

12:28:43.0226 41356 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

12:28:43.0429 41356 amdkmdag - ok

12:28:43.0460 41356 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

12:28:43.0507 41356 amdkmdap - ok

12:28:43.0507 41356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:28:43.0538 41356 AmdPPM - ok

12:28:43.0585 41356 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:28:43.0600 41356 amdsata - ok

12:28:43.0616 41356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:28:43.0616 41356 amdsbs - ok

12:28:43.0632 41356 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:28:43.0647 41356 amdxata - ok

12:28:43.0663 41356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:28:43.0725 41356 AppID - ok

12:28:43.0756 41356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:28:43.0803 41356 AppIDSvc - ok

12:28:43.0834 41356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:28:43.0897 41356 Appinfo - ok

12:28:44.0022 41356 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:28:44.0022 41356 Apple Mobile Device - ok

12:28:44.0037 41356 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

12:28:44.0068 41356 AppMgmt - ok

12:28:44.0084 41356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

12:28:44.0100 41356 arc - ok

12:28:44.0100 41356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:28:44.0100 41356 arcsas - ok

12:28:44.0224 41356 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:28:44.0240 41356 aspnet_state - ok

12:28:44.0256 41356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:28:44.0287 41356 AsyncMac - ok

12:28:44.0302 41356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:28:44.0302 41356 atapi - ok

12:28:44.0490 41356 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

12:28:44.0568 41356 atikmdag - ok

12:28:44.0599 41356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:28:44.0646 41356 AudioEndpointBuilder - ok

12:28:44.0646 41356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:28:44.0677 41356 AudioSrv - ok

12:28:44.0724 41356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:28:44.0786 41356 AxInstSV - ok

12:28:44.0802 41356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

12:28:44.0833 41356 b06bdrv - ok

12:28:44.0848 41356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:28:44.0864 41356 b57nd60a - ok

12:28:44.0895 41356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:28:44.0926 41356 BDESVC - ok

12:28:44.0926 41356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:28:44.0973 41356 Beep - ok

12:28:45.0051 41356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

12:28:45.0098 41356 BFE - ok

12:28:45.0145 41356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

12:28:45.0192 41356 BITS - ok

12:28:45.0207 41356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:28:45.0223 41356 blbdrive - ok

12:28:45.0285 41356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

12:28:45.0301 41356 Bonjour Service - ok

12:28:45.0317 41356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:28:45.0363 41356 bowser - ok

12:28:45.0363 41356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:28:45.0426 41356 BrFiltLo - ok

12:28:45.0441 41356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:28:45.0457 41356 BrFiltUp - ok

12:28:45.0488 41356 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

12:28:45.0551 41356 BridgeMP - ok

12:28:45.0582 41356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

12:28:45.0613 41356 Browser - ok

12:28:45.0629 41356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:28:45.0644 41356 Brserid - ok

12:28:45.0644 41356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:28:45.0675 41356 BrSerWdm - ok

12:28:45.0675 41356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:28:45.0722 41356 BrUsbMdm - ok

12:28:45.0738 41356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:28:45.0738 41356 BrUsbSer - ok

12:28:45.0738 41356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:28:45.0769 41356 BTHMODEM - ok

12:28:45.0800 41356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:28:45.0831 41356 bthserv - ok

12:28:45.0847 41356 catchme - ok

12:28:45.0878 41356 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

12:28:45.0878 41356 ccEvtMgr - ok

12:28:45.0894 41356 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

12:28:45.0894 41356 ccSetMgr - ok

12:28:45.0909 41356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:28:45.0941 41356 cdfs - ok

12:28:45.0987 41356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:28:46.0003 41356 cdrom - ok

12:28:46.0019 41356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:28:46.0050 41356 CertPropSvc - ok

12:28:46.0050 41356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:28:46.0065 41356 circlass - ok

12:28:46.0081 41356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:28:46.0097 41356 CLFS - ok

12:28:46.0143 41356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:28:46.0159 41356 clr_optimization_v2.0.50727_32 - ok

12:28:46.0175 41356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:28:46.0190 41356 clr_optimization_v2.0.50727_64 - ok

12:28:46.0268 41356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:28:46.0284 41356 clr_optimization_v4.0.30319_32 - ok

12:28:46.0284 41356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:28:46.0299 41356 clr_optimization_v4.0.30319_64 - ok

12:28:46.0315 41356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:28:46.0315 41356 CmBatt - ok

12:28:46.0362 41356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:28:46.0362 41356 cmdide - ok

12:28:46.0393 41356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

12:28:46.0409 41356 CNG - ok

12:28:46.0440 41356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:28:46.0440 41356 Compbatt - ok

12:28:46.0471 41356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:28:46.0518 41356 CompositeBus - ok

12:28:46.0518 41356 COMSysApp - ok

12:28:46.0533 41356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:28:46.0549 41356 crcdisk - ok

12:28:46.0580 41356 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:28:46.0611 41356 CryptSvc - ok

12:28:46.0658 41356 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

12:28:46.0721 41356 CSC - ok

12:28:46.0767 41356 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

12:28:46.0783 41356 CscService - ok

12:28:46.0830 41356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:28:46.0892 41356 DcomLaunch - ok

12:28:46.0908 41356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:28:46.0955 41356 defragsvc - ok

12:28:46.0986 41356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:28:47.0017 41356 DfsC - ok

12:28:47.0048 41356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:28:47.0079 41356 Dhcp - ok

12:28:47.0111 41356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:28:47.0157 41356 discache - ok

12:28:47.0157 41356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:28:47.0173 41356 Disk - ok

12:28:47.0189 41356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:28:47.0220 41356 Dnscache - ok

12:28:47.0251 41356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:28:47.0298 41356 dot3svc - ok

12:28:47.0329 41356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:28:47.0376 41356 DPS - ok

12:28:47.0407 41356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:28:47.0438 41356 drmkaud - ok

12:28:47.0485 41356 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

12:28:47.0516 41356 dtsoftbus01 - ok

12:28:47.0547 41356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:28:47.0579 41356 DXGKrnl - ok

12:28:47.0594 41356 EagleX64 - ok

12:28:47.0610 41356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:28:47.0657 41356 EapHost - ok

12:28:47.0719 41356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

12:28:47.0781 41356 ebdrv - ok

12:28:47.0828 41356 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

12:28:47.0844 41356 eeCtrl - ok

12:28:47.0859 41356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

12:28:47.0891 41356 EFS - ok

12:28:47.0937 41356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:28:47.0969 41356 ehRecvr - ok

12:28:48.0000 41356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

12:28:48.0031 41356 ehSched - ok

12:28:48.0078 41356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:28:48.0093 41356 elxstor - ok

12:28:48.0140 41356 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:28:48.0140 41356 EraserUtilRebootDrv - ok

12:28:48.0156 41356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:28:48.0171 41356 ErrDev - ok

12:28:48.0203 41356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:28:48.0234 41356 EventSystem - ok

12:28:48.0265 41356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:28:48.0281 41356 exfat - ok

12:28:48.0296 41356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:28:48.0327 41356 fastfat - ok

12:28:48.0359 41356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:28:48.0421 41356 Fax - ok

12:28:48.0437 41356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:28:48.0452 41356 fdc - ok

12:28:48.0468 41356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:28:48.0483 41356 fdPHost - ok

12:28:48.0499 41356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:28:48.0530 41356 FDResPub - ok

12:28:48.0546 41356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:28:48.0561 41356 FileInfo - ok

12:28:48.0577 41356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:28:48.0608 41356 Filetrace - ok

12:28:48.0608 41356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:28:48.0624 41356 flpydisk - ok

12:28:48.0655 41356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:28:48.0671 41356 FltMgr - ok

12:28:48.0733 41356 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

12:28:48.0780 41356 FontCache - ok

12:28:48.0827 41356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:28:48.0827 41356 FontCache3.0.0.0 - ok

12:28:48.0842 41356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:28:48.0858 41356 FsDepends - ok

12:28:48.0889 41356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:28:48.0889 41356 Fs_Rec - ok

12:28:48.0920 41356 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:28:48.0936 41356 fvevol - ok

12:28:48.0951 41356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:28:48.0967 41356 gagp30kx - ok

12:28:48.0983 41356 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:28:48.0983 41356 GEARAspiWDM - ok

12:28:49.0029 41356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:28:49.0107 41356 gpsvc - ok

12:28:49.0279 41356 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:28:49.0279 41356 gupdate - ok

12:28:49.0279 41356 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:28:49.0295 41356 gupdatem - ok

12:28:49.0310 41356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:28:49.0310 41356 gusvc - ok

12:28:49.0357 41356 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

12:28:49.0357 41356 hamachi - ok

12:28:49.0419 41356 [ 3832D6353272000BD48C4748B386A786 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

12:28:49.0451 41356 Hamachi2Svc - ok

12:28:49.0466 41356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:28:49.0497 41356 hcw85cir - ok

12:28:49.0544 41356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:28:49.0560 41356 HdAudAddService - ok

12:28:49.0575 41356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:28:49.0607 41356 HDAudBus - ok

12:28:49.0622 41356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:28:49.0638 41356 HidBatt - ok

12:28:49.0653 41356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:28:49.0653 41356 HidBth - ok

12:28:49.0669 41356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:28:49.0685 41356 HidIr - ok

12:28:49.0700 41356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

12:28:49.0731 41356 hidserv - ok

12:28:49.0731 41356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:28:49.0747 41356 HidUsb - ok

12:28:49.0794 41356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:28:49.0809 41356 hkmsvc - ok

12:28:49.0841 41356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:28:49.0872 41356 HomeGroupListener - ok

12:28:49.0887 41356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:28:49.0919 41356 HomeGroupProvider - ok

12:28:49.0965 41356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:28:49.0965 41356 HpSAMD - ok

12:28:50.0012 41356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:28:50.0059 41356 HTTP - ok

12:28:50.0090 41356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:28:50.0090 41356 hwpolicy - ok

12:28:50.0137 41356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:28:50.0137 41356 i8042prt - ok

12:28:50.0168 41356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:28:50.0184 41356 iaStorV - ok

12:28:50.0231 41356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:28:50.0246 41356 idsvc - ok

12:28:50.0262 41356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:28:50.0262 41356 iirsp - ok

12:28:50.0293 41356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:28:50.0340 41356 IKEEXT - ok

12:28:50.0387 41356 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:28:50.0449 41356 IntcAzAudAddService - ok

12:28:50.0449 41356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:28:50.0465 41356 intelide - ok

12:28:50.0480 41356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:28:50.0496 41356 intelppm - ok

12:28:50.0527 41356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:28:50.0558 41356 IPBusEnum - ok

12:28:50.0589 41356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:28:50.0621 41356 IpFilterDriver - ok

12:28:50.0683 41356 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:28:50.0714 41356 iphlpsvc - ok

12:28:50.0730 41356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:28:50.0761 41356 IPMIDRV - ok

12:28:50.0761 41356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:28:50.0792 41356 IPNAT - ok

12:28:50.0839 41356 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:28:50.0839 41356 iPod Service - ok

12:28:50.0855 41356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:28:50.0901 41356 IRENUM - ok

12:28:50.0917 41356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:28:50.0917 41356 isapnp - ok

12:28:50.0964 41356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:28:50.0979 41356 iScsiPrt - ok

12:28:50.0995 41356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:28:50.0995 41356 kbdclass - ok

12:28:51.0026 41356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:28:51.0042 41356 kbdhid - ok

12:28:51.0057 41356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

12:28:51.0073 41356 KeyIso - ok

12:28:51.0089 41356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:28:51.0089 41356 KSecDD - ok

12:28:51.0104 41356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:28:51.0120 41356 KSecPkg - ok

12:28:51.0135 41356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:28:51.0167 41356 ksthunk - ok

12:28:51.0198 41356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:28:51.0245 41356 KtmRm - ok

12:28:51.0291 41356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

12:28:51.0323 41356 LanmanServer - ok

12:28:51.0354 41356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:28:51.0401 41356 LanmanWorkstation - ok

12:28:51.0479 41356 [ 6ABE9ECAAB7DD0CC6F46EC830E0FE8FC ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

12:28:51.0557 41356 LiveUpdate - ok

12:28:51.0572 41356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:28:51.0603 41356 lltdio - ok

12:28:51.0635 41356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:28:51.0681 41356 lltdsvc - ok

12:28:51.0697 41356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:28:51.0713 41356 lmhosts - ok

12:28:51.0728 41356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:28:51.0744 41356 LSI_FC - ok

12:28:51.0744 41356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:28:51.0759 41356 LSI_SAS - ok

12:28:51.0775 41356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:28:51.0791 41356 LSI_SAS2 - ok

12:28:51.0791 41356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:28:51.0806 41356 LSI_SCSI - ok

12:28:51.0806 41356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:28:51.0837 41356 luafv - ok

12:28:51.0869 41356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:28:51.0900 41356 Mcx2Svc - ok

12:28:51.0915 41356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:28:51.0931 41356 megasas - ok

12:28:51.0931 41356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:28:51.0947 41356 MegaSR - ok

12:28:52.0009 41356 Microsoft SharePoint Workspace Audit Service - ok

12:28:52.0040 41356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:28:52.0071 41356 MMCSS - ok

12:28:52.0087 41356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:28:52.0103 41356 Modem - ok

12:28:52.0103 41356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:28:52.0134 41356 monitor - ok

12:28:52.0149 41356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:28:52.0149 41356 mouclass - ok

12:28:52.0165 41356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:28:52.0181 41356 mouhid - ok

12:28:52.0212 41356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:28:52.0227 41356 mountmgr - ok

12:28:52.0243 41356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

12:28:52.0243 41356 mpio - ok

12:28:52.0259 41356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:28:52.0274 41356 mpsdrv - ok

12:28:52.0337 41356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:28:52.0368 41356 MpsSvc - ok

12:28:52.0415 41356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:28:52.0430 41356 MRxDAV - ok

12:28:52.0461 41356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:28:52.0493 41356 mrxsmb - ok

12:28:52.0508 41356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:28:52.0524 41356 mrxsmb10 - ok

12:28:52.0555 41356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:28:52.0571 41356 mrxsmb20 - ok

12:28:52.0586 41356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

12:28:52.0602 41356 msahci - ok

12:28:52.0633 41356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:28:52.0633 41356 msdsm - ok

12:28:52.0649 41356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

12:28:52.0664 41356 MSDTC - ok

12:28:52.0695 41356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:28:52.0711 41356 Msfs - ok

12:28:52.0727 41356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:28:52.0758 41356 mshidkmdf - ok

12:28:52.0773 41356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:28:52.0789 41356 msisadrv - ok

12:28:52.0820 41356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:28:52.0851 41356 MSiSCSI - ok

12:28:52.0851 41356 msiserver - ok

12:28:52.0867 41356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:28:52.0898 41356 MSKSSRV - ok

12:28:52.0929 41356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:28:52.0961 41356 MSPCLOCK - ok

12:28:52.0961 41356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:28:52.0992 41356 MSPQM - ok

12:28:53.0023 41356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:28:53.0039 41356 MsRPC - ok

12:28:53.0085 41356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:28:53.0085 41356 mssmbios - ok

12:28:53.0101 41356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:28:53.0132 41356 MSTEE - ok

12:28:53.0148 41356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:28:53.0163 41356 MTConfig - ok

12:28:53.0179 41356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

12:28:53.0179 41356 Mup - ok

12:28:53.0226 41356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

12:28:53.0257 41356 napagent - ok

12:28:53.0288 41356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:28:53.0319 41356 NativeWifiP - ok

12:28:53.0444 41356 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130422.003\ENG64.SYS

12:28:53.0460 41356 NAVENG - ok

12:28:53.0507 41356 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130422.003\EX64.SYS

12:28:53.0569 41356 NAVEX15 - ok

12:28:53.0585 41356 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:28:53.0616 41356 NDIS - ok

12:28:53.0616 41356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:28:53.0647 41356 NdisCap - ok

12:28:53.0663 41356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:28:53.0694 41356 NdisTapi - ok

12:28:53.0725 41356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:28:53.0756 41356 Ndisuio - ok

12:28:53.0787 41356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:28:53.0819 41356 NdisWan - ok

12:28:53.0850 41356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:28:53.0881 41356 NDProxy - ok

12:28:53.0881 41356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:28:53.0928 41356 NetBIOS - ok

12:28:53.0959 41356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:28:53.0990 41356 NetBT - ok

12:28:54.0006 41356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

12:28:54.0021 41356 Netlogon - ok

12:28:54.0068 41356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

12:28:54.0099 41356 Netman - ok

12:28:54.0146 41356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:28:54.0162 41356 NetMsmqActivator - ok

12:28:54.0162 41356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:28:54.0162 41356 NetPipeActivator - ok

12:28:54.0193 41356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

12:28:54.0240 41356 netprofm - ok

12:28:54.0240 41356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:28:54.0240 41356 NetTcpActivator - ok

12:28:54.0255 41356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:28:54.0255 41356 NetTcpPortSharing - ok

12:28:54.0318 41356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:28:54.0318 41356 nfrd960 - ok

12:28:54.0349 41356 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:28:54.0380 41356 NlaSvc - ok

12:28:54.0380 41356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:28:54.0396 41356 Npfs - ok

12:28:54.0427 41356 npggsvc - ok

12:28:54.0443 41356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

12:28:54.0489 41356 nsi - ok

12:28:54.0505 41356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:28:54.0536 41356 nsiproxy - ok

12:28:54.0583 41356 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:28:54.0614 41356 Ntfs - ok

12:28:54.0630 41356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

12:28:54.0677 41356 Null - ok

12:28:54.0692 41356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:28:54.0692 41356 nvraid - ok

12:28:54.0708 41356 [ 5266D03C0628FAE9C35F40EEC078FC88 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys

12:28:54.0723 41356 nvrd64 - ok

12:28:54.0739 41356 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys

12:28:54.0755 41356 nvsmu - ok

12:28:54.0786 41356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:28:54.0786 41356 nvstor - ok

12:28:54.0817 41356 [ 2A718473EDE7032A508A8F44C633657F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys

12:28:54.0817 41356 nvstor64 - ok

12:28:54.0848 41356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:28:54.0864 41356 nv_agp - ok

12:28:54.0895 41356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:28:54.0911 41356 ohci1394 - ok

12:28:54.0957 41356 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:28:54.0973 41356 ose64 - ok

12:28:55.0098 41356 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:28:55.0207 41356 osppsvc - ok

12:28:55.0238 41356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:28:55.0269 41356 p2pimsvc - ok

12:28:55.0285 41356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

12:28:55.0301 41356 p2psvc - ok

12:28:55.0316 41356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:28:55.0332 41356 Parport - ok

12:28:55.0363 41356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:28:55.0363 41356 partmgr - ok

12:28:55.0379 41356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:28:55.0394 41356 PcaSvc - ok

12:28:55.0410 41356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

12:28:55.0425 41356 pci - ok

12:28:55.0441 41356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

12:28:55.0441 41356 pciide - ok

12:28:55.0457 41356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:28:55.0472 41356 pcmcia - ok

12:28:55.0472 41356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

12:28:55.0488 41356 pcw - ok

12:28:55.0503 41356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:28:55.0550 41356 PEAUTH - ok

12:28:55.0581 41356 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

12:28:55.0613 41356 PeerDistSvc - ok

12:28:55.0675 41356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:28:55.0706 41356 PerfHost - ok

12:28:55.0753 41356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

12:28:55.0800 41356 pla - ok

12:28:55.0862 41356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:28:55.0893 41356 PlugPlay - ok

12:28:55.0909 41356 PnkBstrA - ok

12:28:55.0925 41356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:28:55.0940 41356 PNRPAutoReg - ok

12:28:55.0956 41356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:28:55.0971 41356 PNRPsvc - ok

12:28:56.0003 41356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:28:56.0034 41356 PolicyAgent - ok

12:28:56.0049 41356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

12:28:56.0096 41356 Power - ok

12:28:56.0127 41356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:28:56.0159 41356 PptpMiniport - ok

12:28:56.0174 41356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:28:56.0190 41356 Processor - ok

12:28:56.0221 41356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

12:28:56.0268 41356 ProfSvc - ok

12:28:56.0283 41356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:28:56.0283 41356 ProtectedStorage - ok

12:28:56.0330 41356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:28:56.0361 41356 Psched - ok

12:28:56.0408 41356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:28:56.0439 41356 ql2300 - ok

12:28:56.0455 41356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:28:56.0471 41356 ql40xx - ok

12:28:56.0486 41356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

12:28:56.0502 41356 QWAVE - ok

12:28:56.0502 41356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:28:56.0533 41356 QWAVEdrv - ok

12:28:56.0549 41356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:28:56.0564 41356 RasAcd - ok

12:28:56.0580 41356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:28:56.0611 41356 RasAgileVpn - ok

12:28:56.0642 41356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

12:28:56.0673 41356 RasAuto - ok

12:28:56.0705 41356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:28:56.0751 41356 Rasl2tp - ok

12:28:56.0783 41356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

12:28:56.0814 41356 RasMan - ok

12:28:56.0829 41356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:28:56.0861 41356 RasPppoe - ok

12:28:56.0876 41356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:28:56.0907 41356 RasSstp - ok

12:28:56.0939 41356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:28:56.0970 41356 rdbss - ok

12:28:56.0985 41356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:28:57.0001 41356 rdpbus - ok

12:28:57.0001 41356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:28:57.0032 41356 RDPCDD - ok

12:28:57.0063 41356 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

12:28:57.0079 41356 RDPDR - ok

12:28:57.0095 41356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:28:57.0126 41356 RDPENCDD - ok

12:28:57.0141 41356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:28:57.0173 41356 RDPREFMP - ok

12:28:57.0204 41356 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

12:28:57.0219 41356 RdpVideoMiniport - ok

12:28:57.0251 41356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:28:57.0282 41356 RDPWD - ok

12:28:57.0313 41356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:28:57.0329 41356 rdyboost - ok

12:28:57.0344 41356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:28:57.0391 41356 RemoteAccess - ok

12:28:57.0422 41356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:28:57.0453 41356 RemoteRegistry - ok

12:28:57.0469 41356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:28:57.0516 41356 RpcEptMapper - ok

12:28:57.0547 41356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

12:28:57.0578 41356 RpcLocator - ok

12:28:57.0609 41356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

12:28:57.0641 41356 RpcSs - ok

12:28:57.0687 41356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:28:57.0703 41356 rspndr - ok

12:28:57.0734 41356 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

12:28:57.0765 41356 RTL8167 - ok

12:28:57.0812 41356 [ 672CA863751E96F0A800215C11FD496F ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys

12:28:57.0859 41356 rzudd - ok

12:28:57.0875 41356 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

12:28:57.0906 41356 s3cap - ok

12:28:57.0921 41356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

12:28:57.0937 41356 SamSs - ok

12:28:57.0968 41356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:28:57.0984 41356 sbp2port - ok

12:28:57.0984 41356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:28:58.0031 41356 SCardSvr - ok

12:28:58.0062 41356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:28:58.0093 41356 scfilter - ok

12:28:58.0140 41356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

12:28:58.0187 41356 Schedule - ok

12:28:58.0218 41356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:28:58.0233 41356 SCPolicySvc - ok

12:28:58.0265 41356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:28:58.0296 41356 SDRSVC - ok

12:28:58.0311 41356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:28:58.0358 41356 secdrv - ok

12:28:58.0389 41356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

12:28:58.0436 41356 seclogon - ok

12:28:58.0452 41356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

12:28:58.0483 41356 SENS - ok

12:28:58.0499 41356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:28:58.0514 41356 SensrSvc - ok

12:28:58.0530 41356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:28:58.0561 41356 Serenum - ok

12:28:58.0577 41356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:28:58.0577 41356 Serial - ok

12:28:58.0623 41356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:28:58.0639 41356 sermouse - ok

12:28:58.0686 41356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

12:28:58.0717 41356 SessionEnv - ok

12:28:58.0748 41356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:28:58.0764 41356 sffdisk - ok

12:28:58.0779 41356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:28:58.0795 41356 sffp_mmc - ok

12:28:58.0811 41356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:28:58.0826 41356 sffp_sd - ok

12:28:58.0842 41356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:28:58.0857 41356 sfloppy - ok

12:28:58.0889 41356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:28:58.0951 41356 SharedAccess - ok

12:28:58.0998 41356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:28:59.0029 41356 ShellHWDetection - ok

12:28:59.0045 41356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:28:59.0045 41356 SiSRaid2 - ok

12:28:59.0060 41356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:28:59.0076 41356 SiSRaid4 - ok

12:28:59.0154 41356 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

12:28:59.0169 41356 SkypeUpdate - ok

12:28:59.0169 41356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:28:59.0185 41356 Smb - ok

12:28:59.0294 41356 [ 13FFB1D55C2710ABC3119474A83C0A44 ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

12:28:59.0325 41356 SmcService - ok

12:28:59.0357 41356 [ 0BDEF6DADB43601FDCB031B4B0383580 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

12:28:59.0357 41356 SNAC - ok

12:28:59.0372 41356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:28:59.0388 41356 SNMPTRAP - ok

12:28:59.0388 41356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

12:28:59.0403 41356 spldr - ok

12:28:59.0435 41356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

12:28:59.0450 41356 Spooler - ok

12:28:59.0528 41356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

12:28:59.0622 41356 sppsvc - ok

12:28:59.0637 41356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:28:59.0669 41356 sppuinotify - ok

12:28:59.0684 41356 [ 83834EBC0786CCF5EE64FBBB6A89CF3A ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS

12:28:59.0700 41356 SRTSP - ok

12:28:59.0715 41356 [ E47D5D68917E0D70E3730263D41CEFA3 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS

12:28:59.0731 41356 SRTSPL - ok

12:28:59.0731 41356 [ EA2051FF6A40C89EAA98C1769AD68597 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS

12:28:59.0747 41356 SRTSPX - ok

12:28:59.0778 41356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

12:28:59.0809 41356 srv - ok

12:28:59.0825 41356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:28:59.0840 41356 srv2 - ok

12:28:59.0856 41356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:28:59.0887 41356 srvnet - ok

12:28:59.0918 41356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:28:59.0949 41356 SSDPSRV - ok

12:28:59.0965 41356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:28:59.0996 41356 SstpSvc - ok

12:29:00.0012 41356 Steam Client Service - ok

12:29:00.0043 41356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:29:00.0043 41356 stexstor - ok

12:29:00.0090 41356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

12:29:00.0121 41356 stisvc - ok

12:29:00.0152 41356 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

12:29:00.0152 41356 storflt - ok

12:29:00.0168 41356 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

12:29:00.0168 41356 storvsc - ok

12:29:00.0183 41356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

12:29:00.0199 41356 swenum - ok

12:29:00.0230 41356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

12:29:00.0261 41356 swprv - ok

12:29:00.0308 41356 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

12:29:00.0324 41356 Symantec AntiVirus - ok

12:29:00.0339 41356 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

12:29:00.0355 41356 SymEvent - ok

12:29:00.0355 41356 Synth3dVsc - ok

12:29:00.0417 41356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

12:29:00.0464 41356 SysMain - ok

12:29:00.0495 41356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:29:00.0511 41356 TabletInputService - ok

12:29:00.0542 41356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:29:00.0605 41356 TapiSrv - ok

12:29:00.0605 41356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

12:29:00.0636 41356 TBS - ok

12:29:00.0698 41356 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:29:00.0745 41356 Tcpip - ok

12:29:00.0761 41356 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:29:00.0792 41356 TCPIP6 - ok

12:29:00.0823 41356 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:29:00.0854 41356 tcpipreg - ok

12:29:00.0885 41356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:29:00.0917 41356 TDPIPE - ok

12:29:00.0932 41356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:29:00.0948 41356 TDTCP - ok

12:29:00.0979 41356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:29:00.0995 41356 tdx - ok

12:29:01.0026 41356 [ 9416ED539BB8771EEF44D454555A97DB ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys

12:29:01.0041 41356 Teefer2 - ok

12:29:01.0073 41356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:29:01.0073 41356 TermDD - ok

12:29:01.0104 41356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

12:29:01.0135 41356 TermService - ok

12:29:01.0151 41356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

12:29:01.0182 41356 Themes - ok

12:29:01.0197 41356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

12:29:01.0229 41356 THREADORDER - ok

12:29:01.0244 41356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

12:29:01.0275 41356 TrkWks - ok

12:29:01.0338 41356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:29:01.0369 41356 TrustedInstaller - ok

12:29:01.0400 41356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:29:01.0431 41356 tssecsrv - ok

12:29:01.0463 41356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:29:01.0478 41356 TsUsbFlt - ok

12:29:01.0494 41356 tsusbhub - ok

12:29:01.0525 41356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:29:01.0572 41356 tunnel - ok

12:29:01.0587 41356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:29:01.0603 41356 uagp35 - ok

12:29:01.0634 41356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:29:01.0665 41356 udfs - ok

12:29:01.0681 41356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:29:01.0697 41356 UI0Detect - ok

12:29:01.0712 41356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:29:01.0712 41356 uliagpkx - ok

12:29:01.0743 41356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

12:29:01.0775 41356 umbus - ok

12:29:01.0775 41356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:29:01.0790 41356 UmPass - ok

12:29:01.0837 41356 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

12:29:01.0853 41356 UmRdpService - ok

12:29:01.0884 41356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

12:29:01.0931 41356 upnphost - ok

12:29:01.0962 41356 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

12:29:01.0993 41356 USBAAPL64 - ok

12:29:02.0009 41356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:29:02.0040 41356 usbccgp - ok

12:29:02.0071 41356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:29:02.0087 41356 usbcir - ok

12:29:02.0087 41356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

12:29:02.0102 41356 usbehci - ok

12:29:02.0133 41356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:29:02.0196 41356 usbhub - ok

12:29:02.0227 41356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:29:02.0289 41356 usbohci - ok

12:29:02.0383 41356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:29:02.0399 41356 usbprint - ok

12:29:02.0430 41356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

12:29:02.0445 41356 usbscan - ok

12:29:02.0461 41356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:29:02.0477 41356 USBSTOR - ok

12:29:02.0492 41356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

12:29:02.0508 41356 usbuhci - ok

12:29:02.0523 41356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

12:29:02.0539 41356 UxSms - ok

12:29:02.0570 41356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

12:29:02.0570 41356 VaultSvc - ok

12:29:02.0586 41356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:29:02.0586 41356 vdrvroot - ok

12:29:02.0633 41356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

12:29:02.0648 41356 vds - ok

12:29:02.0679 41356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:29:02.0695 41356 vga - ok

12:29:02.0695 41356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

12:29:02.0726 41356 VgaSave - ok

12:29:02.0726 41356 VGPU - ok

12:29:02.0757 41356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:29:02.0773 41356 vhdmp - ok

12:29:02.0773 41356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:29:02.0789 41356 viaide - ok

12:29:02.0820 41356 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

12:29:02.0835 41356 vmbus - ok

12:29:02.0867 41356 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

12:29:02.0882 41356 VMBusHID - ok

12:29:02.0898 41356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:29:02.0898 41356 volmgr - ok

12:29:02.0945 41356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:29:02.0960 41356 volmgrx - ok

12:29:02.0976 41356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:29:02.0976 41356 volsnap - ok

12:29:03.0007 41356 [ 7254B4F4A59F9D18B49CAF8AA0428631 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

12:29:03.0038 41356 vpcbus - ok

12:29:03.0069 41356 [ ED501CEBF6F571FCCE55887BDF4888EA ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

12:29:03.0085 41356 vpcnfltr - ok

12:29:03.0116 41356 [ 2CE21FFD391FE21763DDC32B1CAABA7D ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

12:29:03.0132 41356 vpcusb - ok

12:29:03.0147 41356 [ C3F658CD063EA677FCCBB620167B44C8 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

12:29:03.0163 41356 vpcvmm - ok

12:29:03.0179 41356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:29:03.0179 41356 vsmraid - ok

12:29:03.0225 41356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:29:03.0272 41356 VSS - ok

12:29:03.0272 41356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

12:29:03.0303 41356 vwifibus - ok

12:29:03.0335 41356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:29:03.0366 41356 W32Time - ok

12:29:03.0381 41356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:29:03.0397 41356 WacomPen - ok

12:29:03.0413 41356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:29:03.0444 41356 WANARP - ok

12:29:03.0459 41356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:29:03.0475 41356 Wanarpv6 - ok

12:29:03.0522 41356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:29:03.0553 41356 WatAdminSvc - ok

12:29:03.0600 41356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:29:03.0647 41356 wbengine - ok

12:29:03.0662 41356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:29:03.0678 41356 WbioSrvc - ok

12:29:03.0709 41356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:29:03.0756 41356 wcncsvc - ok

12:29:03.0771 41356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:29:03.0787 41356 WcsPlugInService - ok

12:29:03.0787 41356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:29:03.0803 41356 Wd - ok

12:29:03.0849 41356 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:29:03.0865 41356 Wdf01000 - ok

12:29:03.0881 41356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:29:03.0959 41356 WdiServiceHost - ok

12:29:03.0959 41356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:29:03.0974 41356 WdiSystemHost - ok

12:29:04.0005 41356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:29:04.0037 41356 WebClient - ok

12:29:04.0037 41356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:29:04.0068 41356 Wecsvc - ok

12:29:04.0083 41356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:29:04.0130 41356 wercplsupport - ok

12:29:04.0130 41356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:29:04.0161 41356 WerSvc - ok

12:29:04.0177 41356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:29:04.0208 41356 WfpLwf - ok

12:29:04.0208 41356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:29:04.0224 41356 WIMMount - ok

12:29:04.0255 41356 WinDefend - ok

12:29:04.0271 41356 WinHttpAutoProxySvc - ok

12:29:04.0302 41356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:29:04.0333 41356 Winmgmt - ok

12:29:04.0380 41356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:29:04.0458 41356 WinRM - ok

12:29:04.0489 41356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:29:04.0505 41356 WinUsb - ok

12:29:04.0520 41356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:29:04.0551 41356 Wlansvc - ok

12:29:04.0583 41356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:29:04.0598 41356 WmiAcpi - ok

12:29:04.0614 41356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:29:04.0645 41356 wmiApSrv - ok

12:29:04.0661 41356 WMPNetworkSvc - ok

12:29:04.0676 41356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:29:04.0707 41356 WPCSvc - ok

12:29:04.0739 41356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:29:04.0770 41356 WPDBusEnum - ok

12:29:04.0785 41356 [ 5C123D0266A85DC828B4DD638CBD6968 ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys

12:29:04.0801 41356 WPS - ok

12:29:04.0832 41356 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys

12:29:04.0832 41356 WpsHelper - ok

12:29:04.0848 41356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:29:04.0879 41356 ws2ifsl - ok

12:29:04.0926 41356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

12:29:04.0941 41356 wscsvc - ok

12:29:04.0941 41356 WSearch - ok

12:29:05.0004 41356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

12:29:05.0051 41356 wuauserv - ok

12:29:05.0082 41356 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:29:05.0129 41356 WudfPf - ok

12:29:05.0144 41356 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:29:05.0144 41356 WUDFRd - ok

12:29:05.0175 41356 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:29:05.0191 41356 wudfsvc - ok

12:29:05.0222 41356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:29:05.0253 41356 WwanSvc - ok

12:29:05.0253 41356 ================ Scan global ===============================

12:29:05.0285 41356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:29:05.0316 41356 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:29:05.0331 41356 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:29:05.0347 41356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:29:05.0363 41356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

12:29:05.0378 41356 [Global] - ok

12:29:05.0378 41356 ================ Scan MBR ==================================

12:29:05.0378 41356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

12:29:05.0581 41356 \Device\Harddisk0\DR0 - ok

12:29:05.0581 41356 ================ Scan VBR ==================================

12:29:05.0581 41356 [ 8A8681F39E197984A56B6ECF14310DC9 ] \Device\Harddisk0\DR0\Partition1

12:29:05.0581 41356 \Device\Harddisk0\DR0\Partition1 - ok

12:29:05.0612 41356 [ 177ED4867C567F165B6A35B589504F12 ] \Device\Harddisk0\DR0\Partition2

12:29:05.0612 41356 \Device\Harddisk0\DR0\Partition2 - ok

12:29:05.0612 41356 ============================================================

12:29:05.0612 41356 Scan finished

12:29:05.0612 41356 ============================================================

12:29:05.0612 36020 Detected object count: 0

12:29:05.0612 36020 Actual detected object count: 0

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

Here is the log for ARK

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-04-23 12:35:37

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD15EADS-00P8B0 rev.01.00A01 1397.27GB

Running: 2q6qolsd.exe; Driver: C:\Users\Daivd\AppData\Local\Temp\pgloapob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ab000 45 bytes [00, 00, 23, 00, 4E, 74, 66, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031ab02f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173e00 7 bytes [40, 96, F3, FF, 01, A2, F0]

.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000173e08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000734d1a22 2 bytes [4D, 73]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000734d1ad0 2 bytes [4D, 73]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000734d1b08 2 bytes [4D, 73]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000734d1bba 2 bytes [4D, 73]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000734d1bda 2 bytes [4D, 73]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Windows\SysWOW64\PnkBstrA.exe[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000775af85a 1 byte [C3]

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\syswow64\USER32.dll!GetSysColor 0000000075426c3c 5 bytes JMP 000000016305da75

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 00000000754335a4 5 bytes JMP 000000016305cbdd

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll!getJit + 30 0000000070759404 4 bytes [C8, 10, 01, 10]

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[28392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b61465 2 bytes [b6, 75]

.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[28392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b614bb 2 bytes [b6, 75]

.text ... * 2

---- EOF - GMER 2.1 ----

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

The aswmbr & Tdsskiler results are fine.

Just out of curiousity, what is Ideazon ZEngine ?

  • Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Download Security Check by screen317 from >>here<<.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites
jonesda

jonesda

Posted
  • Author
Posted

Here is the log for Roguekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Daivd [Admin rights]

Mode : Scan -- Date : 04/23/2013 13:42:34

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Rundll32 (Rundll32.exe "C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\unicode2.nls",0) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-4221051904-712551184-2265908332-1000[...]\Run : Rundll32 (Rundll32.exe "C:\Users\Daivd\AppData\Roaming\Microsoft\Windows\unicode2.nls",0) [x] -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299\n.) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299\@ [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-4221051904-712551184-2265908332-1000\$7a6e0f0ca26cd7468ad186046e2d5299\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD15EADS-00P8B0 ATA Device +++++

--- User ---

[MBR] 480182cccb62a5386cdfcaf7d388b3df

[bSP] 727eb8def10d5b89a158bb33b579341a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1430697 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04232013_02d1342.txt >>

RKreport[1]_S_04232013_02d1342.txt

Don't remember if this is important or not but near the logo of roguekiller there is a triangle with and exclamation mark inside saying zero access.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept