Solved Svchost.exe/malware/trojan issue

Status
Not open for further replies.
danabear

danabear

Posts: 10   +0
Recently I noticed I can't open certain programs up without my computer crashing like clockwork (bsod then restarts). I thought I could negate any of these issues by simply reinstalling windows, so I did that but to no avail. Same problems exist. I checked it with my antivirus (avg) and it came up with 28 rootkit errors and a svchost.exe trojan when scanned with mbam so I figured I'd come here for a final solution... hopefully.

Here are the logs. I think I followed your forum directions accurately, so if you need anything else let me know!

Thanks.
-----------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dana :: BARBOBOT-PC [administrator]

Protection: Enabled

11/29/2012 9:48:36 AM
mbam-log-2012-11-29 (09-48-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219599
Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4904 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\!CheckMinSpec.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\!if.FileExists.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)
-----------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Dana at 10:10:13 on 2012-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7216 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Users\Dana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Dana\AppData\Local\Akamai\netsession_win.exe
C:\Users\Dana\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [Spotify] "C:\Users\Dana\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Dana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Dana\AppData\Local\Akamai\netsession_win.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Dana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.169.1
TCP: Interfaces\{0961E6E7-5741-49CA-BB5A-3437A2BA979F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6E99B88D-980E-411D-9B96-2665F80DCAED} : DHCPNameServer = 192.168.169.1
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-29 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-29 676936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-29 25928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-29 1432400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-28 1255736]
.
=============== Created Last 30 ================
.
2012-11-29 14:54:1020480----a-w-C:\Windows\svchost.exe
2012-11-29 14:47:15--------d-----w-C:\Users\Dana\AppData\Roaming\Malwarebytes
2012-11-29 14:46:50--------d-----w-C:\ProgramData\Malwarebytes
2012-11-29 14:46:4925928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-29 14:46:49--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-29 13:51:45--------d-----w-C:\Users\Dana\AppData\Local\Autodesk
2012-11-29 13:40:31--------d-----w-C:\Program Files (x86)\Autodesk
2012-11-29 13:38:38--------d-----w-C:\Program Files\Common Files\Macrovision Shared
2012-11-29 13:36:09--------d-----w-C:\Program Files\Common Files\Autodesk Shared
2012-11-29 13:36:09--------d-----w-C:\Program Files\Autodesk
2012-11-29 13:34:59540688----a-w-C:\Windows\System32\d3dx10_39.dll
2012-11-29 13:16:33--------d-----w-C:\Users\Dana\AppData\Roaming\Autodesk
2012-11-29 13:16:24--------d-----w-C:\Program Files\eula
2012-11-29 13:16:20500136----a-w-C:\Program Files\Setup.exe
2012-11-29 13:16:20--------d-----w-C:\Program Files\NLSDL
2012-11-29 13:16:14--------d-----w-C:\Program Files\zh-CN
2012-11-29 13:16:14--------d-----w-C:\Program Files\Setup
2012-11-29 13:16:14--------d-----w-C:\Program Files\ja-JP
2012-11-29 13:16:14--------d-----w-C:\Program Files\en-US
2012-11-29 13:16:14--------d-----w-C:\Program Files\CER
2012-11-29 13:15:38--------d-----w-C:\Program Files\3rdParty
2012-11-29 13:15:34--------d-----w-C:\Program Files\x64
2012-11-29 13:15:34--------d-----w-C:\Program Files\SetupRes
2012-11-29 13:14:36--------d-----w-C:\Program Files\Resources
2012-11-29 13:14:36--------d-----w-C:\Program Files\Locale
2012-11-29 13:14:35--------d-----w-C:\Program Files\GraphicsData
2012-11-29 13:12:06--------d-----w-C:\Program Files\CommonData
2012-11-29 13:05:43314784----a-w-C:\Program Files\Uninstaller.exe
2012-11-29 13:00:53--------d-----w-C:\Users\Dana\AppData\Local\Akamai
2012-11-29 04:59:31--------d-----w-C:\Program Files (x86)\Steam
2012-11-29 04:59:31--------d-----w-C:\Program Files (x86)\Common Files\Steam
2012-11-29 04:53:14--------d-----w-C:\Users\Dana\AppData\Roaming\Dropbox
2012-11-29 04:51:22--------d-----w-C:\Users\Dana\AppData\Local\Spotify
2012-11-29 04:50:54--------d-----w-C:\Users\Dana\AppData\Roaming\Spotify
2012-11-29 04:48:53--------d-----w-C:\Users\Dana\AppData\Roaming\NVIDIA
2012-11-29 04:48:36--------d-----w-C:\Program Files\Speccy
2012-11-29 04:47:29--------d-----w-C:\Program Files (x86)\VideoLAN
2012-11-29 04:33:25--------d-----w-C:\Users\Dana\AppData\Local\ElevatedDiagnostics
2012-11-29 02:49:11--------d-----w-C:\Users\Dana\AppData\Local\Apple Computer
2012-11-29 02:49:0133240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-29 02:47:30--------d-----w-C:\Program Files\iPod
2012-11-29 02:47:29--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-29 02:47:29--------d-----w-C:\Program Files (x86)\iTunes
2012-11-29 02:47:28--------d-----w-C:\Program Files\iTunes
2012-11-29 02:45:57--------d-----w-C:\Users\Dana\AppData\Local\Apple
2012-11-29 02:44:33--------d-----w-C:\Program Files\Bonjour
2012-11-29 02:44:33--------d-----w-C:\Program Files (x86)\Bonjour
2012-11-29 02:36:03--------d-----w-C:\Users\Dana\AppData\Roaming\LolClient
2012-11-29 02:21:4568616----a-w-C:\Windows\SysWow64\XAPOFX1_1.dll
2012-11-29 02:21:45509448----a-w-C:\Windows\SysWow64\XAudio2_2.dll
2012-11-29 02:21:45467984----a-w-C:\Windows\SysWow64\d3dx10_39.dll
2012-11-29 02:21:453851784----a-w-C:\Windows\SysWow64\D3DX9_39.dll
2012-11-29 02:21:451493528----a-w-C:\Windows\SysWow64\D3DCompiler_39.dll
2012-11-29 02:16:22--------d-----w-C:\Riot Games
2012-11-29 01:42:38--------d-----w-C:\Program Files\CCleaner
2012-11-29 01:20:48--------d-----w-C:\Users\Dana\AppData\Roaming\AVG2013
2012-11-29 01:17:48--------d-----w-C:\Users\Dana\AppData\Roaming\TuneUp Software
2012-11-29 01:16:03--------d--h--w-C:\$AVG
2012-11-29 01:16:03--------d-----w-C:\ProgramData\AVG2013
2012-11-29 01:14:54--------d-----w-C:\Program Files (x86)\AVG
2012-11-29 01:06:51--------d--h--w-C:\ProgramData\Common Files
2012-11-29 01:06:50--------d-----w-C:\Users\Dana\AppData\Local\Avg2013
2012-11-29 01:06:49--------d-----w-C:\Users\Dana\AppData\Local\MFAData
2012-11-29 01:06:48--------d-----w-C:\ProgramData\MFAData
2012-11-29 01:01:31--------d-----w-C:\Program Files\LSI SoftModem
2012-11-29 00:55:55--------d-----w-C:\Users\Dana\AppData\Local\PMB Files
2012-11-29 00:55:54--------d-----w-C:\ProgramData\PMB Files
2012-11-29 00:55:45--------d-----w-C:\Program Files (x86)\Pando Networks
2012-11-29 00:52:00--------d-sh--w-C:\Windows\Installer
2012-11-29 00:47:51--------d-----w-C:\Users\Dana\AppData\Local\Google
2012-11-29 00:47:30--------d-----w-C:\Users\Dana\AppData\Local\Apps
2012-11-29 00:47:29--------d-----w-C:\Users\Dana\AppData\Local\Deployment
2012-11-29 00:39:01--------d-----w-C:\Windows\SysWow64\Wat
2012-11-29 00:39:00--------d-----w-C:\Windows\System32\Wat
2012-11-29 00:24:018199504----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-29 00:23:569125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90A7E907-D83E-47A3-BCB1-1C16AF602FA3}\mpengine.dll
2012-11-29 00:13:439728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-29 00:13:43785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-29 00:13:4354376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-29 00:13:432560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-29 00:02:1587040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-29 00:02:1584992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-29 00:02:15744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-29 00:02:1545056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-29 00:02:15229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-29 00:02:15198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-29 00:02:15194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-29 00:01:0681408----a-w-C:\Windows\System32\imagehlp.dll
2012-11-29 00:01:065120----a-w-C:\Windows\SysWow64\wmi.dll
2012-11-29 00:01:065120----a-w-C:\Windows\System32\wmi.dll
2012-11-29 00:01:0623408----a-w-C:\Windows\System32\drivers\fs_rec.sys
2012-11-29 00:01:06159232----a-w-C:\Windows\SysWow64\imagehlp.dll
2012-11-28 23:59:10--------d-----w-C:\Program Files (x86)\NVIDIA Corporation
2012-11-28 23:58:53891240----a-w-C:\Windows\System32\nvvsvc.exe
2012-11-28 23:58:5363336----a-w-C:\Windows\System32\nvshext.dll
2012-11-28 23:58:536200680----a-w-C:\Windows\System32\nvcpl.dll
2012-11-28 23:58:533293544----a-w-C:\Windows\System32\nvsvc64.dll
2012-11-28 23:58:532557800----a-w-C:\Windows\System32\nvsvcr.dll
2012-11-28 23:58:53118120----a-w-C:\Windows\System32\nvmctray.dll
2012-11-28 23:58:2660776----a-w-C:\Windows\System32\OpenCL.dll
2012-11-28 23:58:2652584----a-w-C:\Windows\SysWow64\OpenCL.dll
2012-11-28 23:57:53--------d-----w-C:\ProgramData\NVIDIA Corporation
2012-11-28 23:57:31--------d-----w-C:\Program Files\NVIDIA Corporation
2012-11-28 23:54:5931232----a-w-C:\Windows\SysWow64\prevhost.exe
2012-11-28 23:53:59514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-11-28 23:51:43184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-11-28 23:51:431464320----a-w-C:\Windows\System32\crypt32.dll
2012-11-28 23:51:43140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-11-28 23:51:43140288----a-w-C:\Windows\System32\cryptnet.dll
2012-11-28 23:51:431159680----a-w-C:\Windows\SysWow64\crypt32.dll
2012-11-28 23:51:43103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-11-28 23:45:5377312----a-w-C:\Windows\System32\packager.dll
2012-11-28 23:45:5367072----a-w-C:\Windows\SysWow64\packager.dll
2012-11-28 23:44:10--------d-----w-C:\Windows\Panther
2012-11-28 23:33:352622464----a-w-C:\Windows\System32\wucltux.dll
2012-11-28 23:33:2899840----a-w-C:\Windows\System32\wudriver.dll
2012-11-28 23:33:1136864----a-w-C:\Windows\System32\wuapp.exe
2012-11-28 23:33:11186752----a-w-C:\Windows\System32\wuwebv.dll
2012-11-28 23:02:10--------d-----w-C:\Users\Dana\AppData\Local\Diagnostics
2012-11-28 22:13:08--------d-----w-C:\Users\Dana\.swt
2012-11-28 22:06:05--------d-----w-C:\Users\Dana\AppData\Local\VirtualStore
2012-11-20 23:37:13--------d-----w-C:\Crash
2012-11-20 13:42:08960968----a-w-C:\Program Files\LaunchPad.exe
2012-11-13 00:40:05--------d-----w-C:\AdobeTemp
.
==================== Find3M ====================
.
2012-10-22 18:02:44154464----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:48:5063328----a-w-C:\Windows\System32\drivers\avgidsha.sys
2012-10-11 02:22:542428776----a-w-C:\Windows\SysWow64\nvapi.dll
2012-10-11 02:22:5226331496----a-w-C:\Windows\System32\nvoglv64.dll
2012-10-11 02:22:521760104----a-w-C:\Windows\System32\nvdispco64.dll
2012-10-11 02:22:3215309160----a-w-C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 02:22:262747240----a-w-C:\Windows\System32\nvcuvid.dll
2012-10-11 02:22:2419906920----a-w-C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 02:22:1813443944----a-w-C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 02:22:1417559912----a-w-C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-05 08:32:50111456----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 18:15:52430952----a-w-C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 08:30:38185696----a-w-C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
2012-09-21 08:46:04200032----a-w-C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00225120----a-w-C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:1840800----a-w-C:\Windows\System32\drivers\avgrkx64.sys
2012-09-04 15:39:3250296----a-w-C:\Windows\System32\drivers\avgfwd6a.sys
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 10:10:34.49 ===============
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/28/2012 5:05:52 PM
System Uptime: 11/29/2012 9:52:34 AM (1 hours ago)
.
Motherboard: Gateway | | TBGM01
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 3037/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 821.693 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 466 GiB total, 357.108 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&6730480&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&6730480&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP7: 11/28/2012 8:13:13 PM - Installed AVG 2013
RP8: 11/28/2012 8:14:59 PM - Installed AVG 2013
RP9: 11/28/2012 8:23:40 PM - Windows Update
RP10: 11/28/2012 9:16:10 PM - Installed League of Legends
RP11: 11/28/2012 9:46:03 PM - Installed iTunes
RP12: 11/28/2012 11:58:00 PM - Installed 7-Zip 9.20 (x64 edition)
RP13: 11/28/2012 11:58:44 PM - Installed Steam
RP14: 11/29/2012 8:05:50 AM - Installed DirectX
RP15: 11/29/2012 8:33:47 AM - Installed DirectX
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
Autodesk Backburner 2013.0.0
Autodesk DirectConnect 2013 64-bit
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
Autodesk MatchMover 2013 64-bit
Autodesk Maya 2013 64-bit
AVG 2013
Bonjour
CCleaner
Composite 2013 64-bit
Dropbox
gamelauncher-ps2-live
Google Chrome
Google Update Helper
iTunes
League of Legends
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Pando Media Booster
PlanetSide 2
Speccy
Spotify
Steam
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
.
==== Event Viewer Messages From Past Week ========
.
11/29/2012 9:53:14 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/29/2012 8:53:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880ea0e6bb0, 0x0000000000000001, 0xfffffa80093ed2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-41059-01.
11/29/2012 12:00:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/29/2012 12:00:22 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2012 8:12:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
11/28/2012 8:12:36 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
11/28/2012 7:34:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
11/28/2012 7:34:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
11/28/2012 7:32:23 PM, Error: Service Control Manager [7023] -
11/28/2012 7:28:53 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 7:28:52 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
11/28/2012 6:34:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
I have all day and I'm patient so I'll do my best to follow every direction and post as timely as I can to make things easy for you. Thanks!

11:04:18.0560 1368 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:04:19.0468 1368 ============================================================
11:04:19.0468 1368 Current date / time: 2012/11/29 11:04:19.0468
11:04:19.0468 1368 SystemInfo:
11:04:19.0468 1368
11:04:19.0468 1368 OS Version: 6.1.7601 ServicePack: 1.0
11:04:19.0468 1368 Product type: Workstation
11:04:19.0468 1368 ComputerName: BARBOBOT-PC
11:04:19.0468 1368 UserName: Dana
11:04:19.0468 1368 Windows directory: C:\Windows
11:04:19.0468 1368 System windows directory: C:\Windows
11:04:19.0468 1368 Running under WOW64
11:04:19.0468 1368 Processor architecture: Intel x64
11:04:19.0468 1368 Number of processors: 8
11:04:19.0468 1368 Page size: 0x1000
11:04:19.0468 1368 Boot type: Normal boot
11:04:19.0468 1368 ============================================================
11:04:20.0339 1368 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:04:20.0358 1368 ============================================================
11:04:20.0358 1368 \Device\Harddisk0\DR0:
11:04:20.0358 1368 MBR partitions:
11:04:20.0359 1368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x729B9800
11:04:20.0359 1368 ============================================================
11:04:20.0382 1368 C: <-> \Device\Harddisk0\DR0\Partition1
11:04:20.0382 1368 ============================================================
11:04:20.0382 1368 Initialize success
11:04:20.0382 1368 ============================================================
11:05:44.0276 3280 ============================================================
11:05:44.0276 3280 Scan started
11:05:44.0276 3280 Mode: Manual; SigCheck; TDLFS;
11:05:44.0276 3280 ============================================================
11:05:44.0618 3280 ================ Scan services =============================
11:05:44.0754 3280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:05:44.0879 3280 1394ohci - ok
11:05:44.0904 3280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:05:44.0917 3280 ACPI - ok
11:05:44.0931 3280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:05:44.0999 3280 AcpiPmi - ok
11:05:45.0027 3280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:05:45.0055 3280 adp94xx - ok
11:05:45.0075 3280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:05:45.0099 3280 adpahci - ok
11:05:45.0115 3280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:05:45.0126 3280 adpu320 - ok
11:05:45.0159 3280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:05:45.0301 3280 AeLookupSvc - ok
11:05:45.0342 3280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:05:45.0403 3280 AFD - ok
11:05:45.0512 3280 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
11:05:45.0536 3280 AgereModemAudio - ok
11:05:45.0595 3280 [ DDF52C4C92D831A4CDB7788B37585E36 ] AGERESoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
11:05:45.0668 3280 AGERESoftModem - ok
11:05:45.0696 3280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:05:45.0708 3280 agp440 - ok
11:05:45.0736 3280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:05:45.0773 3280 ALG - ok
11:05:45.0801 3280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:05:45.0813 3280 aliide - ok
11:05:45.0823 3280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:05:45.0835 3280 amdide - ok
11:05:45.0870 3280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:05:45.0905 3280 AmdK8 - ok
11:05:45.0922 3280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:05:45.0963 3280 AmdPPM - ok
11:05:46.0000 3280 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:05:46.0018 3280 amdsata - ok
11:05:46.0042 3280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:05:46.0062 3280 amdsbs - ok
11:05:46.0073 3280 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:05:46.0083 3280 amdxata - ok
11:05:46.0100 3280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:05:46.0160 3280 AppID - ok
11:05:46.0192 3280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:05:46.0261 3280 AppIDSvc - ok
11:05:46.0274 3280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:05:46.0339 3280 Appinfo - ok
11:05:46.0431 3280 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:05:46.0445 3280 Apple Mobile Device - ok
11:05:46.0462 3280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:05:46.0479 3280 arc - ok
11:05:46.0510 3280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:05:46.0526 3280 arcsas - ok
11:05:46.0550 3280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:05:46.0627 3280 AsyncMac - ok
11:05:46.0654 3280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:05:46.0662 3280 atapi - ok
11:05:46.0701 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:05:46.0770 3280 AudioEndpointBuilder - ok
11:05:46.0801 3280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:05:46.0829 3280 AudioSrv - ok
11:05:46.0866 3280 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
11:05:46.0874 3280 Avgfwfd - ok
11:05:46.0985 3280 [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
11:05:47.0026 3280 avgfws - ok
11:05:47.0170 3280 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
11:05:47.0250 3280 AVGIDSAgent - ok
11:05:47.0286 3280 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:05:47.0294 3280 AVGIDSDriver - ok
11:05:47.0301 3280 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:05:47.0309 3280 AVGIDSHA - ok
11:05:47.0318 3280 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:05:47.0326 3280 Avgldx64 - ok
11:05:47.0351 3280 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
11:05:47.0362 3280 Avgloga - ok
11:05:47.0371 3280 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:05:47.0380 3280 Avgmfx64 - ok
11:05:47.0402 3280 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:05:47.0410 3280 Avgrkx64 - ok
11:05:47.0426 3280 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:05:47.0436 3280 Avgtdia - ok
11:05:47.0450 3280 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
11:05:47.0460 3280 avgwd - ok
11:05:47.0492 3280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:05:47.0573 3280 AxInstSV - ok
11:05:47.0616 3280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:05:47.0675 3280 b06bdrv - ok
11:05:47.0698 3280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:05:47.0739 3280 b57nd60a - ok
11:05:47.0798 3280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:05:47.0852 3280 BDESVC - ok
11:05:47.0864 3280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:05:47.0960 3280 Beep - ok
11:05:47.0999 3280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:05:48.0055 3280 BFE - ok
11:05:48.0096 3280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:05:48.0152 3280 BITS - ok
11:05:48.0203 3280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:05:48.0220 3280 blbdrive - ok
11:05:48.0264 3280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:05:48.0283 3280 Bonjour Service - ok
11:05:48.0307 3280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:05:48.0357 3280 bowser - ok
11:05:48.0392 3280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:05:48.0429 3280 BrFiltLo - ok
11:05:48.0453 3280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:05:48.0472 3280 BrFiltUp - ok
11:05:48.0489 3280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:05:48.0512 3280 Browser - ok
11:05:48.0524 3280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:05:48.0588 3280 Brserid - ok
11:05:48.0627 3280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:05:48.0665 3280 BrSerWdm - ok
11:05:48.0705 3280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:05:48.0742 3280 BrUsbMdm - ok
11:05:48.0761 3280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:05:48.0800 3280 BrUsbSer - ok
11:05:48.0819 3280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:05:48.0857 3280 BTHMODEM - ok
11:05:48.0903 3280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:05:48.0975 3280 bthserv - ok
11:05:49.0027 3280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:05:49.0090 3280 cdfs - ok
11:05:49.0119 3280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:05:49.0158 3280 cdrom - ok
11:05:49.0207 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:05:49.0279 3280 CertPropSvc - ok
11:05:49.0322 3280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:05:49.0357 3280 circlass - ok
11:05:49.0389 3280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:05:49.0411 3280 CLFS - ok
11:05:49.0479 3280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:49.0493 3280 clr_optimization_v2.0.50727_32 - ok
11:05:49.0544 3280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:05:49.0559 3280 clr_optimization_v2.0.50727_64 - ok
11:05:49.0591 3280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:05:49.0608 3280 clr_optimization_v4.0.30319_32 - ok
11:05:49.0629 3280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:05:49.0644 3280 clr_optimization_v4.0.30319_64 - ok
11:05:49.0681 3280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:05:49.0720 3280 CmBatt - ok
11:05:49.0743 3280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:05:49.0757 3280 cmdide - ok
11:05:49.0786 3280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:05:49.0815 3280 CNG - ok
11:05:49.0823 3280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:05:49.0832 3280 Compbatt - ok
11:05:49.0849 3280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:05:49.0888 3280 CompositeBus - ok
11:05:49.0892 3280 COMSysApp - ok
11:05:49.0917 3280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:05:49.0940 3280 crcdisk - ok
11:05:49.0969 3280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:05:50.0025 3280 CryptSvc - ok
11:05:50.0067 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:05:50.0127 3280 DcomLaunch - ok
11:05:50.0156 3280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:05:50.0203 3280 defragsvc - ok
11:05:50.0226 3280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:05:50.0275 3280 DfsC - ok
11:05:50.0306 3280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:05:50.0362 3280 Dhcp - ok
11:05:50.0397 3280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:05:50.0448 3280 discache - ok
11:05:50.0474 3280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:05:50.0483 3280 Disk - ok
11:05:50.0500 3280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:05:50.0558 3280 Dnscache - ok
11:05:50.0593 3280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:05:50.0662 3280 dot3svc - ok
11:05:50.0684 3280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:05:50.0724 3280 DPS - ok
11:05:50.0775 3280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:05:50.0818 3280 drmkaud - ok
11:05:50.0868 3280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:05:50.0899 3280 DXGKrnl - ok
11:05:50.0951 3280 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
11:05:50.0979 3280 e1yexpress - ok
11:05:51.0030 3280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:05:51.0077 3280 EapHost - ok
11:05:51.0158 3280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:05:51.0213 3280 ebdrv - ok
11:05:51.0231 3280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:05:51.0291 3280 EFS - ok
11:05:51.0349 3280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:05:51.0410 3280 ehRecvr - ok
11:05:51.0424 3280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:05:51.0442 3280 ehSched - ok
11:05:51.0486 3280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:05:51.0514 3280 elxstor - ok
11:05:51.0528 3280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:05:51.0555 3280 ErrDev - ok
11:05:51.0596 3280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:05:51.0651 3280 EventSystem - ok
11:05:51.0689 3280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:05:51.0719 3280 exfat - ok
11:05:51.0731 3280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:05:51.0777 3280 fastfat - ok
11:05:51.0816 3280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:05:51.0872 3280 Fax - ok
11:05:51.0885 3280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:05:51.0917 3280 fdc - ok
11:05:51.0977 3280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:05:52.0012 3280 fdPHost - ok
11:05:52.0023 3280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:05:52.0045 3280 FDResPub - ok
11:05:52.0078 3280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:05:52.0087 3280 FileInfo - ok
11:05:52.0097 3280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:05:52.0159 3280 Filetrace - ok
11:05:52.0224 3280 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:05:52.0259 3280 FLEXnet Licensing Service 64 - ok
11:05:52.0270 3280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:05:52.0280 3280 flpydisk - ok
11:05:52.0302 3280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:05:52.0313 3280 FltMgr - ok
11:05:52.0357 3280 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
11:05:52.0412 3280 FontCache - ok
11:05:52.0464 3280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:05:52.0483 3280 FontCache3.0.0.0 - ok
11:05:52.0508 3280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:05:52.0524 3280 FsDepends - ok
11:05:52.0547 3280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:05:52.0563 3280 Fs_Rec - ok
11:05:52.0578 3280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:05:52.0602 3280 fvevol - ok
11:05:52.0627 3280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:05:52.0636 3280 gagp30kx - ok
11:05:52.0658 3280 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:05:52.0664 3280 GEARAspiWDM - ok
11:05:52.0716 3280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:05:52.0756 3280 gpsvc - ok
11:05:52.0796 3280 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:52.0809 3280 gupdate - ok
11:05:52.0813 3280 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:52.0823 3280 gupdatem - ok
11:05:52.0847 3280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:05:52.0901 3280 hcw85cir - ok
11:05:52.0940 3280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:05:52.0981 3280 HdAudAddService - ok
11:05:52.0998 3280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:05:53.0034 3280 HDAudBus - ok
11:05:53.0055 3280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:05:53.0088 3280 HidBatt - ok
11:05:53.0113 3280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:05:53.0144 3280 HidBth - ok
11:05:53.0190 3280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:05:53.0202 3280 HidIr - ok
11:05:53.0226 3280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:05:53.0286 3280 hidserv - ok
11:05:53.0324 3280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:05:53.0341 3280 HidUsb - ok
11:05:53.0369 3280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:05:53.0434 3280 hkmsvc - ok
11:05:53.0462 3280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:05:53.0517 3280 HomeGroupListener - ok
11:05:53.0554 3280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:05:53.0593 3280 HomeGroupProvider - ok
11:05:53.0639 3280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:05:53.0656 3280 HpSAMD - ok
11:05:53.0682 3280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:05:53.0750 3280 HTTP - ok
11:05:53.0767 3280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:05:53.0775 3280 hwpolicy - ok
11:05:53.0802 3280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:05:53.0812 3280 i8042prt - ok
11:05:53.0857 3280 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:05:53.0879 3280 iaStorV - ok
11:05:53.0939 3280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:05:53.0967 3280 idsvc - ok
11:05:53.0983 3280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:05:53.0997 3280 iirsp - ok
11:05:54.0039 3280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:05:54.0111 3280 IKEEXT - ok
11:05:54.0143 3280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:05:54.0152 3280 intelide - ok
11:05:54.0174 3280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:05:54.0193 3280 intelppm - ok
11:05:54.0241 3280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:05:54.0307 3280 IPBusEnum - ok
11:05:54.0335 3280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:05:54.0367 3280 IpFilterDriver - ok
11:05:54.0392 3280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:05:54.0451 3280 iphlpsvc - ok
11:05:54.0480 3280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:05:54.0520 3280 IPMIDRV - ok
11:05:54.0541 3280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:05:54.0581 3280 IPNAT - ok
11:05:54.0621 3280 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:05:54.0647 3280 iPod Service - ok
11:05:54.0666 3280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:05:54.0677 3280 IRENUM - ok
11:05:54.0689 3280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:05:54.0698 3280 isapnp - ok
11:05:54.0730 3280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:05:54.0751 3280 iScsiPrt - ok
11:05:54.0764 3280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:05:54.0774 3280 kbdclass - ok
11:05:54.0794 3280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:05:54.0824 3280 kbdhid - ok
11:05:54.0847 3280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:05:54.0859 3280 KeyIso - ok
11:05:54.0873 3280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:05:54.0884 3280 KSecDD - ok
11:05:54.0893 3280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:05:54.0906 3280 KSecPkg - ok
11:05:54.0929 3280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:05:54.0982 3280 ksthunk - ok
11:05:55.0029 3280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:05:55.0096 3280 KtmRm - ok
11:05:55.0145 3280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:05:55.0208 3280 LanmanServer - ok
11:05:55.0248 3280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:05:55.0310 3280 LanmanWorkstation - ok
11:05:55.0338 3280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:05:55.0384 3280 lltdio - ok
11:05:55.0411 3280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:05:55.0461 3280 lltdsvc - ok
11:05:55.0495 3280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:05:55.0522 3280 lmhosts - ok
11:05:55.0547 3280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:05:55.0559 3280 LSI_FC - ok
11:05:55.0574 3280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:05:55.0585 3280 LSI_SAS - ok
11:05:55.0596 3280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:05:55.0606 3280 LSI_SAS2 - ok
11:05:55.0616 3280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:05:55.0627 3280 LSI_SCSI - ok
11:05:55.0631 3280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:05:55.0674 3280 luafv - ok
11:05:55.0708 3280 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:05:55.0717 3280 MBAMProtector - ok
11:05:55.0782 3280 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:05:55.0808 3280 MBAMScheduler - ok
11:05:55.0827 3280 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:05:55.0845 3280 MBAMService - ok
11:05:55.0861 3280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:05:55.0872 3280 Mcx2Svc - ok
11:05:55.0893 3280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:05:55.0904 3280 megasas - ok
11:05:55.0932 3280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:05:55.0954 3280 MegaSR - ok
11:05:56.0000 3280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:05:56.0059 3280 MMCSS - ok
11:05:56.0068 3280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:05:56.0112 3280 Modem - ok
11:05:56.0139 3280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:05:56.0172 3280 monitor - ok
11:05:56.0215 3280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:05:56.0231 3280 mouclass - ok
11:05:56.0251 3280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:05:56.0292 3280 mouhid - ok
11:05:56.0329 3280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:05:56.0347 3280 mountmgr - ok
11:05:56.0359 3280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:05:56.0372 3280 mpio - ok
11:05:56.0384 3280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:05:56.0412 3280 mpsdrv - ok
11:05:56.0451 3280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:05:56.0513 3280 MpsSvc - ok
11:05:56.0533 3280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:05:56.0567 3280 MRxDAV - ok
11:05:56.0596 3280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:05:56.0649 3280 mrxsmb - ok
11:05:56.0672 3280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:05:56.0686 3280 mrxsmb10 - ok
11:05:56.0703 3280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:05:56.0716 3280 mrxsmb20 - ok
11:05:56.0744 3280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:05:56.0760 3280 msahci - ok
11:05:56.0779 3280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:05:56.0792 3280 msdsm - ok
11:05:56.0807 3280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:05:56.0843 3280 MSDTC - ok
11:05:56.0863 3280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:05:56.0892 3280 Msfs - ok
11:05:56.0899 3280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:05:56.0960 3280 mshidkmdf - ok
11:05:56.0980 3280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:05:56.0988 3280 msisadrv - ok
11:05:57.0090 3280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:05:57.0161 3280 MSiSCSI - ok
11:05:57.0164 3280 msiserver - ok
11:05:57.0192 3280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:05:57.0240 3280 MSKSSRV - ok
11:05:57.0272 3280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:57.0337 3280 MSPCLOCK - ok
11:05:57.0363 3280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:05:57.0428 3280 MSPQM - ok
11:05:57.0518 3280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:05:57.0555 3280 MsRPC - ok
11:05:57.0603 3280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:05:57.0619 3280 mssmbios - ok
11:05:57.0637 3280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:05:57.0728 3280 MSTEE - ok
11:05:57.0768 3280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:05:57.0795 3280 MTConfig - ok
11:05:57.0808 3280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:05:57.0824 3280 Mup - ok
11:05:57.0862 3280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:05:57.0931 3280 napagent - ok
11:05:57.0980 3280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:05:58.0020 3280 NativeWifiP - ok
11:05:58.0088 3280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:05:58.0124 3280 NDIS - ok
11:05:58.0138 3280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:05:58.0163 3280 NdisCap - ok
11:05:58.0177 3280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:58.0203 3280 NdisTapi - ok
11:05:58.0231 3280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:58.0284 3280 Ndisuio - ok
11:05:58.0306 3280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan
 
C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:58.0367 3280 NdisWan - ok
11:05:58.0396 3280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:05:58.0423 3280 NDProxy - ok
11:05:58.0443 3280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:05:58.0485 3280 NetBIOS - ok
11:05:58.0499 3280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:05:58.0523 3280 NetBT - ok
11:05:58.0530 3280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:05:58.0540 3280 Netlogon - ok
11:05:58.0566 3280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:05:58.0618 3280 Netman - ok
11:05:58.0640 3280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:05:58.0692 3280 netprofm - ok
11:05:58.0750 3280 [ 1A8E9C7464B57A453C336884E1C69B01 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
11:05:58.0770 3280 netr28ux - ok
11:05:58.0793 3280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:58.0803 3280 NetTcpPortSharing - ok
11:05:58.0846 3280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:05:58.0863 3280 nfrd960 - ok
11:05:58.0880 3280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:05:58.0911 3280 NlaSvc - ok
11:05:58.0937 3280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:05:58.0969 3280 Npfs - ok
11:05:58.0996 3280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:05:59.0040 3280 nsi - ok
11:05:59.0058 3280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:05:59.0100 3280 nsiproxy - ok
11:05:59.0144 3280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:05:59.0179 3280 Ntfs - ok
11:05:59.0209 3280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:05:59.0235 3280 Null - ok
11:05:59.0547 3280 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:05:59.0814 3280 nvlddmkm - ok
11:05:59.0839 3280 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:05:59.0849 3280 nvraid - ok
11:05:59.0861 3280 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:05:59.0872 3280 nvstor - ok
11:05:59.0913 3280 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
11:05:59.0928 3280 nvsvc - ok
11:05:59.0972 3280 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:05:59.0991 3280 nvUpdatusService - ok
11:06:00.0001 3280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:06:00.0011 3280 nv_agp - ok
11:06:00.0041 3280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:06:00.0059 3280 ohci1394 - ok
11:06:00.0088 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:06:00.0156 3280 p2pimsvc - ok
11:06:00.0172 3280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:06:00.0193 3280 p2psvc - ok
11:06:00.0208 3280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:06:00.0218 3280 Parport - ok
11:06:00.0231 3280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:06:00.0240 3280 partmgr - ok
11:06:00.0255 3280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:06:00.0285 3280 PcaSvc - ok
11:06:00.0319 3280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:06:00.0338 3280 pci - ok
11:06:00.0353 3280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:06:00.0363 3280 pciide - ok
11:06:00.0376 3280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:06:00.0389 3280 pcmcia - ok
11:06:00.0403 3280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:06:00.0412 3280 pcw - ok
11:06:00.0438 3280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:06:00.0501 3280 PEAUTH - ok
11:06:00.0599 3280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:06:00.0637 3280 PerfHost - ok
11:06:00.0694 3280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:06:00.0761 3280 pla - ok
11:06:00.0806 3280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:06:00.0859 3280 PlugPlay - ok
11:06:00.0870 3280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:06:00.0903 3280 PNRPAutoReg - ok
11:06:00.0930 3280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:06:00.0950 3280 PNRPsvc - ok
11:06:00.0986 3280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:06:01.0057 3280 PolicyAgent - ok
11:06:01.0105 3280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:06:01.0162 3280 Power - ok
11:06:01.0213 3280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:06:01.0257 3280 PptpMiniport - ok
11:06:01.0280 3280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:06:01.0318 3280 Processor - ok
11:06:01.0348 3280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:06:01.0401 3280 ProfSvc - ok
11:06:01.0413 3280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:06:01.0427 3280 ProtectedStorage - ok
11:06:01.0443 3280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:06:01.0490 3280 Psched - ok
11:06:01.0537 3280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:06:01.0575 3280 ql2300 - ok
11:06:01.0602 3280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:06:01.0613 3280 ql40xx - ok
11:06:01.0644 3280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:06:01.0658 3280 QWAVE - ok
11:06:01.0668 3280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:06:01.0700 3280 QWAVEdrv - ok
11:06:01.0722 3280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:06:01.0765 3280 RasAcd - ok
11:06:01.0867 3280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:06:01.0914 3280 RasAgileVpn - ok
11:06:01.0925 3280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:06:01.0973 3280 RasAuto - ok
11:06:01.0992 3280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:06:02.0039 3280 Rasl2tp - ok
11:06:02.0075 3280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:06:02.0102 3280 RasMan - ok
11:06:02.0113 3280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:06:02.0165 3280 RasPppoe - ok
11:06:02.0194 3280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:06:02.0241 3280 RasSstp - ok
11:06:02.0282 3280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:06:02.0340 3280 rdbss - ok
11:06:02.0358 3280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:06:02.0386 3280 rdpbus - ok
11:06:02.0419 3280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:06:02.0453 3280 RDPCDD - ok
11:06:02.0458 3280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:06:02.0504 3280 RDPENCDD - ok
11:06:02.0523 3280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:06:02.0546 3280 RDPREFMP - ok
11:06:02.0565 3280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:06:02.0586 3280 RDPWD - ok
11:06:02.0627 3280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:06:02.0647 3280 rdyboost - ok
11:06:02.0679 3280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:06:02.0719 3280 RemoteAccess - ok
11:06:02.0749 3280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:06:02.0777 3280 RemoteRegistry - ok
11:06:02.0818 3280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:06:02.0897 3280 RpcEptMapper - ok
11:06:02.0939 3280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:06:02.0956 3280 RpcLocator - ok
11:06:02.0982 3280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:06:03.0019 3280 RpcSs - ok
11:06:03.0029 3280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:06:03.0053 3280 rspndr - ok
11:06:03.0063 3280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:06:03.0072 3280 SamSs - ok
11:06:03.0122 3280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:06:03.0138 3280 sbp2port - ok
11:06:03.0170 3280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:06:03.0201 3280 SCardSvr - ok
11:06:03.0204 3280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:06:03.0253 3280 scfilter - ok
11:06:03.0297 3280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:06:03.0358 3280 Schedule - ok
11:06:03.0396 3280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:06:03.0423 3280 SCPolicySvc - ok
11:06:03.0434 3280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:06:03.0452 3280 SDRSVC - ok
11:06:03.0486 3280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:06:03.0544 3280 secdrv - ok
11:06:03.0580 3280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:06:03.0618 3280 seclogon - ok
11:06:03.0642 3280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:06:03.0681 3280 SENS - ok
11:06:03.0705 3280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:06:03.0725 3280 SensrSvc - ok
11:06:03.0761 3280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:06:03.0801 3280 Serenum - ok
11:06:03.0843 3280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:06:03.0883 3280 Serial - ok
11:06:03.0911 3280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:06:03.0949 3280 sermouse - ok
11:06:03.0991 3280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:06:04.0056 3280 SessionEnv - ok
11:06:04.0081 3280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:06:04.0093 3280 sffdisk - ok
11:06:04.0121 3280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:06:04.0156 3280 sffp_mmc - ok
11:06:04.0174 3280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:06:04.0218 3280 sffp_sd - ok
11:06:04.0229 3280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:06:04.0246 3280 sfloppy - ok
11:06:04.0285 3280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:06:04.0334 3280 SharedAccess - ok
11:06:04.0366 3280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:06:04.0429 3280 ShellHWDetection - ok
11:06:04.0457 3280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:06:04.0467 3280 SiSRaid2 - ok
11:06:04.0492 3280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:06:04.0503 3280 SiSRaid4 - ok
11:06:04.0522 3280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:06:04.0572 3280 Smb - ok
11:06:04.0616 3280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:06:04.0652 3280 SNMPTRAP - ok
11:06:04.0678 3280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:06:04.0691 3280 spldr - ok
11:06:04.0717 3280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:06:04.0743 3280 Spooler - ok
11:06:04.0816 3280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:06:04.0897 3280 sppsvc - ok
11:06:04.0929 3280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:06:04.0968 3280 sppuinotify - ok
11:06:04.0996 3280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:06:05.0043 3280 srv - ok
11:06:05.0058 3280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:06:05.0095 3280 srv2 - ok
11:06:05.0117 3280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:06:05.0129 3280 srvnet - ok
11:06:05.0142 3280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:06:05.0190 3280 SSDPSRV - ok
11:06:05.0221 3280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:06:05.0247 3280 SstpSvc - ok
11:06:05.0275 3280 Steam Client Service - ok
11:06:05.0313 3280 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:06:05.0324 3280 Stereo Service - ok
11:06:05.0352 3280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:06:05.0368 3280 stexstor - ok
11:06:05.0409 3280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:06:05.0430 3280 stisvc - ok
11:06:05.0443 3280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:06:05.0453 3280 swenum - ok
11:06:05.0488 3280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:06:05.0544 3280 swprv - ok
11:06:05.0592 3280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:06:05.0641 3280 SysMain - ok
11:06:05.0666 3280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:06:05.0680 3280 TabletInputService - ok
11:06:05.0690 3280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:06:05.0740 3280 TapiSrv - ok
11:06:05.0781 3280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:06:05.0818 3280 TBS - ok
11:06:05.0879 3280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:06:05.0931 3280 Tcpip - ok
11:06:05.0959 3280 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:06:05.0988 3280 TCPIP6 - ok
11:06:06.0007 3280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:06:06.0033 3280 tcpipreg - ok
11:06:06.0067 3280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:06:06.0118 3280 TDPIPE - ok
11:06:06.0133 3280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:06:06.0168 3280 TDTCP - ok
11:06:06.0199 3280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:06:06.0264 3280 tdx - ok
11:06:06.0286 3280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:06:06.0296 3280 TermDD - ok
11:06:06.0341 3280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:06:06.0399 3280 TermService - ok
11:06:06.0418 3280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:06:06.0431 3280 Themes - ok
11:06:06.0441 3280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:06:06.0465 3280 THREADORDER - ok
11:06:06.0482 3280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:06:06.0533 3280 TrkWks - ok
11:06:06.0586 3280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:06:06.0623 3280 TrustedInstaller - ok
11:06:06.0631 3280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:06:06.0672 3280 tssecsrv - ok
11:06:06.0706 3280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:06:06.0745 3280 TsUsbFlt - ok
11:06:06.0777 3280 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:06:06.0793 3280 TsUsbGD - ok
11:06:06.0813 3280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:06:06.0878 3280 tunnel - ok
11:06:06.0892 3280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:06:06.0902 3280 uagp35 - ok
11:06:06.0927 3280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:06:06.0984 3280 udfs - ok
11:06:07.0018 3280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:06:07.0028 3280 UI0Detect - ok
11:06:07.0067 3280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:06:07.0084 3280 uliagpkx - ok
11:06:07.0100 3280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:06:07.0126 3280 umbus - ok
11:06:07.0181 3280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:06:07.0219 3280 UmPass - ok
11:06:07.0251 3280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:06:07.0327 3280 upnphost - ok
11:06:07.0358 3280 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:06:07.0411 3280 USBAAPL64 - ok
11:06:07.0508 3280 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:06:07.0600 3280 usbaudio - ok
11:06:07.0653 3280 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:06:07.0671 3280 usbccgp - ok
11:06:07.0690 3280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:06:07.0711 3280 usbcir - ok
11:06:07.0724 3280 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:06:07.0764 3280 usbehci - ok
11:06:07.0794 3280 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:06:07.0834 3280 usbhub - ok
11:06:07.0857 3280 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:06:07.0874 3280 usbohci - ok
11:06:07.0902 3280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:06:07.0938 3280 usbprint - ok
11:06:07.0957 3280 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:06:07.0996 3280 USBSTOR - ok
11:06:08.0072 3280 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:06:08.0108 3280 usbuhci - ok
11:06:08.0138 3280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:06:08.0179 3280 UxSms - ok
11:06:08.0197 3280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:06:08.0205 3280 VaultSvc - ok
11:06:08.0223 3280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:06:08.0231 3280 vdrvroot - ok
11:06:08.0248 3280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:06:08.0300 3280 vds - ok
11:06:08.0331 3280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:06:08.0344 3280 vga - ok
11:06:08.0353 3280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:06:08.0400 3280 VgaSave - ok
11:06:08.0425 3280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:06:08.0438 3280 vhdmp - ok
11:06:08.0452 3280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:06:08.0462 3280 viaide - ok
11:06:08.0474 3280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:06:08.0484 3280 volmgr - ok
11:06:08.0499 3280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:06:08.0512 3280 volmgrx - ok
11:06:08.0524 3280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:06:08.0536 3280 volsnap - ok
11:06:08.0574 3280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:06:08.0593 3280 vsmraid - ok
11:06:08.0654 3280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:06:08.0730 3280 VSS - ok
11:06:08.0762 3280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:06:08.0794 3280 vwifibus - ok
11:06:08.0814 3280 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:06:08.0827 3280 vwififlt - ok
11:06:08.0867 3280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:06:08.0908 3280 W32Time - ok
11:06:08.0934 3280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:06:08.0969 3280 WacomPen - ok
11:06:09.0004 3280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:06:09.0056 3280 WANARP - ok
11:06:09.0059 3280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:06:09.0092 3280 Wanarpv6 - ok
11:06:09.0149 3280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:06:09.0178 3280 WatAdminSvc - ok
11:06:09.0228 3280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:06:09.0309 3280 wbengine - ok
11:06:09.0321 3280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:06:09.0344 3280 WbioSrvc - ok
11:06:09.0358 3280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:06:09.0392 3280 wcncsvc - ok
11:06:09.0409 3280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:06:09.0429 3280 WcsPlugInService - ok
11:06:09.0449 3280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:06:09.0458 3280 Wd - ok
11:06:09.0489 3280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:06:09.0507 3280 Wdf01000 - ok
11:06:09.0532 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:06:09.0619 3280 WdiServiceHost - ok
11:06:09.0622 3280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:06:09.0643 3280 WdiSystemHost - ok
11:06:09.0659 3280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:06:09.0694 3280 WebClient - ok
11:06:09.0718 3280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:06:09.0768 3280 Wecsvc - ok
11:06:09.0798 3280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:06:09.0826 3280 wercplsupport - ok
11:06:09.0837 3280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:06:09.0861 3280 WerSvc - ok
11:06:09.0868 3280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:06:09.0890 3280 WfpLwf - ok
11:06:09.0919 3280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:06:09.0928 3280 WIMMount - ok
11:06:09.0946 3280 WinDefend - ok
11:06:09.0949 3280 WinHttpAutoProxySvc - ok
11:06:09.0999 3280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:06:10.0039 3280 Winmgmt - ok
11:06:10.0099 3280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:06:10.0151 3280 WinRM - ok
11:06:10.0187 3280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:06:10.0208 3280 WinUsb - ok
11:06:10.0229 3280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:06:10.0264 3280 Wlansvc - ok
11:06:10.0294 3280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:06:10.0331 3280 WmiAcpi - ok
11:06:10.0362 3280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:06:10.0396 3280 wmiApSrv - ok
11:06:10.0423 3280 WMPNetworkSvc - ok
11:06:10.0455 3280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:06:10.0480 3280 WPCSvc - ok
11:06:10.0497 3280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:06:10.0532 3280 WPDBusEnum - ok
11:06:10.0562 3280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:06:10.0604 3280 ws2ifsl - ok
11:06:10.0613 3280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:06:10.0648 3280 wscsvc - ok
11:06:10.0650 3280 WSearch - ok
11:06:10.0711 3280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:06:10.0757 3280 wuauserv - ok
11:06:10.0774 3280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:06:10.0795 3280 WudfPf - ok
11:06:10.0806 3280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:06:10.0835 3280 WUDFRd - ok
11:06:10.0854 3280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:06:10.0880 3280 wudfsvc - ok
11:06:10.0913 3280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:06:10.0928 3280 WwanSvc - ok
11:06:10.0932 3280 ================ Scan global ===============================
11:06:10.0968 3280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:06:10.0987 3280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:06:10.0995 3280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:06:11.0018 3280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:06:11.0052 3280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:06:11.0055 3280 [Global] - ok
11:06:11.0056 3280 ================ Scan MBR ==================================
11:06:11.0064 3280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:06:11.0065 3280 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:06:11.0128 3280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:06:11.0129 3280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:06:11.0177 3280 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:06:11.0177 3280 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:06:11.0177 3280 ================ Scan VBR ==================================
11:06:11.0180 3280 [ 96552E9BBFB605801208950E00C474A7 ] \Device\Harddisk0\DR0\Partition1
11:06:11.0181 3280 \Device\Harddisk0\DR0\Partition1 - ok
11:06:11.0182 3280 ============================================================
11:06:11.0182 3280 Scan finished
11:06:11.0182 3280 ============================================================
11:06:11.0192 1784 Detected object count: 2
11:06:11.0192 1784 Actual detected object count: 2
11:08:12.0010 1784 \Device\Harddisk0\DR0\# - copied to quarantine
11:08:12.0012 1784 \Device\Harddisk0\DR0 - copied to quarantine
11:08:12.0036 1784 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:08:12.0046 1784 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:08:12.0053 1784 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:08:12.0054 1784 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:08:12.0054 1784 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:08:12.0056 1784 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:08:12.0057 1784 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:08:12.0059 1784 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:08:12.0060 1784 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:08:12.0062 1784 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:08:12.0063 1784 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:08:12.0095 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:08:12.0096 1784 \Device\Harddisk0\DR0 - ok
11:08:12.0386 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:08:12.0386 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:08:12.0386 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:08:24.0099 2192 Deinitialize success

-------------------------------------------------------------------
 
ComboFix 12-11-29.02 - Dana 11/29/2012 11:18:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7698 [GMT -5:00]
Running from: c:\users\Dana\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 16:22 . 2012-11-29 16:22--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-29 16:08 . 2012-11-29 16:08--------d-----w-C:\TDSSKiller_Quarantine
2012-11-29 14:46 . 2012-11-29 14:46--------d-----w-c:\programdata\Malwarebytes
2012-11-29 14:46 . 2012-11-29 14:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-29 14:46 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-29 13:51 . 2012-11-29 13:51--------d-----w-c:\programdata\FLEXnet
2012-11-29 13:40 . 2012-11-29 13:40--------d-----w-c:\program files (x86)\Autodesk
2012-11-29 13:38 . 2012-11-29 13:38--------d-----w-c:\program files\Common Files\Macrovision Shared
2012-11-29 13:36 . 2012-11-29 13:40--------d-----w-c:\program files\Common Files\Autodesk Shared
2012-11-29 13:36 . 2012-11-29 13:39--------d-----w-c:\program files\Autodesk
2012-11-29 13:34 . 2008-07-10 16:00540688----a-w-c:\windows\system32\d3dx10_39.dll
2012-11-29 13:16 . 2012-11-29 13:51--------d-----w-c:\programdata\Autodesk
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\eula
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\NLSDL
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\zh-CN
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\Setup
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\ja-JP
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\en-US
2012-11-29 13:16 . 2012-03-02 21:15--------d-----w-c:\program files\CER
2012-11-29 13:15 . 2012-03-02 21:15--------d-----w-c:\program files\3rdParty
2012-11-29 13:15 . 2012-03-02 21:15--------d-----w-c:\program files\x64
2012-11-29 13:14 . 2012-11-29 13:14--------d-----w-c:\program files\Locale
2012-11-29 13:14 . 2012-11-29 13:14--------d-----w-c:\program files\Resources
2012-11-29 13:14 . 2012-11-29 13:14--------d-----w-c:\program files\GraphicsData
2012-11-29 13:12 . 2012-11-29 13:12--------d-----w-c:\program files\CommonData
2012-11-29 13:05 . 2012-02-13 20:41314784----a-w-c:\program files\Uninstaller.exe
2012-11-29 04:59 . 2012-11-29 04:59--------d-----w-c:\program files (x86)\Microsoft Silverlight
2012-11-29 04:59 . 2012-11-29 16:11--------d-----w-c:\program files (x86)\Steam
2012-11-29 04:59 . 2012-11-29 13:54--------d-----w-c:\program files (x86)\Common Files\Steam
2012-11-29 04:58 . 2012-11-29 04:58--------d-----w-c:\program files\7-Zip
2012-11-29 04:48 . 2012-11-29 04:48--------d-----w-c:\program files\Speccy
2012-11-29 04:47 . 2012-11-29 04:47--------d-----w-c:\program files (x86)\VideoLAN
2012-11-29 02:49 . 2012-11-29 02:49--------dc----w-c:\windows\system32\DRVSTORE
2012-11-29 02:49 . 2012-08-21 18:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-29 02:47 . 2012-11-29 02:47--------d-----w-c:\program files\iPod
2012-11-29 02:47 . 2012-11-29 02:48--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-29 02:47 . 2012-11-29 02:48--------d-----w-c:\program files (x86)\iTunes
2012-11-29 02:47 . 2012-11-29 02:47--------d-----w-c:\programdata\Apple Computer
2012-11-29 02:47 . 2012-11-29 02:48--------d-----w-c:\program files\iTunes
2012-11-29 02:45 . 2012-11-29 02:45--------d-----w-c:\program files (x86)\Apple Software Update
2012-11-29 02:44 . 2012-11-29 02:44--------d-----w-c:\program files\Common Files\Apple
2012-11-29 02:44 . 2012-11-29 02:44--------d-----w-c:\program files\Bonjour
2012-11-29 02:44 . 2012-11-29 02:44--------d-----w-c:\program files (x86)\Bonjour
2012-11-29 02:43 . 2012-11-29 02:47--------d-----w-c:\program files (x86)\Common Files\Apple
2012-11-29 02:43 . 2012-11-29 02:45--------d-----w-c:\programdata\Apple
2012-11-29 02:21 . 2008-07-31 15:4168616----a-w-c:\windows\SysWow64\XAPOFX1_1.dll
2012-11-29 02:21 . 2008-07-31 15:40509448----a-w-c:\windows\SysWow64\XAudio2_2.dll
2012-11-29 02:21 . 2008-07-12 13:18467984----a-w-c:\windows\SysWow64\d3dx10_39.dll
2012-11-29 02:21 . 2008-07-12 13:183851784----a-w-c:\windows\SysWow64\D3DX9_39.dll
2012-11-29 02:21 . 2008-07-12 13:181493528----a-w-c:\windows\SysWow64\D3DCompiler_39.dll
2012-11-29 02:16 . 2012-11-29 02:16--------d-----w-C:\Riot Games
2012-11-29 02:16 . 2012-11-29 02:16--------d--h--w-c:\program files (x86)\InstallShield Installation Information
2012-11-29 01:42 . 2012-11-29 01:42--------d-----w-c:\program files\CCleaner
2012-11-29 01:24 . 2012-11-29 01:24--------d-----w-c:\program files (x86)\Microsoft.NET
2012-11-29 01:16 . 2012-11-29 03:41--------d-----w-c:\programdata\AVG2013
2012-11-29 01:16 . 2012-11-29 01:16--------d-----w-C:\$AVG
2012-11-29 01:14 . 2012-11-29 01:14--------d-----w-c:\program files (x86)\AVG
2012-11-29 01:06 . 2012-11-29 01:06--------d--h--w-c:\programdata\Common Files
2012-11-29 01:06 . 2012-11-29 14:55--------d-----w-c:\programdata\MFAData
2012-11-29 01:01 . 2012-11-29 01:01--------d-----w-c:\program files\LSI SoftModem
2012-11-29 00:55 . 2012-11-29 15:59--------d-----w-c:\programdata\PMB Files
2012-11-29 00:55 . 2012-11-29 00:55--------d-----w-c:\program files (x86)\Pando Networks
2012-11-29 00:52 . 2012-11-29 13:41--------d-sh--w-c:\windows\Installer
2012-11-29 00:47 . 2012-11-29 00:48--------d-----w-c:\program files (x86)\Google
2012-11-29 00:39 . 2012-11-29 00:39--------d-----w-c:\windows\SysWow64\Wat
2012-11-29 00:39 . 2012-11-29 00:39--------d-----w-c:\windows\system32\Wat
2012-11-29 00:23 . 2012-11-19 06:019125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{90A7E907-D83E-47A3-BCB1-1C16AF602FA3}\mpengine.dll
2012-11-29 00:13 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 00:13 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 00:13 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-29 00:13 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-29 00:02 . 2012-10-30 02:0466395536----a-w-c:\windows\system32\MRT.exe
2012-11-29 00:02 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-29 00:02 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-29 00:02 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-29 00:02 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-29 00:02 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-29 00:02 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 00:02 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 00:01 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-11-29 00:01 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2012-11-29 00:01 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2012-11-29 00:01 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2012-11-29 00:01 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2012-11-28 23:55 . 2011-10-15 06:31723456----a-w-c:\windows\system32\EncDec.dll
2012-11-28 23:54 . 2011-02-18 10:5131232----a-w-c:\windows\system32\prevhost.exe
2012-11-28 23:53 . 2011-10-26 05:251572864----a-w-c:\windows\system32\quartz.dll
2012-11-28 23:51 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2012-11-28 23:51 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2012-11-28 23:51 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2012-11-28 23:51 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-11-28 23:51 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2012-11-28 23:51 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-11-28 23:45 . 2011-11-19 14:5877312----a-w-c:\windows\system32\packager.dll
2012-11-28 23:45 . 2011-11-19 14:0167072----a-w-c:\windows\SysWow64\packager.dll
2012-11-28 23:44 . 2012-11-29 03:46--------d-----w-c:\windows\Panther
2012-11-28 23:33 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
2012-11-28 23:33 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
2012-11-28 23:33 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
2012-11-28 23:33 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
2012-11-28 23:33 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
2012-11-28 23:33 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
2012-11-28 23:33 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
2012-11-28 23:33 . 2012-06-02 20:19186752----a-w-c:\windows\system32\wuwebv.dll
2012-11-28 23:33 . 2012-06-02 20:1536864----a-w-c:\windows\system32\wuapp.exe
2012-11-28 22:05 . 2012-11-29 04:59--------d-----w-c:\users\Dana
2012-11-20 23:37 . 2012-11-20 23:37--------d-----w-C:\Crash
2012-11-20 13:42 . 2012-11-20 13:42960968----a-w-c:\program files\LaunchPad.exe
2012-11-13 00:40 . 2012-11-14 16:36--------d-----w-C:\AdobeTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 18:02 . 2012-10-22 18:02154464----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 23:55135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 23:55350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 23:55561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-15 08:48 . 2012-10-15 08:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
2012-10-11 02:23 . 2012-10-11 02:231867112----a-w-c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:2318252136----a-w-c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2012-10-11 02:231482600----a-w-c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:236127464----a-w-c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:232574696----a-w-c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:2325256296----a-w-c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:237414632----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:232731880----a-w-c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2009-07-13 21:5914922600----a-w-c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:23 . 2012-10-11 02:239146728----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:237697768----a-w-c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:232218344----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:2312501352----a-w-c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:222428776----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:2226331496----a-w-c:\windows\system32\nvoglv64.dll
2012-10-11 02:22 . 2012-10-11 02:221760104----a-w-c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2012-10-11 02:2215309160----a-w-c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:222747240----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:2219906920----a-w-c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:2213443944----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:2217559912----a-w-c:\windows\SysWow64\nvcompiler.dll
2012-10-05 08:32 . 2012-10-05 08:32111456----a-w-c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 18:15 . 2012-10-02 18:15430952----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-10-02 08:30 . 2012-10-02 08:30185696----a-w-c:\windows\system32\drivers\avgldx64.sys
2012-09-21 08:46 . 2012-09-21 08:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
2012-09-14 08:05 . 2012-09-14 08:0540800----a-w-c:\windows\system32\drivers\avgrkx64.sys
2012-09-04 15:39 . 2012-09-04 15:3950296----a-w-c:\windows\system32\drivers\avgfwd6a.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Dana\AppData\Roaming\Spotify\Spotify.exe" [2012-11-29 7880664]
"Spotify Web Helper"="c:\users\Dana\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-29 1199576]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-11-29 1353080]
"Akamai NetSession Interface"="c:\users\Dana\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-21 28791288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-29 1432400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-29 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 55391633
*NewlyCreated* - 78300305
*Deregistered* - 55391633
*Deregistered* - 78300305
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-29 00:47]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-29 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.169.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-55391633.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 11:23:12
ComboFix-quarantined-files.txt 2012-11-29 16:23
.
Pre-Run: 882,157,133,824 bytes free
Post-Run: 882,192,187,392 bytes free
.
- - End Of File - - 9B778C4ACE1EF6FB7786707F77C2DBD4
 
avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-30 14:03:34
-----------------------------
14:03:34.413 OS Version: Windows x64 6.1.7601 Service Pack 1
14:03:34.413 Number of processors: 8 586 0x1A05
14:03:34.413 ComputerName: BARBOBOT-PC UserName: Dana
14:03:36.422 Initialize success
14:05:00.091 AVAST engine defs: 12113000
14:05:20.717 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:05:20.721 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 11
14:05:20.735 Disk 0 MBR read successfully
14:05:20.740 Disk 0 MBR scan
14:05:20.746 Disk 0 Windows 7 default MBR code
14:05:20.751 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
14:05:20.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 938867 MB offset 30722048
14:05:20.790 Disk 0 scanning C:\Windows\system32\drivers
14:05:27.301 Service scanning
14:05:44.732 Modules scanning
14:05:46.776 AVAST engine scan C:\Windows
14:05:50.043 AVAST engine scan C:\Windows\system32
14:08:03.140 AVAST engine scan C:\Windows\system32\drivers
14:08:12.256 AVAST engine scan C:\Users\Dana
14:09:46.797 AVAST engine scan C:\ProgramData
14:09:55.142 Scan finished successfully
14:12:02.099 Disk 0 MBR has been saved successfully to "C:\Users\Dana\Desktop\MBR.dat"
14:12:02.105 The log file has been saved successfully to "C:\Users\Dana\Desktop\aswMBR.txt"

---------------------------------------------------------
 

Attachments

  • MBRscan.txt
    512 bytes · Views: 0
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
C:\TDSSKiller_Quarantine\29.11.2012_11.04.19\mbr0000\tdlfs0000\tsk0000.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.11.2012_11.04.19\mbr0000\tdlfs0000\tsk0001.dtaa variant of Win32/Rootkit.Kryptik.NP trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.11.2012_11.04.19\mbr0000\tdlfs0000\tsk0002.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.11.2012_11.04.19\mbr0000\tdlfs0000\tsk0006.dtaWin32/Olmarik.AFK trojancleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.11.2012_11.04.19\mbr0000\tdlfs0000\tsk0007.dtaWin64/Olmarik.AK trojancleaned by deleting - quarantined
 
I like the looks of that last scan result! Hopefully that means my computer is not sick any more.

Also, other than the slight computer slowdown the only issues I had were that my computer wouldn't shut down properly all the time, and it would blue screen when I tried to open autodesk maya or any of my adobe programs rendering those programs useless and uninstallable/fixable

I'm afraid to do anything else with my computer until you say it's good to go haha
 
I was able to install Maya (which I wasn't able to do before without a bsod occuring) and the program runs flawlessly now, and my computer seems to be running optimally, so as far as I'm concerned everything is excellent!

Thank you so much for your help and guidance. Is there anything else I should do to ensure my computers safety?
 
Please do the following to do just that...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

  • Double-click the CCleaner shortcut on the desktop to start the program.
  • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
  • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back