View Full Version : Can't remove win32.downloader.gen
Hi all. Spybot picked up win32.downloader.gen but when I try to remove it I get a pop up saying "Unexpected error in fixing problems (Cannot create file "C:\Windows\wininit.ini". Access is denied)"
I haven't used spybot for a while, so I have no idea how long its been there. Any help with removal would be appreciated!
DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2
Run by Jem at 10:31:21 on 2013-05-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6103.3625 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Jem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2DDE01FD-CF74-4294-AA10-624FAEBC0F1D} : NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{44C354A6-DCC2-419D-B030-2C1921538B61} : NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{92BB6D42-2394-43DF-92A6-553D7580AA8E} : NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{92BB6D42-2394-43DF-92A6-553D7580AA8E} : DHCPNameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{DC0426B7-6A7D-4808-A5DD-D6943F0CC96C} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jem\AppData\Roaming\Mozilla\Firefox\Profiles\h0o5r0wh.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jem\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-2 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-5-18 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-3-17 378432]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-3 92160]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-3-17 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-3-17 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-5-13 46808]
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-8-17 117568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-4-4 1153368]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-10-11 5788016]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-3-22 93072]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-10-11 484720]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-3 56344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-2-17 85504]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-3 320040]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;QuickCam Communicate Deluxe(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-10-11 18288]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-12-27 36328]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-14 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-14 15360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-12-26 102368]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-2-17 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012-2-17 13952]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-27 37344]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-2-17 94208]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\System32\drivers\ew_juextctrl.sys [2012-2-17 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\System32\drivers\ew_juwwanecm.sys [2012-2-17 196096]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-12-27 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-12-27 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-12-27 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-12-27 146920]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-12-26 203104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-4 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-28 1255736]
.
=============== Created Last 30 ================
.
2013-05-29 23:46:56 -------- d-----w- C:\Program Files\CCleaner
2013-05-29 01:56:48 -------- d-----r- C:\Users\Jem\AppData\Roaming\Brother
2013-05-28 20:21:22 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9366A75E-4FE5-4434-9CFD-5C577802F6F5}\mpengine.dll
2013-05-15 00:25:25 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 00:25:25 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 00:25:25 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 00:25:15 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 00:25:13 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 00:25:13 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 00:25:12 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 00:25:05 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-15 12:33:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 12:33:28 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-01 16:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-29 23:30:24 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-03 12:21:52 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-03 12:21:52 1085344 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-04-03 12:21:52 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-08 21:15:02 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 21:15:02 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-08 21:15:02 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:31:47.40 ===============
[B]aswMBR Log
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-30 10:37:48
-----------------------------
10:37:48.822 OS Version: Windows x64 6.1.7601 Service Pack 1
10:37:48.823 Number of processors: 8 586 0x1E05
10:37:48.823 ComputerName: DESKTOP UserName: Jem
10:37:51.624 Initialize success
10:37:54.774 AVAST engine defs: 13052901
10:37:58.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:37:58.933 Disk 0 Vendor: ST375052 CC45 Size: 715404MB BusType: 3
10:37:59.025 Disk 0 MBR read successfully
10:37:59.031 Disk 0 MBR scan
10:37:59.038 Disk 0 Windows 7 default MBR code
10:37:59.045 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
10:37:59.057 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 129024
10:37:59.066 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 714590 MB offset 1665024
10:37:59.103 Disk 0 scanning C:\Windows\system32\drivers
10:38:05.891 Service scanning
10:38:17.544 Modules scanning
10:38:17.565 Disk 0 trace - called modules:
10:38:17.580 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
10:38:17.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ec790]
10:38:17.592 3 CLASSPNP.SYS[fffff88000e1543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006302050]
10:38:18.474 AVAST engine scan C:\Windows
10:38:20.298 AVAST engine scan C:\Windows\system32
10:39:54.197 AVAST engine scan C:\Windows\system32\drivers
10:40:04.644 AVAST engine scan C:\Users\Jem
10:44:17.100 AVAST engine scan C:\ProgramData
10:45:52.092 Scan finished successfully
10:53:35.646 Disk 0 MBR has been saved successfully to "C:\Users\Jem\Desktop\MBR.dat"
10:53:35.651 The log file has been saved successfully to "C:\Users\Jem\Desktop\aswMBR.txt"
Spybot Log
Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
C:\END
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1368830114
Properties.filedatetext=2013-05-18 08:35:14
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-04-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-05-29 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-29 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
The forum said my post is too long, so I'll spread it out over two.
13:15:03.0979 3560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:15:05.0164 3560 ============================================================
13:15:05.0164 3560 Current date / time: 2013/05/31 13:15:05.0164
13:15:05.0164 3560 SystemInfo:
13:15:05.0164 3560
13:15:05.0165 3560 OS Version: 6.1.7601 ServicePack: 1.0
13:15:05.0165 3560 Product type: Workstation
13:15:05.0165 3560 ComputerName: DESKTOP
13:15:05.0165 3560 UserName: Jem
13:15:05.0165 3560 Windows directory: C:\Windows
13:15:05.0165 3560 System windows directory: C:\Windows
13:15:05.0165 3560 Running under WOW64
13:15:05.0165 3560 Processor architecture: Intel x64
13:15:05.0165 3560 Number of processors: 8
13:15:05.0165 3560 Page size: 0x1000
13:15:05.0165 3560 Boot type: Normal boot
13:15:05.0165 3560 ============================================================
13:15:05.0620 3560 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:15:05.0629 3560 ============================================================
13:15:05.0629 3560 \Device\Harddisk0\DR0:
13:15:05.0629 3560 MBR partitions:
13:15:05.0630 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x177000
13:15:05.0630 3560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x196800, BlocksNum 0x573AF000
13:15:05.0630 3560 ============================================================
13:15:05.0648 3560 C: <-> \Device\Harddisk0\DR0\Partition2
13:15:05.0649 3560 ============================================================
13:15:05.0649 3560 Initialize success
13:15:05.0649 3560 ============================================================
13:15:13.0534 3012 ============================================================
13:15:13.0534 3012 Scan started
13:15:13.0534 3012 Mode: Manual;
13:15:13.0534 3012 ============================================================
13:15:13.0654 3012 ================ Scan system memory ========================
13:15:13.0654 3012 System memory - ok
13:15:13.0654 3012 ================ Scan services =============================
13:15:13.0771 3012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:15:13.0776 3012 1394ohci - ok
13:15:13.0803 3012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:15:13.0808 3012 ACPI - ok
13:15:13.0819 3012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:15:13.0821 3012 AcpiPmi - ok
13:15:13.0931 3012 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:15:13.0934 3012 AdobeARMservice - ok
13:15:14.0023 3012 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:15:14.0027 3012 AdobeFlashPlayerUpdateSvc - ok
13:15:14.0061 3012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:15:14.0068 3012 adp94xx - ok
13:15:14.0085 3012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:15:14.0091 3012 adpahci - ok
13:15:14.0107 3012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:15:14.0109 3012 adpu320 - ok
13:15:14.0128 3012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:15:14.0131 3012 AeLookupSvc - ok
13:15:14.0162 3012 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:15:14.0164 3012 AERTFilters - ok
13:15:14.0198 3012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:15:14.0205 3012 AFD - ok
13:15:14.0220 3012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:15:14.0223 3012 agp440 - ok
13:15:14.0241 3012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:15:14.0244 3012 ALG - ok
13:15:14.0254 3012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:15:14.0256 3012 aliide - ok
13:15:14.0264 3012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:15:14.0267 3012 amdide - ok
13:15:14.0284 3012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:15:14.0289 3012 AmdK8 - ok
13:15:14.0307 3012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:15:14.0311 3012 AmdPPM - ok
13:15:14.0330 3012 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:15:14.0333 3012 amdsata - ok
13:15:14.0357 3012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:15:14.0362 3012 amdsbs - ok
13:15:14.0375 3012 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:15:14.0376 3012 amdxata - ok
13:15:14.0397 3012 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
13:15:14.0399 3012 androidusb - ok
13:15:14.0425 3012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:15:14.0428 3012 AppID - ok
13:15:14.0444 3012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:15:14.0448 3012 AppIDSvc - ok
13:15:14.0475 3012 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
13:15:14.0478 3012 Appinfo - ok
13:15:14.0504 3012 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:15:14.0508 3012 AppMgmt - ok
13:15:14.0523 3012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:15:14.0527 3012 arc - ok
13:15:14.0536 3012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:15:14.0540 3012 arcsas - ok
13:15:14.0558 3012 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:15:14.0558 3012 aswFsBlk - ok
13:15:14.0601 3012 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:15:14.0602 3012 aswMonFlt - ok
13:15:14.0641 3012 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:15:14.0642 3012 aswRdr - ok
13:15:14.0695 3012 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:15:14.0696 3012 aswRvrt - ok
13:15:14.0765 3012 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:15:14.0775 3012 aswSnx - ok
13:15:14.0793 3012 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:15:14.0795 3012 aswSP - ok
13:15:14.0809 3012 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:15:14.0811 3012 aswTdi - ok
13:15:14.0833 3012 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:15:14.0836 3012 aswVmm - ok
13:15:14.0854 3012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:15:14.0857 3012 AsyncMac - ok
13:15:14.0870 3012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:15:14.0873 3012 atapi - ok
13:15:14.0909 3012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:15:14.0918 3012 AudioEndpointBuilder - ok
13:15:14.0931 3012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:15:14.0934 3012 AudioSrv - ok
13:15:14.0974 3012 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:15:14.0976 3012 avast! Antivirus - ok
13:15:15.0006 3012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:15:15.0010 3012 AxInstSV - ok
13:15:15.0038 3012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:15:15.0042 3012 b06bdrv - ok
13:15:15.0066 3012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:15:15.0069 3012 b57nd60a - ok
13:15:15.0098 3012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:15:15.0102 3012 BDESVC - ok
13:15:15.0112 3012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:15:15.0115 3012 Beep - ok
13:15:15.0143 3012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:15:15.0153 3012 BFE - ok
13:15:15.0177 3012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:15:15.0185 3012 BITS - ok
13:15:15.0189 3012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:15:15.0190 3012 blbdrive - ok
13:15:15.0203 3012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:15:15.0204 3012 bowser - ok
13:15:15.0227 3012 [ 1AD28A8A753E4BD8FDB4F5F857ACE561 ] BPowMon C:\Program Files\Broadcom\BPowMon\BPowMon.exe
13:15:15.0234 3012 BPowMon - ok
13:15:15.0251 3012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:15:15.0254 3012 BrFiltLo - ok
13:15:15.0268 3012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:15:15.0271 3012 BrFiltUp - ok
13:15:15.0291 3012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:15:15.0293 3012 Browser - ok
13:15:15.0320 3012 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
13:15:15.0325 3012 BrSerIb - ok
13:15:15.0347 3012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:15:15.0354 3012 Brserid - ok
13:15:15.0367 3012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:15:15.0371 3012 BrSerWdm - ok
13:15:15.0379 3012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:15:15.0381 3012 BrUsbMdm - ok
13:15:15.0393 3012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:15:15.0396 3012 BrUsbSer - ok
13:15:15.0405 3012 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
13:15:15.0407 3012 BrUsbSIb - ok
13:15:15.0421 3012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:15:15.0423 3012 BTHMODEM - ok
13:15:15.0438 3012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:15:15.0441 3012 bthserv - ok
13:15:15.0452 3012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:15:15.0454 3012 cdfs - ok
13:15:15.0473 3012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:15:15.0476 3012 cdrom - ok
13:15:15.0491 3012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:15:15.0494 3012 CertPropSvc - ok
13:15:15.0509 3012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:15:15.0512 3012 circlass - ok
13:15:15.0535 3012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:15:15.0543 3012 CLFS - ok
13:15:15.0613 3012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:15.0618 3012 clr_optimization_v2.0.50727_32 - ok
13:15:15.0667 3012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:15:15.0671 3012 clr_optimization_v2.0.50727_64 - ok
13:15:15.0686 3012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:15:15.0688 3012 CmBatt - ok
13:15:15.0697 3012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:15:15.0700 3012 cmdide - ok
13:15:15.0731 3012 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:15:15.0737 3012 CNG - ok
13:15:15.0754 3012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:15:15.0757 3012 Compbatt - ok
13:15:15.0775 3012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:15:15.0778 3012 CompositeBus - ok
13:15:15.0783 3012 COMSysApp - ok
13:15:15.0791 3012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:15:15.0793 3012 crcdisk - ok
13:15:15.0820 3012 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:15:15.0823 3012 CryptSvc - ok
13:15:15.0848 3012 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:15:15.0856 3012 CSC - ok
13:15:15.0876 3012 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:15:15.0886 3012 CscService - ok
13:15:15.0921 3012 [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:15:15.0924 3012 dc3d - ok
13:15:15.0946 3012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:15:15.0958 3012 DcomLaunch - ok
13:15:15.0969 3012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:15:15.0975 3012 defragsvc - ok
13:15:16.0002 3012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:15:16.0004 3012 DfsC - ok
13:15:16.0034 3012 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:15:16.0039 3012 dg_ssudbus - ok
13:15:16.0060 3012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:15:16.0066 3012 Dhcp - ok
13:15:16.0082 3012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:15:16.0085 3012 discache - ok
13:15:16.0105 3012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:15:16.0107 3012 Disk - ok
13:15:16.0126 3012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:15:16.0131 3012 Dnscache - ok
13:15:16.0157 3012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:15:16.0162 3012 dot3svc - ok
13:15:16.0174 3012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:15:16.0178 3012 DPS - ok
13:15:16.0201 3012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:15:16.0204 3012 drmkaud - ok
13:15:16.0236 3012 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:15:16.0245 3012 DXGKrnl - ok
13:15:16.0275 3012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:15:16.0279 3012 EapHost - ok
13:15:16.0349 3012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:15:16.0426 3012 ebdrv - ok
13:15:16.0451 3012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:15:16.0454 3012 EFS - ok
13:15:16.0492 3012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:15:16.0505 3012 ehRecvr - ok
13:15:16.0521 3012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:15:16.0525 3012 ehSched - ok
13:15:16.0546 3012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:15:16.0555 3012 elxstor - ok
13:15:16.0575 3012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:15:16.0578 3012 ErrDev - ok
13:15:16.0599 3012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:15:16.0607 3012 EventSystem - ok
13:15:16.0638 3012 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:15:16.0642 3012 ew_hwusbdev - ok
13:15:16.0675 3012 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
13:15:16.0678 3012 ew_usbenumfilter - ok
13:15:16.0697 3012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:15:16.0701 3012 exfat - ok
13:15:16.0719 3012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:15:16.0723 3012 fastfat - ok
13:15:16.0755 3012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:15:16.0767 3012 Fax - ok
13:15:16.0785 3012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:15:16.0787 3012 fdc - ok
13:15:16.0806 3012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:15:16.0810 3012 fdPHost - ok
13:15:16.0821 3012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:15:16.0823 3012 FDResPub - ok
13:15:16.0833 3012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:15:16.0835 3012 FileInfo - ok
13:15:16.0843 3012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:15:16.0845 3012 Filetrace - ok
13:15:16.0855 3012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:15:16.0857 3012 flpydisk - ok
13:15:16.0876 3012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:15:16.0880 3012 FltMgr - ok
13:15:16.0921 3012 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:15:16.0948 3012 FontCache - ok
13:15:16.0991 3012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:15:16.0993 3012 FontCache3.0.0.0 - ok
13:15:17.0010 3012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:15:17.0013 3012 FsDepends - ok
13:15:17.0045 3012 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
13:15:17.0049 3012 FsUsbExDisk - ok
13:15:17.0079 3012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:15:17.0080 3012 Fs_Rec - ok
13:15:17.0097 3012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:15:17.0101 3012 fvevol - ok
13:15:17.0117 3012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:15:17.0121 3012 gagp30kx - ok
13:15:17.0148 3012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:15:17.0160 3012 gpsvc - ok
13:15:17.0229 3012 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:15:17.0232 3012 gupdate - ok
13:15:17.0238 3012 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:15:17.0240 3012 gupdatem - ok
13:15:17.0250 3012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:15:17.0253 3012 hcw85cir - ok
13:15:17.0297 3012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:15:17.0300 3012 HDAudBus - ok
13:15:17.0321 3012 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:15:17.0323 3012 HECIx64 - ok
13:15:17.0339 3012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:15:17.0342 3012 HidBatt - ok
13:15:17.0355 3012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:15:17.0359 3012 HidBth - ok
13:15:17.0374 3012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:15:17.0377 3012 HidIr - ok
13:15:17.0395 3012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:15:17.0400 3012 hidserv - ok
13:15:17.0409 3012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:15:17.0411 3012 HidUsb - ok
13:15:17.0432 3012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:15:17.0436 3012 hkmsvc - ok
13:15:17.0458 3012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:15:17.0464 3012 HomeGroupListener - ok
13:15:17.0482 3012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:15:17.0489 3012 HomeGroupProvider - ok
13:15:17.0508 3012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:15:17.0512 3012 HpSAMD - ok
13:15:17.0553 3012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:15:17.0563 3012 HTTP - ok
13:15:17.0591 3012 [ 4D6C4B6FC9A8B069DB208B5E8117725B ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
13:15:17.0594 3012 huawei_cdcacm - ok
13:15:17.0611 3012 [ 2342E7FECCA0D4E31BEA5FF6A4E20885 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:15:17.0615 3012 huawei_enumerator - ok
13:15:17.0627 3012 [ 20B88224F9A4B202D00FA00C9ED28E7F ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
13:15:17.0630 3012 huawei_ext_ctrl - ok
13:15:17.0645 3012 [ 519B7EA852C713E515C84A1A25006482 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
13:15:17.0649 3012 huawei_wwanecm - ok
13:15:17.0668 3012 hwdatacard - ok
13:15:17.0702 3012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:15:17.0702 3012 hwpolicy - ok
13:15:17.0723 3012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:15:17.0726 3012 i8042prt - ok
13:15:17.0749 3012 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:15:17.0753 3012 iaStor - ok
13:15:17.0772 3012 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:15:17.0778 3012 iaStorV - ok
13:15:17.0815 3012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:15:17.0827 3012 idsvc - ok
13:15:17.0832 3012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:15:17.0834 3012 iirsp - ok
13:15:17.0889 3012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:15:17.0903 3012 IKEEXT - ok
13:15:17.0961 3012 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:15:17.0977 3012 IntcAzAudAddService - ok
13:15:18.0000 3012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:15:18.0002 3012 intelide - ok
13:15:18.0015 3012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:15:18.0016 3012 intelppm - ok
13:15:18.0037 3012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:15:18.0041 3012 IPBusEnum - ok
13:15:18.0061 3012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:15:18.0063 3012 IpFilterDriver - ok
13:15:18.0120 3012 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:15:18.0137 3012 iphlpsvc - ok
13:15:18.0165 3012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:15:18.0168 3012 IPMIDRV - ok
13:15:18.0183 3012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:15:18.0186 3012 IPNAT - ok
13:15:18.0200 3012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:15:18.0203 3012 IRENUM - ok
13:15:18.0219 3012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:15:18.0222 3012 isapnp - ok
13:15:18.0243 3012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:15:18.0250 3012 iScsiPrt - ok
13:15:18.0278 3012 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
13:15:18.0281 3012 k57nd60a - ok
13:15:18.0293 3012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:15:18.0294 3012 kbdclass - ok
13:15:18.0302 3012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:15:18.0305 3012 kbdhid - ok
13:15:18.0324 3012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:15:18.0326 3012 KeyIso - ok
13:15:18.0356 3012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:15:18.0359 3012 KSecDD - ok
13:15:18.0374 3012 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:15:18.0377 3012 KSecPkg - ok
13:15:18.0387 3012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:15:18.0390 3012 ksthunk - ok
13:15:18.0412 3012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:15:18.0423 3012 KtmRm - ok
13:15:18.0449 3012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:15:18.0457 3012 LanmanServer - ok
13:15:18.0479 3012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:15:18.0488 3012 LanmanWorkstation - ok
13:15:18.0515 3012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:15:18.0518 3012 lltdio - ok
13:15:18.0542 3012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:15:18.0549 3012 lltdsvc - ok
13:15:18.0561 3012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:15:18.0566 3012 lmhosts - ok
13:15:18.0594 3012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:15:18.0598 3012 LSI_FC - ok
13:15:18.0610 3012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:15:18.0614 3012 LSI_SAS - ok
13:15:18.0620 3012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:15:18.0623 3012 LSI_SAS2 - ok
13:15:18.0629 3012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:15:18.0633 3012 LSI_SCSI - ok
13:15:18.0652 3012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:15:18.0655 3012 luafv - ok
13:15:18.0698 3012 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
13:15:18.0702 3012 LVRS64 - ok
13:15:18.0830 3012 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
13:15:18.0853 3012 LVUVC64 - ok
13:15:18.0876 3012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:15:18.0879 3012 Mcx2Svc - ok
13:15:18.0888 3012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:15:18.0891 3012 megasas - ok
13:15:18.0908 3012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:15:18.0913 3012 MegaSR - ok
13:15:18.0929 3012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:15:18.0934 3012 MMCSS - ok
13:15:18.0948 3012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:15:18.0951 3012 Modem - ok
13:15:18.0971 3012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:15:18.0972 3012 monitor - ok
13:15:18.0990 3012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:15:18.0991 3012 mouclass - ok
13:15:19.0007 3012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:15:19.0009 3012 mouhid - ok
13:15:19.0026 3012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:15:19.0029 3012 mountmgr - ok
13:15:19.0056 3012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:15:19.0061 3012 mpio - ok
13:15:19.0078 3012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:15:19.0081 3012 mpsdrv - ok
13:15:19.0113 3012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:15:19.0127 3012 MpsSvc - ok
13:15:19.0145 3012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:15:19.0147 3012 MRxDAV - ok
13:15:19.0169 3012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:15:19.0172 3012 mrxsmb - ok
13:15:19.0196 3012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:15:19.0201 3012 mrxsmb10 - ok
13:15:19.0211 3012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:15:19.0214 3012 mrxsmb20 - ok
13:15:19.0229 3012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:15:19.0233 3012 msahci - ok
13:15:19.0245 3012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:15:19.0249 3012 msdsm - ok
13:15:19.0264 3012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:15:19.0270 3012 MSDTC - ok
13:15:19.0288 3012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:15:19.0290 3012 Msfs - ok
13:15:19.0303 3012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:15:19.0305 3012 mshidkmdf - ok
13:15:19.0314 3012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:15:19.0314 3012 msisadrv - ok
13:15:19.0342 3012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:15:19.0347 3012 MSiSCSI - ok
13:15:19.0352 3012 msiserver - ok
13:15:19.0378 3012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:15:19.0380 3012 MSKSSRV - ok
13:15:19.0395 3012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:15:19.0398 3012 MSPCLOCK - ok
13:15:19.0406 3012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:15:19.0409 3012 MSPQM - ok
13:15:19.0433 3012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:15:19.0436 3012 MsRPC - ok
13:15:19.0445 3012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:15:19.0445 3012 mssmbios - ok
13:15:19.0455 3012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:15:19.0457 3012 MSTEE - ok
13:15:19.0465 3012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:15:19.0467 3012 MTConfig - ok
13:15:19.0492 3012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:15:19.0493 3012 Mup - ok
13:15:19.0522 3012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:15:19.0532 3012 napagent - ok
13:15:19.0556 3012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:15:19.0559 3012 NativeWifiP - ok
13:15:19.0583 3012 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:15:19.0596 3012 NDIS - ok
13:15:19.0617 3012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:15:19.0619 3012 NdisCap - ok
13:15:19.0634 3012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:15:19.0636 3012 NdisTapi - ok
13:15:19.0659 3012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:15:19.0661 3012 Ndisuio - ok
13:15:19.0685 3012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:15:19.0688 3012 NdisWan - ok
13:15:19.0707 3012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:15:19.0710 3012 NDProxy - ok
13:15:19.0716 3012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:15:19.0718 3012 NetBIOS - ok
13:15:19.0736 3012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:15:19.0739 3012 NetBT - ok
13:15:19.0748 3012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:15:19.0749 3012 Netlogon - ok
13:15:19.0770 3012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:15:19.0779 3012 Netman - ok
13:15:19.0807 3012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:15:19.0818 3012 netprofm - ok
13:15:19.0840 3012 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:15:19.0843 3012 NetTcpPortSharing - ok
13:15:19.0878 3012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:15:19.0881 3012 nfrd960 - ok
13:15:19.0905 3012 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:15:19.0913 3012 NlaSvc - ok
13:15:19.0919 3012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:15:19.0921 3012 Npfs - ok
13:15:19.0954 3012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:15:19.0958 3012 nsi - ok
13:15:19.0961 3012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:15:19.0961 3012 nsiproxy - ok
13:15:20.0007 3012 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:15:20.0043 3012 Ntfs - ok
13:15:20.0084 3012 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:15:20.0086 3012 NuidFltr - ok
13:15:20.0100 3012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:15:20.0102 3012 Null - ok
13:15:20.0122 3012 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:15:20.0124 3012 NVHDA - ok
13:15:20.0321 3012 [ FE625499F48A992FCB0B676F08833FFC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:15:20.0361 3012 nvlddmkm - ok
13:15:20.0384 3012 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:15:20.0386 3012 nvraid - ok
13:15:20.0399 3012 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:15:20.0401 3012 nvstor - ok
13:15:20.0416 3012 [ D2755AFEF371FADCFC5D9B83DCD4F4D4 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:15:20.0422 3012 nvsvc - ok
13:15:20.0437 3012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:15:20.0441 3012 nv_agp - ok
13:15:20.0515 3012 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:15:20.0522 3012 odserv - ok
13:15:20.0549 3012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:15:20.0552 3012 ohci1394 - ok
13:15:20.0579 3012 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:20.0581 3012 ose - ok
13:15:20.0609 3012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:15:20.0618 3012 p2pimsvc - ok
13:15:20.0649 3012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:15:20.0659 3012 p2psvc - ok
13:15:20.0674 3012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:15:20.0678 3012 Parport - ok
13:15:20.0705 3012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:15:20.0708 3012 partmgr - ok
13:15:20.0727 3012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:15:20.0734 3012 PcaSvc - ok
13:15:20.0750 3012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:15:20.0754 3012 pci - ok
13:15:20.0765 3012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:15:20.0768 3012 pciide - ok
13:15:20.0785 3012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:15:20.0790 3012 pcmcia - ok
13:15:20.0802 3012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:15:20.0803 3012 pcw - ok
13:15:20.0821 3012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:15:20.0831 3012 PEAUTH - ok
13:15:20.0876 3012 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:15:20.0910 3012 PeerDistSvc - ok
13:15:20.0937 3012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:15:20.0939 3012 PerfHost - ok
13:15:20.0984 3012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:15:21.0035 3012 pla - ok
13:15:21.0065 3012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:15:21.0071 3012 PlugPlay - ok
13:15:21.0084 3012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:15:21.0090 3012 PNRPAutoReg - ok
13:15:21.0100 3012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:15:21.0106 3012 PNRPsvc - ok
13:15:21.0152 3012 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:15:21.0153 3012 Point64 - ok
13:15:21.0176 3012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:15:21.0185 3012 PolicyAgent - ok
13:15:21.0207 3012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:15:21.0214 3012 Power - ok
13:15:21.0246 3012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:15:21.0249 3012 PptpMiniport - ok
13:15:21.0260 3012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:15:21.0263 3012 Processor - ok
13:15:21.0283 3012 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:15:21.0291 3012 ProfSvc - ok
13:15:21.0305 3012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:15:21.0308 3012 ProtectedStorage - ok
13:15:21.0330 3012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:15:21.0332 3012 Psched - ok
13:15:21.0368 3012 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:15:21.0370 3012 PxHlpa64 - ok
13:15:21.0426 3012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:15:21.0457 3012 ql2300 - ok
13:15:21.0470 3012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:15:21.0473 3012 ql40xx - ok
13:15:21.0486 3012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:15:21.0493 3012 QWAVE - ok
13:15:21.0498 3012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:15:21.0500 3012 QWAVEdrv - ok
13:15:21.0509 3012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:15:21.0511 3012 RasAcd - ok
13:15:21.0531 3012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:15:21.0532 3012 RasAgileVpn - ok
13:15:21.0545 3012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:15:21.0551 3012 RasAuto - ok
13:15:21.0565 3012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:21.0568 3012 Rasl2tp - ok
13:15:21.0588 3012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:15:21.0596 3012 RasMan - ok
13:15:21.0607 3012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:21.0610 3012 RasPppoe - ok
13:15:21.0622 3012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:15:21.0625 3012 RasSstp - ok
13:15:21.0644 3012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:15:21.0649 3012 rdbss - ok
13:15:21.0658 3012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:15:21.0660 3012 rdpbus - ok
13:15:21.0682 3012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:21.0684 3012 RDPCDD - ok
13:15:21.0705 3012 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:15:21.0708 3012 RDPDR - ok
13:15:21.0721 3012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:15:21.0724 3012 RDPENCDD - ok
13:15:21.0731 3012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:15:21.0732 3012 RDPREFMP - ok
13:15:21.0755 3012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:15:21.0757 3012 RDPWD - ok
13:15:21.0779 3012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:15:21.0783 3012 rdyboost - ok
13:15:21.0798 3012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:15:21.0803 3012 RemoteAccess - ok
13:15:21.0815 3012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:15:21.0822 3012 RemoteRegistry - ok
13:15:21.0835 3012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:15:21.0840 3012 RpcEptMapper - ok
13:15:21.0854 3012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:15:21.0859 3012 RpcLocator - ok
13:15:21.0891 3012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:15:21.0900 3012 RpcSs - ok
13:15:21.0915 3012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:15:21.0918 3012 rspndr - ok
13:15:21.0939 3012 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:15:21.0941 3012 s3cap - ok
13:15:21.0955 3012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:15:21.0956 3012 SamSs - ok
13:15:21.0967 3012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:15:21.0969 3012 sbp2port - ok
13:15:22.0028 3012 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:15:22.0036 3012 SBSDWSCService - ok
13:15:22.0065 3012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:15:22.0069 3012 SCardSvr - ok
13:15:22.0084 3012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:15:22.0086 3012 scfilter - ok
13:15:22.0116 3012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:15:22.0146 3012 Schedule - ok
13:15:22.0176 3012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:15:22.0177 3012 SCPolicySvc - ok
13:15:22.0188 3012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:15:22.0191 3012 SDRSVC - ok
13:15:22.0209 3012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:15:22.0210 3012 secdrv - ok
13:15:22.0218 3012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:15:22.0221 3012 seclogon - ok
13:15:22.0235 3012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:15:22.0238 3012 SENS - ok
13:15:22.0250 3012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:15:22.0254 3012 SensrSvc - ok
13:15:22.0269 3012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:15:22.0270 3012 Serenum - ok
13:15:22.0279 3012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:15:22.0281 3012 Serial - ok
13:15:22.0288 3012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:15:22.0290 3012 sermouse - ok
13:15:22.0309 3012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:15:22.0312 3012 SessionEnv - ok
13:15:22.0328 3012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:15:22.0330 3012 sffdisk - ok
13:15:22.0335 3012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:15:22.0336 3012 sffp_mmc - ok
13:15:22.0348 3012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:15:22.0349 3012 sffp_sd - ok
13:15:22.0361 3012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:15:22.0363 3012 sfloppy - ok
13:15:22.0391 3012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:15:22.0395 3012 SharedAccess - ok
13:15:22.0409 3012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:15:22.0414 3012 ShellHWDetection - ok
13:15:22.0436 3012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:15:22.0439 3012 SiSRaid2 - ok
13:15:22.0451 3012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:15:22.0453 3012 SiSRaid4 - ok
13:15:22.0513 3012 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:15:22.0514 3012 SkypeUpdate - ok
13:15:22.0543 3012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:15:22.0546 3012 Smb - ok
13:15:22.0552 3012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:15:22.0554 3012 SNMPTRAP - ok
13:15:22.0571 3012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:15:22.0572 3012 spldr - ok
13:15:22.0596 3012 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:15:22.0608 3012 Spooler - ok
13:15:22.0693 3012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:15:22.0760 3012 sppsvc - ok
13:15:22.0777 3012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:15:22.0780 3012 sppuinotify - ok
13:15:22.0830 3012 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\Windows\System32\Drivers\sptd.sys
13:15:22.0839 3012 sptd - ok
13:15:22.0865 3012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:15:22.0871 3012 srv - ok
13:15:22.0886 3012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:15:22.0891 3012 srv2 - ok
13:15:22.0902 3012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:15:22.0905 3012 srvnet - ok
13:15:22.0924 3012 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
13:15:22.0928 3012 ssadbus - ok
13:15:22.0953 3012 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:15:22.0957 3012 ssadmdfl - ok
13:15:22.0981 3012 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
13:15:22.0985 3012 ssadmdm - ok
13:15:23.0009 3012 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
13:15:23.0013 3012 ssadserd - ok
13:15:23.0046 3012 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
13:15:23.0051 3012 sscdbus - ok
13:15:23.0079 3012 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:15:23.0082 3012 sscdmdfl - ok
13:15:23.0114 3012 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
13:15:23.0118 3012 sscdmdm - ok
13:15:23.0136 3012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:15:23.0144 3012 SSDPSRV - ok
13:15:23.0158 3012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:15:23.0161 3012 SstpSvc - ok
13:15:23.0185 3012 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:15:23.0190 3012 ssudmdm - ok
13:15:23.0212 3012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:15:23.0215 3012 stexstor - ok
13:15:23.0259 3012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:15:23.0270 3012 stisvc - ok
13:15:23.0299 3012 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:15:23.0301 3012 stllssvr - ok
13:15:23.0358 3012 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:15:23.0359 3012 storflt - ok
13:15:23.0376 3012 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:15:23.0379 3012 StorSvc - ok
13:15:23.0451 3012 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:15:23.0453 3012 storvsc - ok
13:15:23.0468 3012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:15:23.0469 3012 swenum - ok
13:15:23.0480 3012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:15:23.0487 3012 swprv - ok
13:15:23.0524 3012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:15:23.0558 3012 SysMain - ok
13:15:23.0578 3012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:15:23.0582 3012 TabletInputService - ok
13:15:23.0752 3012 [ 3442B004ECD4B98E6C00A0C57D8922C0 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
13:15:23.0772 3012 TabletServicePen - ok
13:15:23.0807 3012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:15:23.0813 3012 TapiSrv - ok
13:15:23.0822 3012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:15:23.0830 3012 TBS - ok
13:15:23.0885 3012 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:15:23.0919 3012 Tcpip - ok
13:15:23.0951 3012 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:15:23.0959 3012 TCPIP6 - ok
13:15:23.0989 3012 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:15:23.0992 3012 tcpipreg - ok
13:15:24.0020 3012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:15:24.0022 3012 TDPIPE - ok
13:15:24.0044 3012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:15:24.0046 3012 TDTCP - ok
13:15:24.0070 3012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:15:24.0074 3012 tdx - ok
13:15:24.0104 3012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:15:24.0106 3012 TermDD - ok
13:15:24.0133 3012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:15:24.0145 3012 TermService - ok
13:15:24.0160 3012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:15:24.0165 3012 Themes - ok
13:15:24.0174 3012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:15:24.0176 3012 THREADORDER - ok
13:15:24.0245 3012 [ 0765EE4A7A0D6609BF91CA2E4700E885 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
13:15:24.0247 3012 TomTomHOMEService - ok
13:15:24.0297 3012 [ 5D3A665F3162D331420F9DF12DDF6E29 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
13:15:24.0304 3012 TouchServicePen - ok
13:15:24.0320 3012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:15:24.0328 3012 TrkWks - ok
13:15:24.0363 3012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:15:24.0367 3012 TrustedInstaller - ok
13:15:24.0383 3012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:15:24.0386 3012 tssecsrv - ok
13:15:24.0406 3012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:15:24.0409 3012 TsUsbFlt - ok
13:15:24.0444 3012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:15:24.0448 3012 tunnel - ok
13:15:24.0464 3012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:15:24.0467 3012 uagp35 - ok
13:15:24.0499 3012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:15:24.0505 3012 udfs - ok
13:15:24.0527 3012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:15:24.0534 3012 UI0Detect - ok
13:15:24.0552 3012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:15:24.0555 3012 uliagpkx - ok
13:15:24.0576 3012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:15:24.0579 3012 umbus - ok
13:15:24.0595 3012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:15:24.0598 3012 UmPass - ok
13:15:24.0616 3012 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:15:24.0625 3012 UmRdpService - ok
13:15:24.0645 3012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:15:24.0655 3012 upnphost - ok
13:15:24.0662 3012 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:15:24.0665 3012 usbaudio - ok
13:15:24.0680 3012 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:15:24.0684 3012 usbccgp - ok
13:15:24.0709 3012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:15:24.0713 3012 usbcir - ok
13:15:24.0733 3012 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:15:24.0735 3012 usbehci - ok
13:15:24.0751 3012 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:15:24.0757 3012 usbhub - ok
13:15:24.0784 3012 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:15:24.0785 3012 usbohci - ok
13:15:24.0805 3012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:15:24.0808 3012 usbprint - ok
13:15:24.0824 3012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:15:24.0828 3012 usbscan - ok
13:15:24.0845 3012 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:15:24.0848 3012 USBSTOR - ok
13:15:24.0868 3012 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:15:24.0870 3012 usbuhci - ok
13:15:24.0891 3012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:15:24.0896 3012 usbvideo - ok
13:15:24.0906 3012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:15:24.0913 3012 UxSms - ok
13:15:24.0927 3012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:15:24.0930 3012 VaultSvc - ok
13:15:24.0952 3012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:15:24.0954 3012 vdrvroot - ok
13:15:24.0974 3012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:15:24.0987 3012 vds - ok
13:15:25.0007 3012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:15:25.0010 3012 vga - ok
13:15:25.0023 3012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:15:25.0025 3012 VgaSave - ok
13:15:25.0044 3012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:15:25.0048 3012 vhdmp - ok
13:15:25.0071 3012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:15:25.0074 3012 viaide - ok
13:15:25.0091 3012 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:15:25.0095 3012 vmbus - ok
13:15:25.0106 3012 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:15:25.0109 3012 VMBusHID - ok
13:15:25.0127 3012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:15:25.0129 3012 volmgr - ok
13:15:25.0149 3012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:15:25.0155 3012 volmgrx - ok
13:15:25.0168 3012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:15:25.0173 3012 volsnap - ok
13:15:25.0199 3012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:15:25.0203 3012 vsmraid - ok
13:15:25.0257 3012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:15:25.0299 3012 VSS - ok
13:15:25.0315 3012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:15:25.0317 3012 vwifibus - ok
13:15:25.0331 3012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:15:25.0336 3012 W32Time - ok
13:15:25.0356 3012 [ 43CE14E1E17DA81EA71DFE686805ED07 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
13:15:25.0357 3012 wacmoumonitor - ok
13:15:25.0386 3012 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
13:15:25.0387 3012 wacommousefilter - ok
13:15:25.0406 3012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:15:25.0408 3012 WacomPen - ok
13:15:25.0451 3012 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
13:15:25.0453 3012 wacomvhid - ok
13:15:25.0469 3012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:15:25.0472 3012 WANARP - ok
13:15:25.0477 3012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:15:25.0479 3012 Wanarpv6 - ok
13:15:25.0520 3012 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:15:25.0547 3012 WatAdminSvc - ok
13:15:25.0592 3012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:15:25.0627 3012 wbengine - ok
13:15:25.0640 3012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:15:25.0645 3012 WbioSrvc - ok
13:15:25.0662 3012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:15:25.0667 3012 wcncsvc - ok
13:15:25.0680 3012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:15:25.0683 3012 WcsPlugInService - ok
13:15:25.0697 3012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:15:25.0699 3012 Wd - ok
13:15:25.0723 3012 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:15:25.0732 3012 Wdf01000 - ok
13:15:25.0748 3012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:15:25.0755 3012 WdiServiceHost - ok
13:15:25.0760 3012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:15:25.0762 3012 WdiSystemHost - ok
13:15:25.0794 3012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:15:25.0803 3012 WebClient - ok
13:15:25.0819 3012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:15:25.0828 3012 Wecsvc - ok
13:15:25.0841 3012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:15:25.0848 3012 wercplsupport - ok
13:15:25.0877 3012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:15:25.0881 3012 WerSvc - ok
13:15:25.0889 3012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:15:25.0891 3012 WfpLwf - ok
13:15:25.0906 3012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:15:25.0909 3012 WIMMount - ok
13:15:25.0923 3012 WinDefend - ok
13:15:25.0933 3012 WinHttpAutoProxySvc - ok
13:15:25.0973 3012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:15:25.0981 3012 Winmgmt - ok
13:15:26.0039 3012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:15:26.0089 3012 WinRM - ok
13:15:26.0127 3012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:15:26.0130 3012 WinUsb - ok
13:15:26.0172 3012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:15:26.0190 3012 Wlansvc - ok
13:15:26.0278 3012 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:15:26.0329 3012 wlidsvc - ok
13:15:26.0337 3012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:15:26.0340 3012 WmiAcpi - ok
13:15:26.0353 3012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:15:26.0356 3012 wmiApSrv - ok
13:15:26.0365 3012 WMPNetworkSvc - ok
13:15:26.0376 3012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:15:26.0380 3012 WPCSvc - ok
13:15:26.0403 3012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:15:26.0412 3012 WPDBusEnum - ok
13:15:26.0424 3012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:15:26.0427 3012 ws2ifsl - ok
13:15:26.0442 3012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:15:26.0450 3012 wscsvc - ok
13:15:26.0456 3012 WSearch - ok
13:15:26.0547 3012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:15:26.0587 3012 wuauserv - ok
13:15:26.0591 3012 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:15:26.0592 3012 WudfPf - ok
13:15:26.0611 3012 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:15:26.0614 3012 WUDFRd - ok
13:15:26.0644 3012 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:15:26.0652 3012 wudfsvc - ok
13:15:26.0664 3012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:15:26.0673 3012 WwanSvc - ok
13:15:26.0705 3012 ================ Scan global ===============================
13:15:26.0725 3012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:15:26.0750 3012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:15:26.0764 3012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:15:26.0790 3012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:15:26.0807 3012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:15:26.0813 3012 [Global] - ok
13:15:26.0813 3012 ================ Scan MBR ==================================
13:15:26.0824 3012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:15:26.0987 3012 \Device\Harddisk0\DR0 - ok
13:15:26.0988 3012 ================ Scan VBR ==================================
13:15:26.0991 3012 [ BCE167D92B1A76427782E1D248907707 ] \Device\Harddisk0\DR0\Partition1
13:15:26.0993 3012 \Device\Harddisk0\DR0\Partition1 - ok
13:15:27.0001 3012 [ ECB71C1208B42D737819255A924B26B5 ] \Device\Harddisk0\DR0\Partition2
13:15:27.0004 3012 \Device\Harddisk0\DR0\Partition2 - ok
13:15:27.0004 3012 ============================================================
13:15:27.0004 3012 Scan finished
13:15:27.0004 3012 ============================================================
13:15:27.0020 1116 Detected object count: 0
13:15:27.0020 1116 Actual detected object count: 0
:bigthumb:
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Done :)
I'm pasting the log, easier for me to look over
ComboFix 13-05-30.02 - Jem 31/05/2013 18:57:29.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.6103.4431 [GMT 10:00]
Running from: c:\users\Jem\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-31 09:01 . 2013-05-31 09:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-30 00:29 . 2013-05-30 00:29 -------- d-----w- c:\program files (x86)\ERUNT
2013-05-29 23:46 . 2013-05-29 23:46 -------- d-----w- c:\program files\CCleaner
2013-05-29 01:56 . 2013-05-29 01:56 -------- d-----r- c:\users\Jem\AppData\Roaming\Brother
2013-05-28 20:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9366A75E-4FE5-4434-9CFD-5C577802F6F5}\mpengine.dll
2013-05-15 00:25 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:25 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:25 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 00:25 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 00:25 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 00:25 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 00:25 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 00:25 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 00:25 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 00:25 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 12:33 . 2012-04-09 00:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 12:33 . 2012-01-28 21:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 02:28 . 2010-03-18 08:34 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-04 02:15 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-04 02:15 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-02-24 21:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-05-18 05:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2010-03-17 04:17 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2010-03-17 04:17 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2010-03-17 04:17 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-03-17 04:17 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2010-06-29 05:53 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-01-14 10:00 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-09 05:19 . 2011-03-28 08:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 16:06 . 2010-03-17 04:19 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-29 23:31 . 2013-04-29 23:31 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-29 23:31 . 2013-04-29 23:31 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-29 23:31 . 2013-04-29 23:31 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-29 23:31 . 2013-04-29 23:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-29 23:31 . 2013-04-29 23:31 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-29 23:31 . 2013-04-29 23:31 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-29 23:31 . 2013-04-29 23:31 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-29 23:31 . 2013-04-29 23:31 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-29 23:31 . 2013-04-29 23:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-29 23:31 . 2013-04-29 23:31 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-29 23:31 . 2013-04-29 23:31 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-29 23:31 . 2013-04-29 23:31 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-29 23:31 . 2013-04-29 23:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-29 23:31 . 2013-04-29 23:31 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-29 23:31 . 2013-04-29 23:31 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-29 23:31 . 2013-04-29 23:31 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-29 23:31 . 2013-04-29 23:31 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-29 23:31 . 2013-04-29 23:31 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-29 23:31 . 2013-04-29 23:31 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-29 23:31 . 2013-04-29 23:31 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-29 23:31 . 2013-04-29 23:31 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-29 23:31 . 2013-04-29 23:31 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-29 23:31 . 2013-04-29 23:31 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-29 23:31 . 2013-04-29 23:31 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-29 23:31 . 2013-04-29 23:31 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-29 23:31 . 2013-04-29 23:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-29 23:31 . 2013-04-29 23:31 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-29 23:31 . 2013-04-29 23:31 441856 ----a-w- c:\windows\system32\html.iec
2013-04-29 23:31 . 2013-04-29 23:31 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-29 23:31 . 2013-04-29 23:31 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-29 23:31 . 2013-04-29 23:31 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-29 23:31 . 2013-04-29 23:31 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-29 23:31 . 2013-04-29 23:31 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-29 23:31 . 2013-04-29 23:31 235008 ----a-w- c:\windows\system32\url.dll
2013-04-29 23:31 . 2013-04-29 23:31 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-29 23:31 . 2013-04-29 23:31 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-29 23:31 . 2013-04-29 23:31 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-29 23:31 . 2013-04-29 23:31 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-29 23:31 . 2013-04-29 23:31 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-29 23:31 . 2013-04-29 23:31 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-29 23:31 . 2013-04-29 23:31 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-29 23:31 . 2013-04-29 23:31 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-29 23:31 . 2013-04-29 23:31 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-29 23:31 . 2013-04-29 23:31 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-29 23:31 . 2013-04-29 23:31 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-29 23:31 . 2013-04-29 23:31 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-29 23:31 . 2013-04-29 23:31 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-29 23:31 . 2013-04-29 23:31 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-29 23:31 . 2013-04-29 23:31 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-29 23:30 . 2013-04-29 23:30 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-29 23:30 . 2013-04-29 23:30 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-29 23:30 . 2013-04-29 23:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-29 23:30 . 2013-04-29 23:30 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-29 23:30 . 2013-04-29 23:30 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-29 23:30 . 2013-04-29 23:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-29 23:30 . 2013-04-29 23:30 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-29 23:30 . 2013-04-29 23:30 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-29 23:30 . 2013-04-29 23:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-29 23:30 . 2013-04-29 23:30 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-29 23:30 . 2013-04-29 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-29 23:30 . 2013-04-29 23:30 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-29 23:30 . 2013-04-29 23:30 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-29 23:30 . 2013-04-29 23:30 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-29 23:30 . 2013-04-29 23:30 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-29 23:30 . 2013-04-29 23:30 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-29 23:30 . 2013-04-29 23:30 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-29 23:30 . 2013-04-29 23:30 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-29 23:30 . 2013-04-29 23:30 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-29 23:30 . 2013-04-29 23:30 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-29 23:30 . 2013-04-29 23:30 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-09 01:06 2355224 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Jem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-02-14 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-02-14 13952]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-02-05 37344]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-14 94208]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-02-14 28672]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-02-14 196096]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-27 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-09-21 5788016]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-03-21 93072]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-09-21 484720]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-02-14 85504]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-06 327704]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-06 6379288]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-09-15 18288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29832765
*Deregistered* - 29832765
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:33]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 22:02]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-13 22:02]
.
2013-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359260308-291239838-404599445-1000Core.job
- c:\users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 04:11]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359260308-291239838-404599445-1000UA.job
- c:\users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 04:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 06:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 06:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 06:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 06:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2DDE01FD-CF74-4294-AA10-624FAEBC0F1D}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{44C354A6-DCC2-419D-B030-2C1921538B61}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{92BB6D42-2394-43DF-92A6-553D7580AA8E}: NameServer = 10.143.147.147 10.143.147.148
FF - ProfilePath - c:\users\Jem\AppData\Roaming\Mozilla\Firefox\Profiles\h0o5r0wh.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\01\1f\17\06(g"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-31 19:03:21
ComboFix-quarantined-files.txt 2013-05-31 09:03
.
Pre-Run: 564,881,182,720 bytes free
Post-Run: 564,371,787,776 bytes free
.
- - End Of File - - 62CDF203624027A573C4C162EE02CEEF
Hello Again,
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Hi,
Not to bad
C:\Users\Jem\Downloads <--Open this folder and delete everything inside but not the folder itself.
Go to Start > Control Panel and open up Java and click on Temporary Internet Files and select the option to delete them.
Let me know how it went and also how your system is behaving now ?
How important is it to delete everything in the downloads folder? I have some music and pictures I moved out, but I made sure everything else including the google_ahmets.zip and I_Don't_Know_How_She_Does_It_2011_R5_RiP_XviD_-_VISUALiSE.exe files got deleted.
I rescanned with spybot and win32.downloader.gen is still there though.
OK, thats fine. Go ahead and run another scan with Spybot and post the log for me to see please
Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done)
C:\END
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1368830114
Properties.filedatetext=2013-05-18 08:35:14
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-04-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-05-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-05-29 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-05-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-05-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-05-29 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
C:\END <--What is this folder ?
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\END
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Try running Spybot in Safemode and see if it will remove it
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
SystemLook 30.07.11 by jpshortstuff
Log created at 12:05 on 01/06/2013 by Jem
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== dir ==========
C:\END - Unable to find folder.
-= EOF =-
I had a look and END was a file, not a folder. It didn't have an extension like .exe or .whatever else and it was 0 bytes.
I ran spybot in safe mode and it removed win32.downloader.gen! Yay :) That END file has disappeared now too.
Spybot didn't find anything when I scanned again out of safe mode either. Looks like I'm in the clear?
:bigthumb:
I would say your good to go, we ran some heavy scans and they did there job. But to be on the safeside run this quick scan and lets see if it finds anything. If not you will be on your way.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log can also be found here:
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Scan says I'm clean :) Thanks for the help!
:bigthumb:
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken