Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

JS Exploit blacole

This is a discussion on JS Exploit blacole within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I will run through when I first noticed a problem. I am not sure the chrome errors or the


 
 
Thread Tools Search this Thread
Old 02-05-2013, 01:36 PM   #1
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



Hi,

I will run through when I first noticed a problem. I am not sure the chrome errors or the abnormal restart are related but they did occur in the the run up to the detection of blacole.

2 days ago while surfing the web using chrome I suddenly had shockwave crash error message popping up in each tab that I had open and then each tab went white. I restarted chrome and everything seemed as normal.

I left my laptop on that night, woke up and went to work the next day. When I got home I noted that my computer had at some point crashed or something and I had a black screen with the an error message along the lines of disk boot failure, insert system disk and press enter. I have no knowledge of a system disk and each time I pressed enter the error message was duplicated.

I restarted my laptop and everything seemed fine. I was a bit concerned as to why something had happened during the night so I thought I would check my router settings and it's event log. At some point in the middle of the night there were a handful of entries that differed from the entries either side of them but nothing that immediately jumped out at me as suspicious so I just went back to my normal browsing fun.

In the background Security Essentials had been running and when it finished it notified me that 3 severe threats had been found. One being JS Exploit blacole (I didn't take note of the full name) and two other results that looked something like psd98s0 just to give an idea but again, I took no notes. Both were quarantined. I looked at the detailed info provided by briefly and decided that all must be removed.

Again, I am not sure if the chrome error, the router log entries or the odd boot up error are related to the detected threats.

After the above I became a bit more concerned and looked for more information. Being prone to the hyperbole that can engulf the internet at times I became alarmed at some of the information I found. I found that I should have noted the exact version of the blacole virus that was found as there are numerous versions with differing implications. However warnings on various websites that my personal information such as log in details and online banking details were likely to have been compromised further increased my concern.

I ran all of the scans listed on this guide..... Remove JS/Exploit-Blacole virus (Uninstall Guide)

I took no note of errors or results that were found by any programme. Though there were only a handful of potential threats found, many looked like adware, anything that did get flagged as risky in any way, I confirmed them for removal. I did a second round of scans with all of the software and Security Essentials and my Avast Virus Scanner and no further problems were found.

I am still worried that I have not fully cleaned the virus out. Nor am I certain that Security Essentials didn't quarantine these items before they did any damage. However I have been to my bank and had my online banking disabled until I am certain and they are now aware of this issue.

As requested I have made sure that I have only one virus scanner running, this is Avast, Security Essentials is disabled.

I have uninstalled Java.

My laptop seems to be running smoothly and as normal but I am aware that this is not a reliable indicator of anything really.

I just want to be sure that I have removed everything. If not, need to locate other remnants of this attack that need tending to. I want to make sure that in running hastily all of these scanner and removing all findings that I haven't caused any damage to my system.

Also I would be thankful for any guidance on future protection.

Once it seems that my computer is clean I have one plan already. My bank offers all of it's online banking customers the full version of Kapersky for free. So I plan on replacing Security Essentials and Avast with this. Is this a good idea? I liked the sound of using the sandboxing feature to access my online banking.

Also, what other security software should I deploy in order to reduce my vulnerability in future?

As requested I have attached the requested files.

I have subscribed to this thread. I have access to these emails all day on my Android device though I am not at my own computer during working hours.

Thanks in advance.

Barry C

I do not have a boot CD or Windows install disk that I am aware of. I purchased the laptop with the OS already in-situ.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Barry at 19:20:59 on 2013-02-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3884.1373 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkDMS.exe
C:\Windows\system32\StikyNot.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files\Samsung\AllShare Play\AllShare Play.exe
C:\Program Files\jre\bin\javaw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5ce420fe0000000000000026c7acdc7f
mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Barry\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{ADF1B113-7DAC-4BEB-A85D-E177F36869F8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{ADF1B113-7DAC-4BEB-A85D-E177F36869F8}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{ADF1B113-7DAC-4BEB-A85D-E177F36869F8}\7456F627765616E64645967656272456C6B696E6F574F505C65737F5D494D4F4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F28BC60C-F720-41F7-B58F-79E119ADF868} : NameServer = 0.0.0.0
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AllShare Play] "C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-12 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-12 370288]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-21 379520]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe [2012-6-25 32768]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-12 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-12 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-12 44808]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-2-4 108904]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-21 2314240]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-1 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-21 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
S2 AllShare Play Install Service;AllShare Play Install Service;C:\Program Files\Samsung\AllShare Play\utils\AllSharePlayInstallSvc.exe [2012-6-29 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-15 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-15 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-16 1255736]
.
=============== Created Last 30 ================
.
2013-02-05 18:30:50 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF06393E-6B79-428A-ACB5-75C8D081EAD2}\mpengine.dll
2013-02-05 03:05:18 -------- d-----w- C:\ProgramData\Airytec
2013-02-05 03:03:20 -------- d-----w- C:\Users\Barry\AppData\Roaming\Airytec
2013-02-05 03:03:03 -------- d-----w- C:\Program Files\Airytec
2013-02-05 02:01:57 -------- d-----w- C:\Windows\pss
2013-02-05 01:20:44 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-05 01:07:47 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-05 00:48:02 98816 ----a-w- C:\Windows\sed.exe
2013-02-05 00:48:02 256000 ----a-w- C:\Windows\PEV.exe
2013-02-05 00:48:02 208896 ----a-w- C:\Windows\MBR.exe
2013-02-05 00:47:55 -------- d-s---w- C:\ComboFix
2013-02-04 22:50:48 -------- d-----w- C:\Users\Barry\AppData\Local\Programs
2013-02-04 22:20:24 -------- d-----w- C:\Program Files\HitmanPro
2013-02-04 22:18:08 -------- d-----w- C:\ProgramData\HitmanPro
2013-02-04 22:17:41 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-02-04 22:16:56 -------- d-sh--w- C:\AI_RecycleBin
2013-01-30 23:18:00 -------- d-----w- C:\Users\Barry\AppData\Roaming\NVIDIA
2013-01-29 20:45:31 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-01-15 00:16:00 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-01-15 00:16:00 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-01-15 00:15:59 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-01-15 00:15:59 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-01-15 00:15:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-01-15 00:15:58 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-01-15 00:15:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-01-15 00:15:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-01-15 00:15:54 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-01-09 20:18:56 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2013-01-09 20:17:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
.
==================== Find3M ====================
.
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-12 03:30:38 859552 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-12 03:30:33 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-08 22:33:23 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 22:33:23 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 11:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 19:21:12.63 ===============
Attached Files
File Type: zip attach.zip (3.1 KB, 16 views)
File Type: txt dds.txt (20.1 KB, 16 views)

__________________
Barry Crothers is offline  
Old 02-09-2013, 05:14 AM   #2
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



BUMP!

__________________
Barry Crothers is offline  
Old 02-11-2013, 03:16 PM   #3
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



Bump.

I was just wondering if there was something wrong with my post?

Thanks.

__________________
Barry Crothers is offline  
Old 02-13-2013, 11:42 AM   #4
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



BUMP.
__________________
Barry Crothers is offline  
Old 02-15-2013, 12:09 PM   #5
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



I am still quite concerned. Computer is behaving normally and has been since this matter started but I am anxious about whether there is an ongoing security problem lingering on my machine that I don't have the knowledge to detect....

Please help me to make sure there isn't.

Barry.
__________________
Barry Crothers is offline  
Old 03-20-2013, 03:53 PM   #6
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



*BUMP*
__________________
Barry Crothers is offline  
Old 03-21-2013, 12:14 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



Hello and welcome to TSF.

I'm sorry that your topic was over-looked. Bumping the thread several times made it appear as if it was being handled, as we look for 0-reply threads to pick up.

You appear to have run the TDSSKiller and Combofix. Please post the content of their logs. You should be able to find hem in this location:

C:\TDSSKiller.version number._date_time_log.txt

C:\Combofix.txt
__________________

amateur is offline  
Old 03-21-2013, 02:46 PM   #8
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



Hi,

Thanks for your reply. Sorry for causing the problems by bumping the thread earlier.

I have attached an .rar file with the two requested logs.

Thanks alot.

Barry
Attached Files
File Type: rar Virus.rar (29.0 KB, 9 views)
__________________
Barry Crothers is offline  
Old 03-21-2013, 03:12 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



I don't use WinRar. Please copy the contents of the logs and paste them in your reply.

Thanks.
__________________

amateur is offline  
Old 03-21-2013, 03:44 PM   #10
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



19:54:43.0332 6192 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
19:54:43.0504 6192 ============================================================
19:54:43.0504 6192 Current date / time: 2013/03/21 19:54:43.0504
19:54:43.0504 6192 SystemInfo:
19:54:43.0504 6192
19:54:43.0504 6192 OS Version: 6.1.7601 ServicePack: 1.0
19:54:43.0504 6192 Product type: Workstation
19:54:43.0504 6192 ComputerName: BARRY-PC
19:54:43.0505 6192 UserName: Barry
19:54:43.0505 6192 Windows directory: C:\Windows
19:54:43.0505 6192 System windows directory: C:\Windows
19:54:43.0505 6192 Running under WOW64
19:54:43.0505 6192 Processor architecture: Intel x64
19:54:43.0505 6192 Number of processors: 4
19:54:43.0505 6192 Page size: 0x1000
19:54:43.0505 6192 Boot type: Normal boot
19:54:43.0505 6192 ============================================================
19:54:44.0205 6192 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:54:44.0212 6192 ============================================================
19:54:44.0212 6192 \Device\Harddisk0\DR0:
19:54:44.0212 6192 MBR partitions:
19:54:44.0212 6192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x10A3A408
19:54:44.0212 6192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1314C000, BlocksNum 0x122E2000
19:54:44.0212 6192 ============================================================
19:54:44.0242 6192 C: <-> \Device\Harddisk0\DR0\Partition1
19:54:44.0291 6192 D: <-> \Device\Harddisk0\DR0\Partition2
19:54:44.0291 6192 ============================================================
19:54:44.0291 6192 Initialize success
19:54:44.0291 6192 ============================================================
19:54:48.0232 7000 ============================================================
19:54:48.0232 7000 Scan started
19:54:48.0232 7000 Mode: Manual;
19:54:48.0232 7000 ============================================================
19:54:49.0405 7000 ================ Scan system memory ========================
19:54:49.0405 7000 System memory - ok
19:54:49.0405 7000 ================ Scan services =============================
19:54:49.0572 7000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:54:49.0577 7000 1394ohci - ok
19:54:49.0617 7000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:54:49.0623 7000 ACPI - ok
19:54:49.0661 7000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:54:49.0664 7000 AcpiPmi - ok
19:54:49.0775 7000 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:49.0777 7000 AdobeARMservice - ok
19:54:49.0909 7000 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:49.0914 7000 AdobeFlashPlayerUpdateSvc - ok
19:54:49.0975 7000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:49.0984 7000 adp94xx - ok
19:54:50.0018 7000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:50.0025 7000 adpahci - ok
19:54:50.0041 7000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:50.0046 7000 adpu320 - ok
19:54:50.0083 7000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:50.0086 7000 AeLookupSvc - ok
19:54:50.0127 7000 [ 734D1BA96BE6AD8D04E6AFEAD569EA8A ] AFBAgent C:\Windows\system32\FBAgent.exe
19:54:50.0134 7000 AFBAgent - ok
19:54:50.0190 7000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:54:50.0199 7000 AFD - ok
19:54:50.0230 7000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:54:50.0232 7000 agp440 - ok
19:54:50.0267 7000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:54:50.0271 7000 ALG - ok
19:54:50.0301 7000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:54:50.0304 7000 aliide - ok
19:54:50.0421 7000 [ 47729088E34D421CF95BEECE4D7D9303 ] AllShare Framework DMS C:\Program Files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe
19:54:50.0424 7000 AllShare Framework DMS - ok
19:54:50.0520 7000 [ 87D38E6E1FF82B3FE26167EE1CF67611 ] AllShare Play Install Service C:\Program Files\Samsung\AllShare Play\utils\AllSharePlayInstallSvc.exe
19:54:50.0523 7000 AllShare Play Install Service - ok
19:54:50.0565 7000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:54:50.0567 7000 amdide - ok
19:54:50.0596 7000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:50.0598 7000 AmdK8 - ok
19:54:50.0655 7000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:50.0658 7000 AmdPPM - ok
19:54:50.0728 7000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:54:50.0732 7000 amdsata - ok
19:54:50.0755 7000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:50.0761 7000 amdsbs - ok
19:54:50.0776 7000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:54:50.0779 7000 amdxata - ok
19:54:50.0815 7000 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
19:54:50.0817 7000 AmUStor - ok
19:54:50.0867 7000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:50.0870 7000 AppID - ok
19:54:50.0904 7000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:50.0907 7000 AppIDSvc - ok
19:54:50.0982 7000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:54:50.0985 7000 Appinfo - ok
19:54:51.0024 7000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:51.0028 7000 arc - ok
19:54:51.0041 7000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:51.0044 7000 arcsas - ok
19:54:51.0123 7000 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:54:51.0125 7000 ASLDRService - ok
19:54:51.0137 7000 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:54:51.0139 7000 ASMMAP64 - ok
19:54:51.0192 7000 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:54:51.0195 7000 aswFsBlk - ok
19:54:51.0232 7000 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:54:51.0234 7000 aswMonFlt - ok
19:54:51.0244 7000 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:54:51.0245 7000 aswRdr - ok
19:54:51.0289 7000 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:54:51.0293 7000 aswRvrt - ok
19:54:51.0349 7000 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:54:51.0383 7000 aswSnx - ok
19:54:51.0422 7000 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:54:51.0430 7000 aswSP - ok
19:54:51.0445 7000 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:54:51.0448 7000 aswTdi - ok
19:54:51.0490 7000 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:54:51.0495 7000 aswVmm - ok
19:54:51.0516 7000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:51.0519 7000 AsyncMac - ok
19:54:51.0561 7000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:54:51.0562 7000 atapi - ok
19:54:51.0611 7000 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:54:51.0646 7000 athr - ok
19:54:51.0665 7000 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:54:51.0667 7000 ATKGFNEXSrv - ok
19:54:51.0733 7000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:51.0765 7000 AudioEndpointBuilder - ok
19:54:51.0797 7000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:54:51.0803 7000 AudioSrv - ok
19:54:51.0859 7000 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:54:51.0861 7000 avast! Antivirus - ok
19:54:51.0941 7000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:51.0945 7000 AxInstSV - ok
19:54:51.0987 7000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:51.0995 7000 b06bdrv - ok
19:54:52.0015 7000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:52.0021 7000 b57nd60a - ok
19:54:52.0062 7000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:52.0066 7000 BDESVC - ok
19:54:52.0078 7000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:52.0080 7000 Beep - ok
19:54:52.0143 7000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:54:52.0165 7000 BFE - ok
19:54:52.0198 7000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:54:52.0231 7000 BITS - ok
19:54:52.0258 7000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:52.0261 7000 blbdrive - ok
19:54:52.0300 7000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:52.0304 7000 bowser - ok
19:54:52.0338 7000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:52.0340 7000 BrFiltLo - ok
19:54:52.0357 7000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:52.0359 7000 BrFiltUp - ok
19:54:52.0372 7000 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
19:54:52.0375 7000 Bridge - ok
19:54:52.0387 7000 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:54:52.0388 7000 BridgeMP - ok
19:54:52.0409 7000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:54:52.0413 7000 Browser - ok
19:54:52.0429 7000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:52.0435 7000 Brserid - ok
19:54:52.0447 7000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:52.0450 7000 BrSerWdm - ok
19:54:52.0472 7000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:52.0474 7000 BrUsbMdm - ok
19:54:52.0494 7000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:52.0497 7000 BrUsbSer - ok
19:54:52.0523 7000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:54:52.0526 7000 BthEnum - ok
19:54:52.0544 7000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:52.0547 7000 BTHMODEM - ok
19:54:52.0570 7000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:54:52.0573 7000 BthPan - ok
19:54:52.0613 7000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:54:52.0622 7000 BTHPORT - ok
19:54:52.0673 7000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:54:52.0676 7000 bthserv - ok
19:54:52.0696 7000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:54:52.0699 7000 BTHUSB - ok
19:54:52.0742 7000 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
19:54:52.0743 7000 btusbflt - ok
19:54:52.0768 7000 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:54:52.0770 7000 btwaudio - ok
19:54:52.0792 7000 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
19:54:52.0793 7000 btwavdt - ok
19:54:52.0895 7000 [ 1E08DC82525282E34AD66FFBA0782565 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:54:52.0918 7000 btwdins - ok
19:54:52.0950 7000 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:54:52.0951 7000 btwl2cap - ok
19:54:52.0976 7000 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:54:52.0977 7000 btwrchid - ok
19:54:52.0992 7000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:52.0995 7000 cdfs - ok
19:54:53.0037 7000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:54:53.0041 7000 cdrom - ok
19:54:53.0179 7000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:53.0182 7000 CertPropSvc - ok
19:54:53.0230 7000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:53.0232 7000 circlass - ok
19:54:53.0270 7000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:54:53.0277 7000 CLFS - ok
19:54:53.0363 7000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:53.0366 7000 clr_optimization_v2.0.50727_32 - ok
19:54:53.0424 7000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:53.0427 7000 clr_optimization_v2.0.50727_64 - ok
19:54:53.0583 7000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:53.0587 7000 clr_optimization_v4.0.30319_32 - ok
19:54:53.0611 7000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:53.0616 7000 clr_optimization_v4.0.30319_64 - ok
19:54:53.0655 7000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:53.0657 7000 CmBatt - ok
19:54:53.0689 7000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:54:53.0691 7000 cmdide - ok
19:54:53.0718 7000 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:53.0726 7000 CNG - ok
19:54:53.0756 7000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:53.0758 7000 Compbatt - ok
19:54:53.0786 7000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:54:53.0788 7000 CompositeBus - ok
19:54:53.0802 7000 COMSysApp - ok
19:54:53.0813 7000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:53.0815 7000 crcdisk - ok
19:54:53.0850 7000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:53.0855 7000 CryptSvc - ok
19:54:53.0896 7000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:53.0907 7000 DcomLaunch - ok
19:54:53.0940 7000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:53.0946 7000 defragsvc - ok
19:54:53.0984 7000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:53.0987 7000 DfsC - ok
19:54:54.0020 7000 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:54:54.0022 7000 dg_ssudbus - ok
19:54:54.0075 7000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:54.0081 7000 Dhcp - ok
19:54:54.0108 7000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:54:54.0111 7000 discache - ok
19:54:54.0140 7000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:54.0144 7000 Disk - ok
19:54:54.0172 7000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:54.0178 7000 Dnscache - ok
19:54:54.0218 7000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:54.0224 7000 dot3svc - ok
19:54:54.0252 7000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:54:54.0257 7000 DPS - ok
19:54:54.0297 7000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:54.0300 7000 drmkaud - ok
19:54:54.0346 7000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:54.0380 7000 DXGKrnl - ok
19:54:54.0407 7000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:54:54.0411 7000 EapHost - ok
19:54:54.0497 7000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:54:54.0606 7000 ebdrv - ok
19:54:54.0640 7000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:54:54.0643 7000 EFS - ok
19:54:54.0715 7000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:54:54.0742 7000 ehRecvr - ok
19:54:54.0776 7000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:54:54.0779 7000 ehSched - ok
19:54:54.0838 7000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:54:54.0860 7000 elxstor - ok
19:54:54.0877 7000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:54:54.0881 7000 ErrDev - ok
19:54:54.0926 7000 [ 38B0A3E42DE9B36AA56F72A5ECB62331 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:54:54.0928 7000 ETD - ok
19:54:54.0965 7000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:54:54.0973 7000 EventSystem - ok
19:54:55.0053 7000 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:54:55.0083 7000 EvtEng - ok
19:54:55.0110 7000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:54:55.0114 7000 exfat - ok
19:54:55.0132 7000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:54:55.0138 7000 fastfat - ok
19:54:55.0199 7000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:54:55.0221 7000 Fax - ok
19:54:55.0247 7000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:54:55.0249 7000 fdc - ok
19:54:55.0281 7000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:54:55.0285 7000 fdPHost - ok
19:54:55.0301 7000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:54:55.0305 7000 FDResPub - ok
19:54:55.0324 7000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:54:55.0327 7000 FileInfo - ok
19:54:55.0346 7000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:54:55.0349 7000 Filetrace - ok
19:54:55.0359 7000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:55.0361 7000 flpydisk - ok
19:54:55.0404 7000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:54:55.0410 7000 FltMgr - ok
19:54:55.0471 7000 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:54:55.0506 7000 FontCache - ok
19:54:55.0567 7000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:55.0568 7000 FontCache3.0.0.0 - ok
19:54:55.0590 7000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:54:55.0593 7000 FsDepends - ok
19:54:55.0622 7000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:54:55.0624 7000 Fs_Rec - ok
19:54:55.0667 7000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:54:55.0672 7000 fvevol - ok
19:54:55.0693 7000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:55.0696 7000 gagp30kx - ok
19:54:55.0745 7000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:54:55.0778 7000 gpsvc - ok
19:54:55.0841 7000 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:55.0845 7000 gupdate - ok
19:54:55.0870 7000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:54:55.0873 7000 hcw85cir - ok
19:54:55.0912 7000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:55.0919 7000 HdAudAddService - ok
19:54:55.0957 7000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:54:55.0960 7000 HDAudBus - ok
19:54:55.0993 7000 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:54:55.0995 7000 HECIx64 - ok
19:54:56.0014 7000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:56.0017 7000 HidBatt - ok
19:54:56.0036 7000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:54:56.0040 7000 HidBth - ok
19:54:56.0057 7000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:54:56.0061 7000 HidIr - ok
19:54:56.0078 7000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:54:56.0081 7000 hidserv - ok
19:54:56.0119 7000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:54:56.0121 7000 HidUsb - ok
19:54:56.0166 7000 [ 9C66FEEFCA9D5DD712AB78D17BB16DA8 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:54:56.0168 7000 HitmanProScheduler - ok
19:54:56.0202 7000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:54:56.0207 7000 hkmsvc - ok
19:54:56.0245 7000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:56.0254 7000 HomeGroupListener - ok
19:54:56.0295 7000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:56.0301 7000 HomeGroupProvider - ok
19:54:56.0342 7000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:54:56.0345 7000 HpSAMD - ok
19:54:56.0397 7000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:54:56.0420 7000 HTTP - ok
19:54:56.0454 7000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:54:56.0456 7000 hwpolicy - ok
19:54:56.0481 7000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:56.0484 7000 i8042prt - ok
19:54:56.0514 7000 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:54:56.0517 7000 iaStor - ok
19:54:56.0551 7000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:54:56.0558 7000 iaStorV - ok
19:54:56.0605 7000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:56.0627 7000 idsvc - ok
19:54:56.0895 7000 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:54:57.0122 7000 igfx - ok
19:54:57.0185 7000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:54:57.0187 7000 iirsp - ok
19:54:57.0232 7000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:54:57.0257 7000 IKEEXT - ok
19:54:57.0298 7000 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:54:57.0302 7000 Impcd - ok
19:54:57.0401 7000 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:54:57.0419 7000 IntcAzAudAddService - ok
19:54:57.0453 7000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:54:57.0455 7000 intelide - ok
19:54:57.0492 7000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:54:57.0495 7000 intelppm - ok
19:54:57.0527 7000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:54:57.0531 7000 IPBusEnum - ok
19:54:57.0560 7000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:57.0563 7000 IpFilterDriver - ok
19:54:57.0607 7000 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:54:57.0633 7000 iphlpsvc - ok
19:54:57.0655 7000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:54:57.0659 7000 IPMIDRV - ok
19:54:57.0688 7000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:54:57.0692 7000 IPNAT - ok
19:54:57.0704 7000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:54:57.0706 7000 IRENUM - ok
19:54:57.0733 7000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:54:57.0736 7000 isapnp - ok
19:54:57.0761 7000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:54:57.0767 7000 iScsiPrt - ok
19:54:57.0797 7000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:57.0799 7000 kbdclass - ok
19:54:57.0814 7000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:54:57.0818 7000 kbdhid - ok
19:54:57.0844 7000 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:54:57.0845 7000 kbfiltr - ok
19:54:57.0853 7000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:54:57.0855 7000 KeyIso - ok
19:54:57.0884 7000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:54:57.0888 7000 KSecDD - ok
19:54:57.0918 7000 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:54:57.0922 7000 KSecPkg - ok
19:54:57.0959 7000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:54:57.0961 7000 ksthunk - ok
19:54:57.0988 7000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:54:57.0996 7000 KtmRm - ok
19:54:58.0032 7000 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:54:58.0033 7000 L1C - ok
19:54:58.0085 7000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:54:58.0097 7000 LanmanServer - ok
19:54:58.0126 7000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:58.0133 7000 LanmanWorkstation - ok
19:54:58.0174 7000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:54:58.0178 7000 lltdio - ok
19:54:58.0216 7000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:54:58.0223 7000 lltdsvc - ok
19:54:58.0235 7000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:54:58.0239 7000 lmhosts - ok
19:54:58.0335 7000 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:54:58.0342 7000 LMS - ok
19:54:58.0373 7000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:58.0377 7000 LSI_FC - ok
19:54:58.0399 7000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:58.0402 7000 LSI_SAS - ok
19:54:58.0421 7000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:58.0425 7000 LSI_SAS2 - ok
19:54:58.0437 7000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:58.0440 7000 LSI_SCSI - ok
19:54:58.0462 7000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:54:58.0465 7000 luafv - ok
19:54:58.0499 7000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:54:58.0503 7000 Mcx2Svc - ok
19:54:58.0514 7000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:54:58.0516 7000 megasas - ok
19:54:58.0539 7000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:58.0545 7000 MegaSR - ok
19:54:58.0581 7000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:54:58.0588 7000 MMCSS - ok
19:54:58.0592 7000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:54:58.0594 7000 Modem - ok
19:54:58.0639 7000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:54:58.0641 7000 monitor - ok
19:54:58.0681 7000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:54:58.0684 7000 mouclass - ok
19:54:58.0710 7000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:54:58.0712 7000 mouhid - ok
19:54:58.0757 7000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:54:58.0760 7000 mountmgr - ok
19:54:58.0843 7000 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:54:58.0848 7000 MpFilter - ok
19:54:58.0886 7000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:54:58.0891 7000 mpio - ok
19:54:58.0920 7000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:54:58.0924 7000 mpsdrv - ok
19:54:58.0975 7000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:54:59.0010 7000 MpsSvc - ok
19:54:59.0045 7000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:54:59.0049 7000 MRxDAV - ok
19:54:59.0077 7000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:59.0082 7000 mrxsmb - ok
19:54:59.0118 7000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:59.0124 7000 mrxsmb10 - ok
19:54:59.0141 7000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:59.0145 7000 mrxsmb20 - ok
19:54:59.0171 7000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:54:59.0173 7000 msahci - ok
19:54:59.0207 7000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:54:59.0211 7000 msdsm - ok
19:54:59.0227 7000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:54:59.0233 7000 MSDTC - ok
19:54:59.0261 7000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:54:59.0264 7000 Msfs - ok
19:54:59.0293 7000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:54:59.0295 7000 mshidkmdf - ok
19:54:59.0313 7000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:54:59.0316 7000 msisadrv - ok
19:54:59.0345 7000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:54:59.0350 7000 MSiSCSI - ok
19:54:59.0354 7000 msiserver - ok
19:54:59.0384 7000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:54:59.0387 7000 MSKSSRV - ok
19:54:59.0449 7000 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:54:59.0450 7000 MsMpSvc - ok
19:54:59.0467 7000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:59.0470 7000 MSPCLOCK - ok
19:54:59.0484 7000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:54:59.0486 7000 MSPQM - ok
19:54:59.0522 7000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:54:59.0528 7000 MsRPC - ok
19:54:59.0559 7000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:54:59.0562 7000 mssmbios - ok
19:54:59.0578 7000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:54:59.0583 7000 MSTEE - ok
19:54:59.0594 7000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:59.0597 7000 MTConfig - ok
19:54:59.0621 7000 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:54:59.0622 7000 MTsensor - ok
19:54:59.0634 7000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:54:59.0637 7000 Mup - ok
19:54:59.0672 7000 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:54:59.0683 7000 MyWiFiDHCPDNS - ok
19:54:59.0726 7000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:54:59.0736 7000 napagent - ok
19:54:59.0767 7000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:54:59.0773 7000 NativeWifiP - ok
19:54:59.0836 7000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:54:59.0870 7000 NDIS - ok
19:54:59.0887 7000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:59.0890 7000 NdisCap - ok
19:54:59.0908 7000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:59.0911 7000 NdisTapi - ok
19:54:59.0940 7000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:59.0943 7000 Ndisuio - ok
19:54:59.0976 7000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:59.0981 7000 NdisWan - ok
19:55:00.0012 7000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:00.0016 7000 NDProxy - ok
19:55:00.0048 7000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:00.0051 7000 NetBIOS - ok
19:55:00.0087 7000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:00.0092 7000 NetBT - ok
19:55:00.0109 7000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:55:00.0112 7000 Netlogon - ok
19:55:00.0152 7000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:55:00.0161 7000 Netman - ok
19:55:00.0183 7000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:55:00.0193 7000 netprofm - ok
19:55:00.0231 7000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:00.0234 7000 NetTcpPortSharing - ok
19:55:00.0415 7000 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:55:00.0579 7000 NETw5s64 - ok
19:55:00.0642 7000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:00.0645 7000 nfrd960 - ok
19:55:00.0719 7000 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:55:00.0722 7000 NisDrv - ok
19:55:00.0757 7000 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:55:00.0762 7000 NisSrv - ok
19:55:00.0806 7000 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:00.0815 7000 NlaSvc - ok
19:55:00.0836 7000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:00.0839 7000 Npfs - ok
19:55:00.0869 7000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:55:00.0873 7000 nsi - ok
19:55:00.0901 7000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:00.0904 7000 nsiproxy - ok
19:55:00.0957 7000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:00.0994 7000 Ntfs - ok
19:55:01.0006 7000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:55:01.0009 7000 Null - ok
19:55:01.0052 7000 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:55:01.0054 7000 NVHDA - ok
19:55:01.0289 7000 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:55:01.0340 7000 nvlddmkm - ok
19:55:01.0375 7000 [ EB12E165FD233F2DDC47B11423186177 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:55:01.0376 7000 nvpciflt - ok
19:55:01.0410 7000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:01.0414 7000 nvraid - ok
19:55:01.0432 7000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:01.0437 7000 nvstor - ok
19:55:01.0488 7000 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:55:01.0509 7000 nvsvc - ok
19:55:01.0584 7000 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:55:01.0597 7000 nvUpdatusService - ok
19:55:01.0655 7000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:01.0659 7000 nv_agp - ok
19:55:01.0688 7000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:01.0691 7000 ohci1394 - ok
19:55:01.0720 7000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:01.0728 7000 p2pimsvc - ok
19:55:01.0753 7000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:01.0762 7000 p2psvc - ok
19:55:01.0789 7000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:01.0792 7000 Parport - ok
19:55:01.0820 7000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:01.0823 7000 partmgr - ok
19:55:01.0841 7000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:01.0847 7000 PcaSvc - ok
19:55:01.0878 7000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:55:01.0883 7000 pci - ok
19:55:01.0901 7000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:01.0902 7000 pciide - ok
19:55:01.0928 7000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:01.0933 7000 pcmcia - ok
19:55:01.0953 7000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:01.0956 7000 pcw - ok
19:55:01.0979 7000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:02.0002 7000 PEAUTH - ok
19:55:02.0071 7000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:55:02.0076 7000 PerfHost - ok
19:55:02.0144 7000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:55:02.0186 7000 pla - ok
19:55:02.0230 7000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:02.0252 7000 PlugPlay - ok
19:55:02.0272 7000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:02.0278 7000 PNRPAutoReg - ok
19:55:02.0304 7000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:02.0311 7000 PNRPsvc - ok
19:55:02.0356 7000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:02.0367 7000 PolicyAgent - ok
19:55:02.0398 7000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:55:02.0404 7000 Power - ok
19:55:02.0426 7000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:02.0430 7000 PptpMiniport - ok
19:55:02.0455 7000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:02.0458 7000 Processor - ok
19:55:02.0488 7000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:02.0496 7000 ProfSvc - ok
19:55:02.0508 7000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:02.0510 7000 ProtectedStorage - ok
19:55:02.0557 7000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:02.0560 7000 Psched - ok
19:55:02.0613 7000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:02.0646 7000 ql2300 - ok
19:55:02.0673 7000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:02.0677 7000 ql40xx - ok
19:55:02.0757 7000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:55:02.0769 7000 QWAVE - ok
19:55:02.0794 7000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:02.0796 7000 QWAVEdrv - ok
19:55:02.0808 7000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:02.0810 7000 RasAcd - ok
19:55:02.0857 7000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:02.0859 7000 RasAgileVpn - ok
19:55:02.0878 7000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:02.0884 7000 RasAuto - ok
19:55:02.0918 7000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:02.0923 7000 Rasl2tp - ok
19:55:02.0940 7000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:55:02.0950 7000 RasMan - ok
19:55:02.0983 7000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:02.0986 7000 RasPppoe - ok
19:55:03.0004 7000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:03.0007 7000 RasSstp - ok
19:55:03.0033 7000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:03.0039 7000 rdbss - ok
19:55:03.0052 7000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:03.0055 7000 rdpbus - ok
19:55:03.0066 7000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:03.0068 7000 RDPCDD - ok
19:55:03.0080 7000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:03.0081 7000 RDPENCDD - ok
19:55:03.0094 7000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:03.0096 7000 RDPREFMP - ok
19:55:03.0140 7000 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:55:03.0143 7000 RdpVideoMiniport - ok
19:55:03.0177 7000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:03.0183 7000 RDPWD - ok
19:55:03.0236 7000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:03.0241 7000 rdyboost - ok
19:55:03.0313 7000 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:55:03.0336 7000 RegSrvc - ok
19:55:03.0367 7000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:55:03.0372 7000 RemoteAccess - ok
19:55:03.0396 7000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:03.0403 7000 RemoteRegistry - ok
19:55:03.0445 7000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:55:03.0450 7000 RFCOMM - ok
19:55:03.0539 7000 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:55:03.0543 7000 RichVideo - ok
19:55:03.0585 7000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:03.0591 7000 RpcEptMapper - ok
19:55:03.0609 7000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:55:03.0613 7000 RpcLocator - ok
19:55:03.0647 7000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:55:03.0654 7000 RpcSs - ok
19:55:03.0680 7000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:03.0684 7000 rspndr - ok
19:55:03.0718 7000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:55:03.0722 7000 SamSs - ok
19:55:03.0746 7000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:03.0750 7000 sbp2port - ok
19:55:03.0780 7000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:03.0789 7000 SCardSvr - ok
19:55:03.0818 7000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:03.0821 7000 scfilter - ok
19:55:03.0882 7000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:55:03.0924 7000 Schedule - ok
19:55:03.0963 7000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:03.0965 7000 SCPolicySvc - ok
19:55:04.0002 7000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:04.0009 7000 SDRSVC - ok
19:55:04.0046 7000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:04.0048 7000 secdrv - ok
19:55:04.0080 7000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:55:04.0085 7000 seclogon - ok
19:55:04.0105 7000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:55:04.0109 7000 SENS - ok
19:55:04.0132 7000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:04.0137 7000 SensrSvc - ok
19:55:04.0154 7000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:04.0157 7000 Serenum - ok
19:55:04.0180 7000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:04.0183 7000 Serial - ok
19:55:04.0225 7000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:04.0228 7000 sermouse - ok
19:55:04.0267 7000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:04.0273 7000 SessionEnv - ok
19:55:04.0291 7000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:04.0293 7000 sffdisk - ok
19:55:04.0304 7000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:04.0307 7000 sffp_mmc - ok
19:55:04.0318 7000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:04.0321 7000 sffp_sd - ok
19:55:04.0342 7000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:04.0344 7000 sfloppy - ok
19:55:04.0371 7000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:04.0379 7000 SharedAccess - ok
19:55:04.0407 7000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:04.0416 7000 ShellHWDetection - ok
19:55:04.0441 7000 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:55:04.0444 7000 SiSGbeLH - ok
19:55:04.0473 7000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:55:04.0476 7000 SiSRaid2 - ok
19:55:04.0495 7000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:55:04.0498 7000 SiSRaid4 - ok
19:55:04.0517 7000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:55:04.0520 7000 Smb - ok
19:55:04.0559 7000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:55:04.0564 7000 SNMPTRAP - ok
19:55:04.0655 7000 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
19:55:04.0710 7000 SNP2UVC - ok
19:55:04.0730 7000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:55:04.0732 7000 spldr - ok
19:55:04.0761 7000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:55:04.0782 7000 Spooler - ok
19:55:04.0909 7000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:55:05.0026 7000 sppsvc - ok
19:55:05.0059 7000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:55:05.0064 7000 sppuinotify - ok
19:55:05.0106 7000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:55:05.0117 7000 srv - ok
19:55:05.0138 7000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:55:05.0148 7000 srv2 - ok
19:55:05.0173 7000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:55:05.0177 7000 srvnet - ok
19:55:05.0220 7000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:55:05.0227 7000 SSDPSRV - ok
19:55:05.0238 7000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:55:05.0243 7000 SstpSvc - ok
19:55:05.0272 7000 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:55:05.0277 7000 ssudmdm - ok
19:55:05.0338 7000 [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:55:05.0345 7000 Stereo Service - ok
19:55:05.0363 7000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:55:05.0365 7000 stexstor - ok
19:55:05.0425 7000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:55:05.0446 7000 stisvc - ok
19:55:05.0465 7000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:55:05.0467 7000 swenum - ok
19:55:05.0518 7000 SwOffScheduler - ok
19:55:05.0527 7000 SwOffWeb - ok
19:55:05.0564 7000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:55:05.0575 7000 swprv - ok
19:55:05.0636 7000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:55:05.0691 7000 SysMain - ok
19:55:05.0729 7000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:55:05.0739 7000 TabletInputService - ok
19:55:05.0780 7000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:55:05.0802 7000 TapiSrv - ok
19:55:05.0834 7000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:55:05.0842 7000 TBS - ok
19:55:05.0906 7000 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:55:05.0960 7000 Tcpip - ok
19:55:06.0017 7000 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:55:06.0030 7000 TCPIP6 - ok
19:55:06.0058 7000 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:55:06.0062 7000 tcpipreg - ok
19:55:06.0099 7000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:55:06.0102 7000 TDPIPE - ok
19:55:06.0123 7000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:55:06.0126 7000 TDTCP - ok
19:55:06.0178 7000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:55:06.0181 7000 tdx - ok
19:55:06.0209 7000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:55:06.0212 7000 TermDD - ok
19:55:06.0249 7000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:55:06.0282 7000 TermService - ok
19:55:06.0315 7000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:55:06.0320 7000 Themes - ok
19:55:06.0329 7000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:55:06.0332 7000 THREADORDER - ok
19:55:06.0359 7000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:55:06.0365 7000 TrkWks - ok
19:55:06.0419 7000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:55:06.0423 7000 TrustedInstaller - ok
19:55:06.0452 7000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:06.0455 7000 tssecsrv - ok
19:55:06.0498 7000 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:55:06.0501 7000 TsUsbFlt - ok
19:55:06.0569 7000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:55:06.0573 7000 tunnel - ok
19:55:06.0611 7000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:55:06.0614 7000 uagp35 - ok
19:55:06.0652 7000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:55:06.0659 7000 udfs - ok
19:55:06.0684 7000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:55:06.0691 7000 UI0Detect - ok
19:55:06.0719 7000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:55:06.0722 7000 uliagpkx - ok
19:55:06.0759 7000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:55:06.0762 7000 umbus - ok
19:55:06.0787 7000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:55:06.0791 7000 UmPass - ok
19:55:06.0899 7000 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:55:06.0915 7000 UNS - ok
19:55:06.0948 7000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:55:06.0967 7000 upnphost - ok
19:55:06.0996 7000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:07.0000 7000 usbccgp - ok
19:55:07.0034 7000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:55:07.0037 7000 usbcir - ok
19:55:07.0047 7000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:55:07.0049 7000 usbehci - ok
19:55:07.0077 7000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:55:07.0083 7000 usbhub - ok
19:55:07.0098 7000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:55:07.0101 7000 usbohci - ok
19:55:07.0124 7000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:55:07.0127 7000 usbprint - ok
19:55:07.0137 7000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:07.0140 7000 USBSTOR - ok
19:55:07.0153 7000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:55:07.0155 7000 usbuhci - ok
19:55:07.0190 7000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:55:07.0194 7000 usbvideo - ok
19:55:07.0221 7000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:55:07.0226 7000 UxSms - ok
19:55:07.0240 7000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:55:07.0243 7000 VaultSvc - ok
19:55:07.0274 7000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:55:07.0277 7000 vdrvroot - ok
19:55:07.0312 7000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:55:07.0335 7000 vds - ok
19:55:07.0359 7000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:07.0361 7000 vga - ok
19:55:07.0372 7000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:55:07.0374 7000 VgaSave - ok
19:55:07.0405 7000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:55:07.0411 7000 vhdmp - ok
19:55:07.0431 7000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:55:07.0434 7000 viaide - ok
19:55:07.0446 7000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:55:07.0450 7000 volmgr - ok
19:55:07.0488 7000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:55:07.0495 7000 volmgrx - ok
19:55:07.0527 7000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:55:07.0534 7000 volsnap - ok
19:55:07.0572 7000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:55:07.0576 7000 vsmraid - ok
19:55:07.0637 7000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:55:07.0701 7000 VSS - ok
19:55:07.0715 7000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:55:07.0717 7000 vwifibus - ok
19:55:07.0732 7000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:55:07.0735 7000 vwififlt - ok
19:55:07.0751 7000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:55:07.0753 7000 vwifimp - ok
19:55:07.0783 7000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:55:07.0794 7000 W32Time - ok
19:55:07.0809 7000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:55:07.0812 7000 WacomPen - ok
19:55:07.0858 7000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:55:07.0862 7000 WANARP - ok
19:55:07.0866 7000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:55:07.0868 7000 Wanarpv6 - ok
19:55:07.0916 7000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:55:07.0950 7000 WatAdminSvc - ok
19:55:08.0008 7000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:55:08.0053 7000 wbengine - ok
19:55:08.0086 7000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:55:08.0094 7000 WbioSrvc - ok
19:55:08.0139 7000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:55:08.0161 7000 wcncsvc - ok
19:55:08.0179 7000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:55:08.0189 7000 WcsPlugInService - ok
19:55:08.0224 7000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:55:08.0227 7000 Wd - ok
19:55:08.0263 7000 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:55:08.0286 7000 Wdf01000 - ok
19:55:08.0313 7000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:55:08.0319 7000 WdiServiceHost - ok
19:55:08.0322 7000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:55:08.0326 7000 WdiSystemHost - ok
19:55:08.0350 7000 [ 5B34E5938B9E76798977725E3F7847C4 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
19:55:08.0352 7000 wdkmd - ok
19:55:08.0384 7000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:55:08.0391 7000 WebClient - ok
19:55:08.0415 7000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:55:08.0423 7000 Wecsvc - ok
19:55:08.0439 7000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:55:08.0445 7000 wercplsupport - ok
19:55:08.0471 7000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:55:08.0476 7000 WerSvc - ok
19:55:08.0498 7000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:55:08.0501 7000 WfpLwf - ok
19:55:08.0532 7000 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:55:08.0537 7000 WimFltr - ok
19:55:08.0551 7000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:55:08.0553 7000 WIMMount - ok
19:55:08.0582 7000 WinDefend - ok
19:55:08.0588 7000 WinHttpAutoProxySvc - ok
19:55:08.0646 7000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:55:08.0653 7000 Winmgmt - ok
19:55:08.0733 7000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:55:08.0800 7000 WinRM - ok
19:55:08.0855 7000 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:55:08.0858 7000 WinUsb - ok
19:55:08.0898 7000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:55:08.0930 7000 Wlansvc - ok
19:55:09.0076 7000 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:09.0155 7000 wlidsvc - ok
19:55:09.0189 7000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:55:09.0192 7000 WmiAcpi - ok
19:55:09.0227 7000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:55:09.0233 7000 wmiApSrv - ok
19:55:09.0269 7000 WMPNetworkSvc - ok
19:55:09.0292 7000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:55:09.0299 7000 WPCSvc - ok
19:55:09.0334 7000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:55:09.0343 7000 WPDBusEnum - ok
19:55:09.0364 7000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:55:09.0368 7000 ws2ifsl - ok
19:55:09.0391 7000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:55:09.0400 7000 wscsvc - ok
19:55:09.0404 7000 WSearch - ok
19:55:09.0512 7000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:55:09.0617 7000 wuauserv - ok
19:55:09.0641 7000 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:55:09.0644 7000 WudfPf - ok
19:55:09.0682 7000 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:09.0687 7000 WUDFRd - ok
19:55:09.0692 7000 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:55:09.0697 7000 wudfsvc - ok
19:55:09.0722 7000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:55:09.0730 7000 WwanSvc - ok
19:55:09.0754 7000 ================ Scan global ===============================
19:55:09.0791 7000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:55:09.0820 7000 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:55:09.0832 7000 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:55:09.0852 7000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:55:09.0880 7000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:55:09.0888 7000 [Global] - ok
19:55:09.0889 7000 ================ Scan MBR ==================================
19:55:09.0903 7000 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:55:10.0178 7000 \Device\Harddisk0\DR0 - ok
19:55:10.0178 7000 ================ Scan VBR ==================================
19:55:10.0182 7000 [ 70774E84893C50921963F49F1F8BBA0B ] \Device\Harddisk0\DR0\Partition1
19:55:10.0185 7000 \Device\Harddisk0\DR0\Partition1 - ok
19:55:10.0206 7000 [ 248213F2A2CE9D20D62465CCB7FDB5C5 ] \Device\Harddisk0\DR0\Partition2
19:55:10.0208 7000 \Device\Harddisk0\DR0\Partition2 - ok
19:55:10.0209 7000 ============================================================
19:55:10.0209 7000 Scan finished
19:55:10.0209 7000 ============================================================
19:55:10.0220 6248 Detected object count: 0
19:55:10.0220 6248 Actual detected object count: 0
19:55:38.0433 4008 Deinitialize success
__________________
Barry Crothers is offline  
Old 03-21-2013, 03:45 PM   #11
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



ComboFix 13-03-21.01 - Barry 21/03/2013 20:02:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3884.1977 [GMT 0:00]
Running from: c:\users\Barry\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Barry\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\Barry\AppData\Local\Temp\swtlib-64\swt-win32-3650.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-21 20:15 . 2013-03-21 20:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-21 20:15 . 2013-03-21 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-21 18:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA6DA94A-9A1B-429D-A6A8-8AC4E080A886}\mpengine.dll
2013-03-19 22:50 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-14 02:10 . 2013-03-14 02:10 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 02:10 . 2013-03-14 02:10 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-06 23:04 . 2013-03-06 23:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 23:04 . 2013-03-06 23:04 -------- d-----w- c:\program files (x86)\Java
2013-03-05 00:55 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-05 00:55 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-02 17:18 . 2013-03-02 17:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-28 18:12 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-02-28 18:12 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-02-24 14:00 . 2013-02-24 14:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 02:12 . 2011-07-15 17:12 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-12 20:04 . 2012-03-31 20:07 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 20:04 . 2011-09-26 22:02 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-06 23:33 . 2012-12-12 18:30 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-12-12 18:30 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2012-12-12 18:30 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-12-12 18:30 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-12-12 18:30 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2012-12-12 18:30 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2012-12-12 18:29 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-12-12 18:30 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-06 23:04 . 2012-07-16 21:03 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-06 23:04 . 2011-10-05 20:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 18:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:39 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 03:25 . 2013-02-19 17:59 963776 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-10 03:25 . 2013-02-19 17:59 7569184 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-02-19 17:59 6267240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-02-19 17:59 30496 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2013-02-10 03:25 . 2013-02-19 17:59 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-10 03:25 . 2013-02-19 17:59 26947360 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-10 03:25 . 2013-02-19 17:59 20534560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-02-19 17:59 11040544 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:25 . 2013-02-19 17:59 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-10 03:25 . 2013-02-19 17:59 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-10 03:25 . 2013-02-19 17:59 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-02-19 17:59 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-10 03:25 . 2013-02-19 17:59 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-10 03:25 . 2013-02-19 17:59 7964680 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-02-19 17:59 2911008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-02-19 17:59 2726176 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-02-19 17:59 2350368 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-19 17:59 1990944 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-19 17:59 9422672 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-02-19 17:59 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-02-19 17:59 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-10 03:25 . 2012-10-08 11:42 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-10 03:25 . 2012-10-08 11:42 1114144 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-10 03:25 . 2010-07-26 14:26 2854344 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2010-07-26 14:26 15275744 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-10 03:25 . 2010-07-26 14:26 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-10 01:04 . 2010-07-27 06:56 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2010-07-27 06:56 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2010-07-27 06:56 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-10 01:04 . 2010-07-27 06:56 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2010-07-27 06:56 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-02-10 01:04 . 2010-07-27 06:56 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2010-07-27 06:56 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-02-10 01:04 . 2010-07-27 06:56 1012000 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-02-09 18:43 . 2013-02-09 18:43 555808 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-02-09 13:25 . 2010-07-27 06:56 3035306 ----a-w- c:\windows\system32\nvcoproc.bin
2013-01-30 10:53 . 2011-07-14 13:46 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 15:59 . 2011-04-27 14:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 22:56 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 22:56 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 22:56 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 22:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 22:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 22:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 22:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 22:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 22:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 22:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 22:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 22:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 22:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Barry\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"MusicManager"="c:\users\Barry\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 AllShare Play Install Service;AllShare Play Install Service;c:\program files\Samsung\AllShare Play\utils\AllSharePlayInstallSvc.exe [2012-06-29 16896]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-16 1255736]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-10 30496]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.0.93\AllShareFrameworkManagerDMS.exe [2012-06-25 32768]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49102854
*Deregistered* - 49102854
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:04]
.
2013-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4282996798-3650645237-2624726299-1002Core.job
- c:\users\Barry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-04 17:36]
.
2013-03-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4282996798-3650645237-2624726299-1002UA.job
- c:\users\Barry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-04 17:36]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 17:09]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 17:09]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282996798-3650645237-2624726299-1002Core.job
- c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 14:24]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282996798-3650645237-2624726299-1002UA.job
- c:\users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 14:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-08-10 2120808]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AllShare Play"="c:\program files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe" [2012-06-29 397728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5ce420fe0000000000000026c7acdc7f
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F28BC60C-F720-41F7-B58F-79E119ADF868}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-21 20:36:57
ComboFix-quarantined-files.txt 2013-03-21 20:36
.
Pre-Run: 89,821,704,192 bytes free
Post-Run: 90,087,776,256 bytes free
.
- - End Of File - - 0C4B84C7F65F2819DE15729A7D81D48B
__________________
Barry Crothers is offline  
Old 03-22-2013, 12:17 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



Thanks.

You have two antiirus programs installed, i.e. Avast and Microsoft Security Essentials . Decide on one to keep, and uninstall the other as having more than one antiviurs installed can render the system vulnerable as they would conflict with each other, even if one is disabled.

CCleaner is a good tool to clean temp files, but the Registry Section must not be used unless you know exactly what you are doing. Here are some articles about registry cleaners/tweakers to read:

miekiemoes' Blog: Registry Cleaners and System Tweaking Tools
Why I don’t use registry cleaners | Ed Bott

==========================

I don't see any signs of infection, but some adware remnants in the log. The following tools will take care of them.

Download the adwCleaner
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

==========================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

==========================

Let's also perform these scans to make sure nothing is left behind hiding.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

==========================

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________

amateur is offline  
Old 03-23-2013, 04:24 PM   #13
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



In terms of the anti-virus software I use I am not sure what to do really. I was waiting to get the green light on my system and then tackle the issue. I initially got Avast because firstly I run it on my Galaxy S3 and also because at the time i presumed that MSE was not going to be very good. I have also found out that my bank provides Kaspersky for free. I am not sure which one to run, any advice?

Here are the requested logs

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 18:51:50
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Barry - BARRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Barry\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Barry\AppData\Local\APN
Folder Deleted : C:\Users\Barry\AppData\Local\Conduit
Folder Deleted : C:\Users\Barry\AppData\LocalLow\blekko
Folder Deleted : C:\Users\Barry\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Barry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Barry\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Barry\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5ce420fe0000000000000026c7acdc7f --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4182 octets] - [22/03/2013 18:48:52]
AdwCleaner[R2].txt - [4242 octets] - [22/03/2013 18:51:07]
AdwCleaner[S1].txt - [3874 octets] - [22/03/2013 18:51:50]

########## EOF - C:\AdwCleaner[S1].txt - [3934 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Barry on 22/03/2013 at 19:00:39.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\crossriderplugin



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\codeccheck"
Successfully deleted: [Folder] "C:\Program Files (x86)\crossriderwebapps"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/03/2013 at 19:12:50.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free anti-malware download

Database version: v2013.03.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Barry :: BARRY-PC [administrator]

22/03/2013 19:17:54
mbam-log-2013-03-22 (19-17-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237069
Time elapsed: 8 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


D:\BARRY-PC\Backup Set 2013-02-05 023057\Backup Files 2013-02-05 023057\Backup files 3.zip multiple threats
__________________
Barry Crothers is offline  
Old 03-24-2013, 12:36 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



How is the system behaving?

Quote:
D:\BARRY-PC\Backup Set 2013-02-05 023057\Backup Files 2013-02-05 023057\Backup files 3.zip multiple threats
I assume this is the ESET report. It doesn't appear to be complete. Could you have missed some part of it? Looks like there are some infected items in your backup dated 2013-02-05 in D drive, but doesn't say what kind of threat they are. You can simply delete that back up and create a clean one now, if you like, or unzip the file and have it scanned by ESET and post its log. Don't click on anything inside, though, to prevent possible re-infection. You can direct ESET to scan that only.
__________________

amateur is offline  
Old 03-24-2013, 04:50 PM   #15
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



The computer seems to be running fine, stability is fine other than the odd instance of flash crashing occasionally in chrome but I can attribute that to this blacole situation.

After I ran Eset it displayed that single line result, I clicked to list the threats it had found and then tried to save it to a txt file but it wouldn't do so. The only thing I could do was copy what it showed in the list.

I have deleted this backup file now and run Eset again, it found no threats.
__________________
Barry Crothers is offline  
Old 03-25-2013, 12:47 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



Quote:
The computer seems to be running fine, stability is fine other than the odd instance of flash crashing occasionally in chrome but I can attribute that to this blacole situation.
I'm happy to hear that the computer is running fine. The crashing of flash while using Chrome is not malware related. Chrome is known to handle the flash content differently than FireFox or Internet Explorer. It has an internal Flash installation which is updated when Chrome is. Sometimes, Chrome tries to utilize both the operating system and the Chrome Flash installation at the same time, and it crashes. You may find this article helpful.

If you have no further issues, you're good to go. We can proceed with the final housekeeping. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.

Please disable all protection applications as before .
  • Click Start thenRun
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your security applications now.

Malwarebytes is a good tool to keep for periodic scans.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them


You may also consider a password keeper, to keep all your passwords safe.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.
  • Java is a vulnerable application. You may want to consider uninstalling it. However, Secunia Online Inspector needs Java in order to run. So if you choose to use Secunia or regularly use any programs/websites that require Java, you may not want to uninstall it. If that is the case, we recommend at least disabling Java in your browsers and enabling it only when it is needed (for certain websites, for example). Please see here: Disable Java in browsers

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!
__________________

amateur is offline  
Old 03-27-2013, 02:02 PM   #17
Registered Member
 
Join Date: Feb 2013
Posts: 12
OS: Windows 7 Service Pack 1



Hi, sorry about the delay. Work commitments.

I have cleared combo fix and updated my restore point as advised.

Still curious, chosing which Anti-Virus and security package........Avast, MSE or Kaspersky?

Thanks
__________________
Barry Crothers is offline  
Old 03-28-2013, 01:12 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,828
OS: XP Win7 Ubuntu 10.10



No problem.

Quote:
Still curious, chosing which Anti-Virus and security package........Avast, MSE or Kaspersky?
That's a personal choice. They are all good. The important thing is not to have more than one antivirus application installed at the same time. I personally use MSE.

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android SMS phishing exploit uncovered
A vulnerability that could be exploited to send deceptive text messages from some Android devices as part of a phishing scheme has been uncovered by a researcher at North Carolina State University. Particularly worrisome is the fact that the vulnerability doesn't need any elevated app...
Glaswegian Computer Security News 2 11-06-2012 11:50 PM
Buffer overflow exploit blocked from Microsoft Word, then Normal.dot error
November 3, 2012 Hi, I have a Dell Pentium D dual core CPU 3.00GHz with 2.99 GHz, 3.00 GB of RAM with Microsoft Windows XP Media Center Edition Version 2002, Service Pack 3. I have all my installation discs including a Windows Install disc, but no Boot CD. I do not have Java on my PC, and...
Stephe Microsoft Office support 6 11-05-2012 08:54 AM
Entire Cryptome whistleblowing site hacked by Blackhole exploit kit
The Cryptome.org whistleblowing website was hit by a serious web hijack last week that for several days borrowed thousands of its pages to serve malware, the organisation has admitted. Starting on 8 February, attackers were able to hide malicious scripts on every one of the site’s 6,000 pages,...
Glaswegian Computer Security News 0 02-13-2012 01:50 PM
Hackers could crash Windows 7 with Safari browser code exploit
Microsoft is currently investigating reports of a zero-day vulnerability in Windows 7 64-bit that leads to crashes and could allow attackers to execute arbitrary code on affected systems. The security flaw can be exploited by opening a web page containing a specially-crafted iframe using Apple's...
Glaswegian Computer Security News 0 12-22-2011 01:40 PM
Duqu spreads using zero-day Word exploit, researchers warn
The unsettling mystery of the would-be Stuxnet malware ‘Duqu’ has deepened with the discovery that it is spread using a zero-day exploit in a Microsoft Word document. The University of Budapest security lab that first discovered Duqu has finally tracked down the installer it uses which turns out...
Glaswegian Computer Security News 1 11-04-2011 04:20 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:34 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts