Solved Win64/Patched.A infection on services.exe

Vibhor · Nov 4, 2012

Hello,

My computer has been infected with Win64/Patched.A and AVG gives up warnings, but can't really delete this thing. Been looking on internet but no help yet. Here's a FRST log file if that helps anyone.

THANKS IN ADVANCE.
--------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
Ran by SYSTEM at 04-11-2012 11:21:26
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [x]
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2188904 2011-04-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe [516216 2010-05-06] (Old McDonald's Farm)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKU\Guest\...\Run: [Google Update] "C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-27] (Google Inc.)
HKU\Vibhor\...\Run: [DKADGmon] "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe" [947520 2012-03-07] ()
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
IMEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\emanual.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\facemgr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fancystart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\liveupdate.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\logmeintoolkit.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\logonmgr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\p4gxui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\vircam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

==================== Services (Whitelisted) ===================

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll [4539200 2012-11-01] (Akamai Technologies, Inc.)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [2230416 2012-01-22] (Giraffic)
2 JTAGServer; C:\altera\11.1\quartus\bin64\jtagserver.exe [272384 2011-10-31] ()
4 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-19] (LogMeIn, Inc.)
4 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-19] (LogMeIn, Inc.)
4 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-12-15] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-09] (TuneUp Software)
4 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [x]

==================== Drivers (Whitelisted) =====================

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 HH10Help.sys; \??\C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software)
1 vdrv1000; C:\Windows\System32\Drivers\vdrv1000.sys [223256 2010-03-25] (H+H Software GmbH)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-01-07] (Jungo)
2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-01-07] (Xilinx, Inc.)
4 bdselfpr; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
4 LMIRfsClientNP; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-03 22:09 - 2012-11-04 00:38 - 00013909 ____A C:\Windows\System32\avgrep.txt
2012-11-03 22:00 - 2012-11-03 22:00 - 00000000 ____D C:\Windows\pss
2012-11-03 21:56 - 2012-11-03 21:56 - 00000019 ____A C:\Users\Vibhor\Desktop\mn.txt
2012-11-03 21:51 - 2012-11-03 21:51 - 00000000 ____D C:\Users\Vibhor\AppData\Local\Ubisoft Game Launcher
2012-11-03 21:44 - 2012-11-03 21:44 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-11-03 20:21 - 2012-11-03 20:21 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-03 19:20 - 2012-11-03 20:04 - 00000000 ____D C:\Users\Vibhor\AppData\Roaming\Real
2012-11-03 19:20 - 2012-11-03 20:04 - 00000000 ____D C:\Program Files (x86)\Real
2012-11-03 19:19 - 2012-11-03 20:04 - 00000000 ____D C:\Users\All Users\Real
2012-11-03 18:22 - 2012-11-03 18:42 - 00000000 ____D C:\Users\Vibhor\Desktop\RAR'
2012-11-03 17:37 - 2012-11-03 17:37 - 00000498 ____A C:\Users\Vibhor\Desktop\Driver San Francisco - Shortcut.lnk
2012-10-05 06:37 - 2012-10-05 06:37 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== 3 Months Modified Files ==================

2012-11-04 08:02 - 2009-07-13 21:13 - 00759018 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-04 07:08 - 2011-11-19 09:42 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000UA.job
2012-11-04 07:03 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-04 07:03 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-04 06:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-04 00:38 - 2012-11-03 22:09 - 00013909 ____A C:\Windows\System32\avgrep.txt
2012-11-03 21:56 - 2012-11-03 21:56 - 00000019 ____A C:\Users\Vibhor\Desktop\mn.txt
2012-11-03 17:37 - 2012-11-03 17:37 - 00000498 ____A C:\Users\Vibhor\Desktop\Driver San Francisco - Shortcut.lnk
2012-11-02 05:27 - 2011-11-19 09:42 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000Core.job
2012-10-10 18:25 - 2011-11-05 15:08 - 00002497 ____A C:\Users\Vibhor\Desktop\Google Chrome.lnk
2012-09-27 20:38 - 2011-12-15 22:32 - 00183112 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-09-24 05:11 - 2012-08-26 06:10 - 00002454 ____A C:\Users\Guest\Desktop\Google Chrome.lnk
2012-09-13 07:08 - 2012-09-13 07:08 - 00000024 ____A C:\Users\Vibhor\Desktop\followup.txt
2012-09-12 14:19 - 2012-06-27 21:05 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-12 14:19 - 2011-11-05 19:19 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-10 08:47 - 2012-06-07 18:34 - 00000967 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-22 19:52 - 2012-08-22 19:52 - 00000970 ____A C:\Users\Public\Desktop\Virtual CD v10.lnk
2012-08-22 19:33 - 2012-07-01 20:22 - 00000697 ____A C:\user.js
2012-08-09 10:02 - 2012-08-09 10:02 - 00000050 ____A C:\Users\Vibhor\Desktop\Nadia Intl Admissns Office.txt

ZeroAccess:
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L\00000004.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000004.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000008.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\000000cb.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000000.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000032.@
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-01 11:49:50
Restore point made on: 2012-08-02 12:08:56

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3874.21 MB
Available physical RAM: 3304.27 MB
Total Pagefile: 3872.36 MB
Available Pagefile: 3299 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:19.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:70.53 GB) NTFS
5 Drive g: (VIBHOR) (Removable) (Total:3.74 GB) (Free:0.52 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 3836 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 31 KB
Partition 2 Primary 116 GB 21 GB
Partition 0 Extended 327 GB 137 GB
Partition 3 Logical 327 GB 137 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 327 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G VIBHOR FAT32 Removable 3827 MB Healthy

*******************************************************

Farbar Recovery Scan Tool (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-04 12:15:11
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\ERDNT\cache64\services.exe
[2012-02-07 15:00] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
=========================================================

Last Boot: 2012-10-26 07:51

==================== End Of Log =============================

Broni · Nov 4, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

=====================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==================================

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Vibhor · Nov 4, 2012

15:05:06.0018 0684 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:05:06.0279 0684 ============================================================
15:05:06.0279 0684 Current date / time: 2012/11/04 15:05:06.0279
15:05:06.0279 0684 SystemInfo:
15:05:06.0279 0684
15:05:06.0280 0684 OS Version: 6.1.7601 ServicePack: 1.0
15:05:06.0280 0684 Product type: Workstation
15:05:06.0280 0684 ComputerName: MYNEWASUS
15:05:06.0280 0684 UserName: Vibhor
15:05:06.0280 0684 Windows directory: C:\Windows
15:05:06.0280 0684 System windows directory: C:\Windows
15:05:06.0280 0684 Running under WOW64
15:05:06.0280 0684 Processor architecture: Intel x64
15:05:06.0280 0684 Number of processors: 4
15:05:06.0280 0684 Page size: 0x1000
15:05:06.0280 0684 Boot type: Normal boot
15:05:06.0280 0684 ============================================================
15:05:06.0989 0684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:05:07.0005 0684 ============================================================
15:05:07.0005 0684 \Device\Harddisk0\DR0:
15:05:07.0005 0684 MBR partitions:
15:05:07.0005 0684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0360
15:05:07.0027 0684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113DA800, BlocksNum 0x28FAB000
15:05:07.0027 0684 ============================================================
15:05:07.0069 0684 C: <-> \Device\Harddisk0\DR0\Partition1
15:05:07.0103 0684 D: <-> \Device\Harddisk0\DR0\Partition2
15:05:07.0103 0684 ============================================================
15:05:07.0103 0684 Initialize success
15:05:07.0103 0684 ============================================================
15:05:35.0934 1668 ============================================================
15:05:35.0934 1668 Scan started
15:05:35.0934 1668 Mode: Manual;
15:05:35.0934 1668 ============================================================
15:05:36.0973 1668 ================ Scan system memory ========================
15:05:36.0973 1668 System memory - ok
15:05:36.0974 1668 ================ Scan services =============================
15:05:37.0165 1668 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:05:37.0170 1668 1394ohci - ok
15:05:37.0198 1668 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:05:37.0204 1668 ACPI - ok
15:05:37.0228 1668 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:05:37.0229 1668 AcpiPmi - ok
15:05:37.0310 1668 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:05:37.0312 1668 AdobeARMservice - ok
15:05:37.0350 1668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:05:37.0361 1668 adp94xx - ok
15:05:37.0375 1668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:05:37.0380 1668 adpahci - ok
15:05:37.0402 1668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:05:37.0406 1668 adpu320 - ok
15:05:37.0440 1668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:05:37.0442 1668 AeLookupSvc - ok
15:05:37.0487 1668 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
15:05:37.0494 1668 AFBAgent - ok
15:05:37.0549 1668 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
15:05:37.0556 1668 AFD - ok
15:05:37.0620 1668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:05:37.0623 1668 agp440 - ok
15:05:37.0778 1668 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll
15:05:37.0779 1668 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
15:05:37.0789 1668 Akamai ( HiddenFile.Multi.Generic ) - warning
15:05:37.0789 1668 Akamai - detected HiddenFile.Multi.Generic (1)
15:05:37.0828 1668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:05:37.0830 1668 ALG - ok
15:05:37.0865 1668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:05:37.0866 1668 aliide - ok
15:05:37.0872 1668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:05:37.0873 1668 amdide - ok
15:05:37.0907 1668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:05:37.0908 1668 AmdK8 - ok
15:05:37.0913 1668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:05:37.0915 1668 AmdPPM - ok
15:05:37.0952 1668 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:05:37.0954 1668 amdsata - ok
15:05:37.0962 1668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:05:37.0965 1668 amdsbs - ok
15:05:37.0983 1668 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:05:37.0984 1668 amdxata - ok
15:05:38.0015 1668 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
15:05:38.0016 1668 AmUStor - ok
15:05:38.0053 1668 [ 27466E519371C6FC3A39B1F7B8A297FC ] androidusb C:\Windows\system32\Drivers\androidusb.sys
15:05:38.0054 1668 androidusb - ok
15:05:38.0085 1668 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:05:38.0088 1668 AppID - ok
15:05:38.0121 1668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:05:38.0122 1668 AppIDSvc - ok
15:05:38.0147 1668 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:05:38.0148 1668 Appinfo - ok
15:05:38.0205 1668 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:05:38.0208 1668 Apple Mobile Device - ok
15:05:38.0262 1668 [ 592F7AE254995274E166EEC95C28F551 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:05:38.0276 1668 Application Updater - ok
15:05:38.0309 1668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:05:38.0311 1668 arc - ok
15:05:38.0318 1668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:05:38.0320 1668 arcsas - ok
15:05:38.0377 1668 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:05:38.0379 1668 ASLDRService - ok
15:05:38.0402 1668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:05:38.0403 1668 AsyncMac - ok
15:05:38.0435 1668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:05:38.0436 1668 atapi - ok
15:05:38.0514 1668 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:05:38.0553 1668 athr - ok
15:05:38.0603 1668 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:05:38.0606 1668 ATKGFNEXSrv - ok
15:05:38.0622 1668 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:05:38.0623 1668 ATKWMIACPIIO_ - ok
15:05:38.0665 1668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:05:38.0674 1668 AudioEndpointBuilder - ok
15:05:38.0688 1668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:05:38.0694 1668 AudioSrv - ok
15:05:38.0861 1668 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:05:39.0004 1668 AVGIDSAgent - ok
15:05:39.0042 1668 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:05:39.0044 1668 AVGIDSDriver - ok
15:05:39.0079 1668 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:05:39.0080 1668 AVGIDSFilter - ok
15:05:39.0103 1668 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:05:39.0104 1668 AVGIDSHA - ok
15:05:39.0150 1668 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:05:39.0154 1668 Avgldx64 - ok
15:05:39.0204 1668 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:05:39.0206 1668 Avgmfx64 - ok
15:05:39.0246 1668 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:05:39.0247 1668 Avgrkx64 - ok
15:05:39.0267 1668 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:05:39.0273 1668 Avgtdia - ok
15:05:39.0337 1668 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:05:39.0342 1668 avgwd - ok
15:05:39.0370 1668 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:05:39.0372 1668 AxInstSV - ok
15:05:39.0401 1668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:05:39.0410 1668 b06bdrv - ok
15:05:39.0438 1668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:05:39.0443 1668 b57nd60a - ok
15:05:39.0499 1668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:05:39.0502 1668 BDESVC - ok
15:05:39.0532 1668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:05:39.0534 1668 Beep - ok
15:05:39.0567 1668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:05:39.0569 1668 blbdrive - ok
15:05:39.0642 1668 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:05:39.0653 1668 Bonjour Service - ok
15:05:39.0692 1668 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:05:39.0696 1668 bowser - ok
15:05:39.0727 1668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:05:39.0729 1668 BrFiltLo - ok
15:05:39.0734 1668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:05:39.0735 1668 BrFiltUp - ok
15:05:39.0760 1668 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:05:39.0762 1668 BridgeMP - ok
15:05:39.0795 1668 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
15:05:39.0798 1668 Browser - ok
15:05:39.0808 1668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:05:39.0813 1668 Brserid - ok
15:05:39.0818 1668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:05:39.0820 1668 BrSerWdm - ok
15:05:39.0829 1668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:05:39.0830 1668 BrUsbMdm - ok
15:05:39.0836 1668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:05:39.0838 1668 BrUsbSer - ok
15:05:39.0889 1668 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:05:39.0891 1668 BthEnum - ok
15:05:39.0906 1668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:05:39.0909 1668 BTHMODEM - ok
15:05:39.0933 1668 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:05:39.0935 1668 BthPan - ok
15:05:39.0963 1668 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:05:39.0971 1668 BTHPORT - ok
15:05:40.0027 1668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:05:40.0029 1668 bthserv - ok
15:05:40.0038 1668 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:05:40.0040 1668 BTHUSB - ok
15:05:40.0045 1668 catchme - ok
15:05:40.0069 1668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:05:40.0072 1668 cdfs - ok
15:05:40.0096 1668 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:05:40.0100 1668 cdrom - ok
15:05:40.0129 1668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:05:40.0131 1668 CertPropSvc - ok
15:05:40.0172 1668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:05:40.0173 1668 circlass - ok
15:05:40.0208 1668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:05:40.0214 1668 CLFS - ok
15:05:40.0294 1668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:40.0300 1668 clr_optimization_v2.0.50727_32 - ok
15:05:40.0353 1668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:05:40.0357 1668 clr_optimization_v2.0.50727_64 - ok
15:05:40.0432 1668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:05:40.0486 1668 clr_optimization_v4.0.30319_32 - ok
15:05:40.0524 1668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:05:40.0529 1668 clr_optimization_v4.0.30319_64 - ok
15:05:40.0550 1668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:05:40.0552 1668 CmBatt - ok
15:05:40.0589 1668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:05:40.0590 1668 cmdide - ok
15:05:40.0636 1668 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
15:05:40.0643 1668 CNG - ok
15:05:40.0699 1668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:05:40.0701 1668 Compbatt - ok
15:05:40.0728 1668 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:05:40.0730 1668 CompositeBus - ok
15:05:40.0735 1668 COMSysApp - ok
15:05:40.0835 1668 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:05:40.0842 1668 cphs - ok
15:05:40.0914 1668 cpuz135 - ok
15:05:40.0956 1668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:05:40.0957 1668 crcdisk - ok
15:05:40.0999 1668 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:05:41.0003 1668 CryptSvc - ok
15:05:41.0045 1668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:05:41.0055 1668 DcomLaunch - ok
15:05:41.0121 1668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:05:41.0126 1668 defragsvc - ok
15:05:41.0157 1668 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:05:41.0159 1668 DfsC - ok
15:05:41.0200 1668 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:05:41.0205 1668 Dhcp - ok
15:05:41.0259 1668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:05:41.0261 1668 discache - ok
15:05:41.0270 1668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:05:41.0273 1668 Disk - ok
15:05:41.0343 1668 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:05:41.0348 1668 Dnscache - ok
15:05:41.0381 1668 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:05:41.0386 1668 dot3svc - ok
15:05:41.0419 1668 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:05:41.0422 1668 DPS - ok
15:05:41.0454 1668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:05:41.0454 1668 drmkaud - ok
15:05:41.0513 1668 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:05:41.0548 1668 DXGKrnl - ok
15:05:41.0596 1668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:05:41.0599 1668 EapHost - ok
15:05:41.0704 1668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:05:41.0830 1668 ebdrv - ok
15:05:41.0862 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:05:41.0864 1668 EFS - ok
15:05:41.0929 1668 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:05:41.0935 1668 ehRecvr - ok
15:05:41.0968 1668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:05:41.0969 1668 ehSched - ok
15:05:42.0004 1668 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
15:05:42.0006 1668 ElbyCDIO - ok
15:05:42.0038 1668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:05:42.0046 1668 elxstor - ok
15:05:42.0072 1668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:05:42.0073 1668 ErrDev - ok
15:05:42.0112 1668 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
15:05:42.0116 1668 ETD - ok
15:05:42.0179 1668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:05:42.0189 1668 EventSystem - ok
15:05:42.0220 1668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:05:42.0223 1668 exfat - ok
15:05:42.0248 1668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:05:42.0251 1668 fastfat - ok
15:05:42.0286 1668 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:05:42.0296 1668 Fax - ok
15:05:42.0318 1668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:05:42.0319 1668 fdc - ok
15:05:42.0336 1668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:05:42.0338 1668 fdPHost - ok
15:05:42.0350 1668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:05:42.0352 1668 FDResPub - ok
15:05:42.0369 1668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:05:42.0371 1668 FileInfo - ok
15:05:42.0384 1668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:05:42.0386 1668 Filetrace - ok
15:05:42.0404 1668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:05:42.0405 1668 flpydisk - ok
15:05:42.0437 1668 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:05:42.0442 1668 FltMgr - ok
15:05:42.0489 1668 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
15:05:42.0524 1668 FontCache - ok
15:05:42.0586 1668 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:05:42.0588 1668 FontCache3.0.0.0 - ok
15:05:42.0619 1668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:05:42.0621 1668 FsDepends - ok
15:05:42.0645 1668 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:05:42.0647 1668 fssfltr - ok
15:05:42.0760 1668 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:05:42.0799 1668 fsssvc - ok
15:05:42.0828 1668 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:05:42.0830 1668 Fs_Rec - ok
15:05:42.0887 1668 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
15:05:42.0890 1668 Futuremark SystemInfo Service - ok
15:05:42.0928 1668 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:05:42.0932 1668 fvevol - ok
15:05:42.0959 1668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:05:42.0961 1668 gagp30kx - ok
15:05:42.0982 1668 Giraffic - ok
15:05:43.0010 1668 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:05:43.0026 1668 gpsvc - ok
15:05:43.0079 1668 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:05:43.0084 1668 gusvc - ok
15:05:43.0110 1668 [ D5FA01185A7D5A65724FD87B34E53F5B ] hcmon C:\Windows\system32\drivers\hcmon.sys
15:05:43.0111 1668 hcmon - ok
15:05:43.0144 1668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:05:43.0146 1668 hcw85cir - ok
15:05:43.0188 1668 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:05:43.0194 1668 HdAudAddService - ok
15:05:43.0224 1668 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:05:43.0226 1668 HDAudBus - ok
15:05:43.0278 1668 [ 62FB29642745DD290910BFD79537FCE0 ] HH10Help.sys C:\Windows\system32\drivers\HH10Help.sys
15:05:43.0280 1668 HH10Help.sys - ok
15:05:43.0303 1668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:05:43.0305 1668 HidBatt - ok
15:05:43.0311 1668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:05:43.0314 1668 HidBth - ok
15:05:43.0323 1668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:05:43.0325 1668 HidIr - ok
15:05:43.0367 1668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:05:43.0369 1668 hidserv - ok
15:05:43.0392 1668 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:05:43.0394 1668 HidUsb - ok
15:05:43.0418 1668 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:05:43.0421 1668 hkmsvc - ok
15:05:43.0447 1668 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:05:43.0452 1668 HomeGroupListener - ok
15:05:43.0495 1668 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:05:43.0500 1668 HomeGroupProvider - ok
15:05:43.0532 1668 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:05:43.0535 1668 HpSAMD - ok
15:05:43.0579 1668 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:05:43.0595 1668 HTTP - ok
15:05:43.0630 1668 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:05:43.0632 1668 hwpolicy - ok
15:05:43.0665 1668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:05:43.0668 1668 i8042prt - ok
15:05:43.0703 1668 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:05:43.0708 1668 iaStor - ok
15:05:43.0749 1668 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:05:43.0755 1668 iaStorV - ok
15:05:43.0844 1668 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:05:43.0878 1668 idsvc - ok
15:05:44.0206 1668 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:05:44.0507 1668 igfx - ok
15:05:44.0547 1668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:05:44.0549 1668 iirsp - ok
15:05:44.0611 1668 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:05:44.0646 1668 IKEEXT - ok
15:05:44.0769 1668 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:05:44.0853 1668 IntcAzAudAddService - ok
15:05:44.0875 1668 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:05:44.0881 1668 IntcDAud - ok
15:05:44.0911 1668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:05:44.0912 1668 intelide - ok
15:05:44.0940 1668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:05:44.0942 1668 intelppm - ok
15:05:44.0961 1668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:05:44.0964 1668 IPBusEnum - ok
15:05:44.0989 1668 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:05:44.0991 1668 IpFilterDriver - ok
15:05:45.0024 1668 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:05:45.0026 1668 IPMIDRV - ok
15:05:45.0055 1668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:05:45.0057 1668 IPNAT - ok
15:05:45.0074 1668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:05:45.0076 1668 IRENUM - ok
15:05:45.0095 1668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:05:45.0096 1668 isapnp - ok
15:05:45.0115 1668 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:05:45.0119 1668 iScsiPrt - ok
15:05:45.0218 1668 [ 040295875FDCBBEF5A3FC2D8996D9875 ] JTAGServer c:\altera\11.1\quartus\bin64\jtagserver.exe
15:05:45.0225 1668 JTAGServer - ok
15:05:45.0257 1668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:05:45.0259 1668 kbdclass - ok
15:05:45.0288 1668 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:05:45.0290 1668 kbdhid - ok
15:05:45.0329 1668 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
15:05:45.0331 1668 kbfiltr - ok
15:05:45.0351 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:05:45.0354 1668 KeyIso - ok
15:05:45.0380 1668 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:05:45.0382 1668 KSecDD - ok
15:05:45.0413 1668 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:05:45.0416 1668 KSecPkg - ok
15:05:45.0440 1668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:05:45.0441 1668 ksthunk - ok
15:05:45.0472 1668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:05:45.0479 1668 KtmRm - ok
15:05:45.0507 1668 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:05:45.0509 1668 L1C - ok
15:05:45.0545 1668 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:05:45.0551 1668 LanmanServer - ok
15:05:45.0572 1668 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:05:45.0577 1668 LanmanWorkstation - ok
15:05:45.0602 1668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:05:45.0603 1668 lltdio - ok
15:05:45.0645 1668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:05:45.0651 1668 lltdsvc - ok
15:05:45.0701 1668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:05:45.0704 1668 lmhosts - ok
15:05:45.0782 1668 [ D55A7D0553C7102F63872936C7A9D9DB ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
15:05:45.0791 1668 LMIGuardianSvc - ok
15:05:45.0851 1668 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
15:05:45.0853 1668 LMIInfo - ok
15:05:45.0893 1668 [ A7D256C8847DF6E88BDDB55F87E54F46 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
15:05:45.0898 1668 LMIMaint - ok
15:05:45.0940 1668 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
15:05:45.0941 1668 lmimirr - ok
15:05:45.0947 1668 LMIRfsClientNP - ok
15:05:45.0960 1668 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
15:05:45.0961 1668 LMIRfsDriver - ok
15:05:46.0009 1668 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:05:46.0015 1668 LMS - ok
15:05:46.0048 1668 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
15:05:46.0054 1668 LogMeIn - ok
15:05:46.0085 1668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:05:46.0088 1668 LSI_FC - ok
15:05:46.0099 1668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:05:46.0101 1668 LSI_SAS - ok
15:05:46.0111 1668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:05:46.0113 1668 LSI_SAS2 - ok
15:05:46.0123 1668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:05:46.0125 1668 LSI_SCSI - ok
15:05:46.0147 1668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:05:46.0149 1668 luafv - ok
15:05:46.0222 1668 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
15:05:46.0226 1668 McComponentHostService - ok
15:05:46.0266 1668 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:05:46.0270 1668 Mcx2Svc - ok
15:05:46.0306 1668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:05:46.0308 1668 megasas - ok
15:05:46.0319 1668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:05:46.0324 1668 MegaSR - ok
15:05:46.0349 1668 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:05:46.0351 1668 MEIx64 - ok
15:05:46.0384 1668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:05:46.0387 1668 MMCSS - ok
15:05:46.0401 1668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:05:46.0402 1668 Modem - ok
15:05:46.0411 1668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:05:46.0413 1668 monitor - ok
15:05:46.0432 1668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:05:46.0433 1668 mouclass - ok
15:05:46.0455 1668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:05:46.0456 1668 mouhid - ok
15:05:46.0493 1668 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:05:46.0495 1668 mountmgr - ok
15:05:46.0551 1668 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:05:46.0554 1668 MozillaMaintenance - ok
15:05:46.0590 1668 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:05:46.0594 1668 mpio - ok
15:05:46.0617 1668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:05:46.0619 1668 mpsdrv - ok
15:05:46.0647 1668 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:05:46.0650 1668 MRxDAV - ok
15:05:46.0685 1668 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:05:46.0688 1668 mrxsmb - ok
15:05:46.0709 1668 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:05:46.0714 1668 mrxsmb10 - ok
15:05:46.0728 1668 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:05:46.0730 1668 mrxsmb20 - ok
15:05:46.0758 1668 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:05:46.0760 1668 msahci - ok
15:05:46.0789 1668 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:05:46.0792 1668 msdsm - ok
15:05:46.0813 1668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:05:46.0818 1668 MSDTC - ok
15:05:46.0866 1668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:05:46.0868 1668 Msfs - ok
15:05:46.0890 1668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:05:46.0892 1668 mshidkmdf - ok
15:05:46.0921 1668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:05:46.0922 1668 msisadrv - ok
15:05:46.0952 1668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:05:46.0956 1668 MSiSCSI - ok
15:05:46.0965 1668 msiserver - ok
15:05:46.0999 1668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV

Vibhor · Nov 4, 2012

C:\Windows\system32\drivers\MSKSSRV.sys
15:05:47.0000 1668 MSKSSRV - ok
15:05:47.0019 1668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:05:47.0020 1668 MSPCLOCK - ok
15:05:47.0026 1668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:05:47.0028 1668 MSPQM - ok
15:05:47.0054 1668 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:05:47.0059 1668 MsRPC - ok
15:05:47.0096 1668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:05:47.0097 1668 mssmbios - ok
15:05:47.0114 1668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:05:47.0115 1668 MSTEE - ok
15:05:47.0132 1668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:05:47.0133 1668 MTConfig - ok
15:05:47.0147 1668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:05:47.0149 1668 Mup - ok
15:05:47.0182 1668 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:05:47.0190 1668 napagent - ok
15:05:47.0214 1668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:05:47.0219 1668 NativeWifiP - ok
15:05:47.0321 1668 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
15:05:47.0332 1668 NAUpdate - ok
15:05:47.0403 1668 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:05:47.0437 1668 NDIS - ok
15:05:47.0465 1668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:05:47.0466 1668 NdisCap - ok
15:05:47.0480 1668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:05:47.0481 1668 NdisTapi - ok
15:05:47.0507 1668 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:05:47.0508 1668 Ndisuio - ok
15:05:47.0534 1668 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:05:47.0537 1668 NdisWan - ok
15:05:47.0570 1668 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:05:47.0572 1668 NDProxy - ok
15:05:47.0609 1668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:05:47.0611 1668 NetBIOS - ok
15:05:47.0651 1668 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:05:47.0654 1668 NetBT - ok
15:05:47.0673 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:05:47.0674 1668 Netlogon - ok
15:05:47.0704 1668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:05:47.0711 1668 Netman - ok
15:05:47.0754 1668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:05:47.0767 1668 netprofm - ok
15:05:47.0798 1668 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:47.0800 1668 NetTcpPortSharing - ok
15:05:47.0835 1668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:05:47.0836 1668 nfrd960 - ok
15:05:47.0878 1668 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:05:47.0885 1668 NlaSvc - ok
15:05:47.0923 1668 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
15:05:47.0924 1668 NPF - ok
15:05:47.0950 1668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:05:47.0952 1668 Npfs - ok
15:05:47.0984 1668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:05:47.0987 1668 nsi - ok
15:05:48.0006 1668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:05:48.0007 1668 nsiproxy - ok
15:05:48.0074 1668 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:05:48.0125 1668 Ntfs - ok
15:05:48.0172 1668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:05:48.0173 1668 Null - ok
15:05:48.0207 1668 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:05:48.0210 1668 nvraid - ok
15:05:48.0228 1668 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:05:48.0231 1668 nvstor - ok
15:05:48.0255 1668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:05:48.0256 1668 nv_agp - ok
15:05:48.0289 1668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:05:48.0291 1668 ohci1394 - ok
15:05:48.0348 1668 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:05:48.0351 1668 ose - ok
15:05:48.0514 1668 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:05:48.0663 1668 osppsvc - ok
15:05:48.0699 1668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:05:48.0704 1668 p2pimsvc - ok
15:05:48.0734 1668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:05:48.0743 1668 p2psvc - ok
15:05:48.0773 1668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:05:48.0775 1668 Parport - ok
15:05:48.0811 1668 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:05:48.0813 1668 partmgr - ok
15:05:48.0840 1668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:05:48.0845 1668 PcaSvc - ok
15:05:48.0867 1668 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:05:48.0871 1668 pci - ok
15:05:48.0908 1668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:05:48.0909 1668 pciide - ok
15:05:48.0942 1668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:05:48.0946 1668 pcmcia - ok
15:05:48.0971 1668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:05:48.0973 1668 pcw - ok
15:05:49.0010 1668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:05:49.0020 1668 PEAUTH - ok
15:05:49.0124 1668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:05:49.0127 1668 PerfHost - ok
15:05:49.0218 1668 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:05:49.0253 1668 pla - ok
15:05:49.0283 1668 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:05:49.0291 1668 PlugPlay - ok
15:05:49.0320 1668 [ FE74BA87CDAA80AC9261F49167F0608A ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
15:05:49.0321 1668 pneteth - ok
15:05:49.0327 1668 PnkBstrA - ok
15:05:49.0361 1668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:05:49.0364 1668 PNRPAutoReg - ok
15:05:49.0387 1668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:05:49.0392 1668 PNRPsvc - ok
15:05:49.0438 1668 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:05:49.0444 1668 PolicyAgent - ok
15:05:49.0486 1668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:05:49.0491 1668 Power - ok
15:05:49.0517 1668 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:05:49.0520 1668 PptpMiniport - ok
15:05:49.0556 1668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:05:49.0559 1668 Processor - ok
15:05:49.0605 1668 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
15:05:49.0612 1668 ProfSvc - ok
15:05:49.0628 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:05:49.0631 1668 ProtectedStorage - ok
15:05:49.0661 1668 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:05:49.0663 1668 Psched - ok
15:05:49.0712 1668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:05:49.0746 1668 ql2300 - ok
15:05:49.0765 1668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:05:49.0768 1668 ql40xx - ok
15:05:49.0798 1668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:05:49.0805 1668 QWAVE - ok
15:05:49.0823 1668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:05:49.0824 1668 QWAVEdrv - ok
15:05:49.0840 1668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:05:49.0841 1668 RasAcd - ok
15:05:49.0882 1668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:05:49.0884 1668 RasAgileVpn - ok
15:05:49.0925 1668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:05:49.0929 1668 RasAuto - ok
15:05:49.0956 1668 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:05:49.0959 1668 Rasl2tp - ok
15:05:50.0012 1668 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:05:50.0020 1668 RasMan - ok
15:05:50.0063 1668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:05:50.0065 1668 RasPppoe - ok
15:05:50.0086 1668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:05:50.0088 1668 RasSstp - ok
15:05:50.0122 1668 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:05:50.0127 1668 rdbss - ok
15:05:50.0155 1668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:05:50.0156 1668 rdpbus - ok
15:05:50.0177 1668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:05:50.0178 1668 RDPCDD - ok
15:05:50.0198 1668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:05:50.0200 1668 RDPENCDD - ok
15:05:50.0239 1668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:05:50.0240 1668 RDPREFMP - ok
15:05:50.0270 1668 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:05:50.0274 1668 RDPWD - ok
15:05:50.0304 1668 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:05:50.0308 1668 rdyboost - ok
15:05:50.0359 1668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:05:50.0363 1668 RemoteAccess - ok
15:05:50.0385 1668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:05:50.0390 1668 RemoteRegistry - ok
15:05:50.0421 1668 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:05:50.0424 1668 RFCOMM - ok
15:05:50.0470 1668 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
15:05:50.0473 1668 rpcapd - ok
15:05:50.0498 1668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:05:50.0502 1668 RpcEptMapper - ok
15:05:50.0527 1668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:05:50.0530 1668 RpcLocator - ok
15:05:50.0566 1668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:05:50.0572 1668 RpcSs - ok
15:05:50.0594 1668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:05:50.0596 1668 rspndr - ok
15:05:50.0647 1668 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce

Vibhor · Nov 4, 2012

C:\Windows\system32\DRIVERS\rtl8192Ce.sys
15:05:50.0680 1668 RTL8192Ce - ok
15:05:50.0717 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:05:50.0722 1668 SamSs - ok
15:05:50.0757 1668 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:05:50.0759 1668 sbp2port - ok
15:05:50.0795 1668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:05:50.0801 1668 SCardSvr - ok
15:05:50.0833 1668 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:05:50.0835 1668 scfilter - ok
15:05:50.0893 1668 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:05:50.0927 1668 Schedule - ok
15:05:50.0962 1668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:05:50.0964 1668 SCPolicySvc - ok
15:05:50.0989 1668 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:05:50.0995 1668 SDRSVC - ok
15:05:51.0033 1668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:05:51.0034 1668 secdrv - ok
15:05:51.0072 1668 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:05:51.0076 1668 seclogon - ok
15:05:51.0105 1668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:05:51.0108 1668 SENS - ok
15:05:51.0124 1668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:05:51.0127 1668 SensrSvc - ok
15:05:51.0151 1668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:05:51.0153 1668 Serenum - ok
15:05:51.0163 1668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:05:51.0166 1668 Serial - ok
15:05:51.0199 1668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:05:51.0200 1668 sermouse - ok
15:05:51.0255 1668 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:05:51.0259 1668 SessionEnv - ok
15:05:51.0291 1668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:05:51.0292 1668 sffdisk - ok
15:05:51.0299 1668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:05:51.0300 1668 sffp_mmc - ok
15:05:51.0309 1668 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:05:51.0310 1668 sffp_sd - ok
15:05:51.0344 1668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:05:51.0345 1668 sfloppy - ok
15:05:51.0427 1668 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:05:51.0435 1668 ShellHWDetection - ok
15:05:51.0444 1668 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
15:05:51.0446 1668 SiSGbeLH - ok
15:05:51.0470 1668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:05:51.0472 1668 SiSRaid2 - ok
15:05:51.0481 1668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:05:51.0483 1668 SiSRaid4 - ok
15:05:51.0493 1668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:05:51.0495 1668 Smb - ok
15:05:51.0529 1668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:05:51.0531 1668 SNMPTRAP - ok
15:05:51.0547 1668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:05:51.0548 1668 spldr - ok
15:05:51.0580 1668 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
15:05:51.0596 1668 Spooler - ok
15:05:51.0711 1668 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:05:51.0841 1668 sppsvc - ok
15:05:51.0897 1668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:05:51.0901 1668 sppuinotify - ok
15:05:51.0945 1668 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:05:51.0952 1668 srv - ok
15:05:51.0974 1668 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:05:51.0980 1668 srv2 - ok
15:05:51.0992 1668 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:05:51.0995 1668 srvnet - ok
15:05:52.0013 1668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:05:52.0017 1668 SSDPSRV - ok
15:05:52.0042 1668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:05:52.0045 1668 SstpSvc - ok
15:05:52.0074 1668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:05:52.0078 1668 stexstor - ok
15:05:52.0110 1668 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:05:52.0118 1668 stisvc - ok
15:05:52.0156 1668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:05:52.0158 1668 swenum - ok
15:05:52.0202 1668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:05:52.0210 1668 swprv - ok
15:05:52.0268 1668 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:05:52.0312 1668 SysMain - ok
15:05:52.0347 1668 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:05:52.0351 1668 TabletInputService - ok
15:05:52.0377 1668 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:05:52.0383 1668 TapiSrv - ok
15:05:52.0413 1668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:05:52.0415 1668 TBS - ok
15:05:52.0487 1668 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:05:52.0532 1668 Tcpip - ok
15:05:52.0573 1668 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:05:52.0585 1668 TCPIP6 - ok
15:05:52.0621 1668 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:05:52.0623 1668 tcpipreg - ok
15:05:52.0668 1668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:05:52.0669 1668 TDPIPE - ok
15:05:52.0679 1668 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:05:52.0680 1668 TDTCP - ok
15:05:52.0716 1668 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:05:52.0719 1668 tdx - ok
15:05:52.0820 1668 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:05:52.0838 1668 TeamViewer7 - ok
15:05:52.0866 1668 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:05:52.0867 1668 TermDD - ok
15:05:52.0917 1668 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:05:52.0933 1668 TermService - ok
15:05:52.0966 1668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:05:52.0968 1668 Themes - ok
15:05:53.0005 1668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:05:53.0008 1668 THREADORDER - ok
15:05:53.0036 1668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:05:53.0041 1668 TrkWks - ok
15:05:53.0089 1668 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:05:53.0093 1668 TrustedInstaller - ok
15:05:53.0136 1668 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:05:53.0137 1668 tssecsrv - ok
15:05:53.0170 1668 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:05:53.0172 1668 TsUsbFlt - ok
15:05:53.0302 1668 [ DAFEEE8F55E0FA1567E734299AC0AF06 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
15:05:53.0365 1668 TuneUp.UtilitiesSvc - ok
15:05:53.0396 1668 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
15:05:53.0398 1668 TuneUpUtilitiesDrv - ok
15:05:53.0440 1668 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:05:53.0442 1668 tunnel - ok
15:05:53.0476 1668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:05:53.0478 1668 uagp35 - ok
15:05:53.0516 1668 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:05:53.0522 1668 udfs - ok
15:05:53.0584 1668 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
15:05:53.0588 1668 ufad-ws60 - ok
15:05:53.0642 1668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:05:53.0646 1668 UI0Detect - ok
15:05:53.0677 1668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:05:53.0678 1668 uliagpkx - ok
15:05:53.0707 1668 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:05:53.0709 1668 umbus - ok
15:05:53.0742 1668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:05:53.0743 1668 UmPass - ok
15:05:53.0876 1668 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:05:53.0899 1668 UNS - ok
15:05:53.0961 1668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:05:53.0966 1668 upnphost - ok
15:05:54.0000 1668 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:05:54.0002 1668 USBAAPL64 - ok
15:05:54.0029 1668 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:05:54.0031 1668 usbccgp - ok
15:05:54.0068 1668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:05:54.0070 1668 usbcir - ok
15:05:54.0114 1668 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:05:54.0116 1668 usbehci - ok
15:05:54.0139 1668 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:05:54.0145 1668 usbhub - ok
15:05:54.0170 1668 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:05:54.0172 1668 usbohci - ok
15:05:54.0224 1668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:05:54.0226 1668 usbprint - ok
15:05:54.0279 1668 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:05:54.0281 1668 usbscan - ok
15:05:54.0310 1668 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:05:54.0312 1668 USBSTOR - ok
15:05:54.0331 1668 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:05:54.0333 1668 usbuhci - ok
15:05:54.0376 1668 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:05:54.0379 1668 usbvideo - ok
15:05:54.0415 1668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:05:54.0419 1668 UxSms - ok
15:05:54.0462 1668 [ ED551A5FA7DC414B050A1D7D55E56674 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
15:05:54.0468 1668 UxTuneUp - ok
15:05:54.0496 1668 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:05:54.0499 1668 VaultSvc - ok
15:05:54.0842 1668 [ D269E71B969DCDC731D9874DB937B2A9 ] VC10SecS D:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
15:05:54.0845 1668 VC10SecS - ok
15:05:54.0927 1668 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
15:05:54.0930 1668 vcd10bus - ok
15:05:54.0973 1668 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
15:05:54.0975 1668 VClone - ok
15:05:54.0989 1668 Suspicious service (NoAccess): vdrv1000
15:05:55.0059 1668 [ 091EC06D96FF191ED889A65BFCCEDACD ] vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys
15:05:55.0087 1668 vdrv1000 ( LockedService.Multi.Generic ) - warning
15:05:55.0087 1668 vdrv1000 - detected LockedService.Multi.Generic (1)
15:05:55.0121 1668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:05:55.0122 1668 vdrvroot - ok
15:05:55.0164 1668 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:05:55.0174 1668 vds - ok
15:05:55.0212 1668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:55.0214 1668 vga - ok
15:05:55.0238 1668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:05:55.0239 1668 VgaSave - ok
15:05:55.0305 1668 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:05:55.0310 1668 vhdmp - ok
15:05:55.0354 1668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:05:55.0355 1668 viaide - ok
15:05:55.0388 1668 [ 7AC6239C65DADE55DEFD573B98616C3F ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:05:55.0390 1668 VMAuthdService - ok
15:05:55.0424 1668 [ 312AEC23A85424543AF898A59209B479 ] vmci C:\Windows\system32\drivers\vmci.sys
15:05:55.0426 1668 vmci - ok
15:05:55.0457 1668 [ FFC30CAEEB2FC5FEE8568CFF74EDEAED ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
15:05:55.0459 1668 vmkbd - ok
15:05:55.0477 1668 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:05:55.0481 1668 VMnetAdapter - ok
15:05:55.0494 1668 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:05:55.0496 1668 VMnetBridge - ok
15:05:55.0507 1668 VMnetDHCP - ok
15:05:55.0527 1668 [ 56D547BFC3F1619FA82EC9EF5D24E802 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
15:05:55.0529 1668 VMnetuserif - ok
15:05:55.0555 1668 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
15:05:55.0556 1668 vmusb - ok
15:05:55.0634 1668 [ 19368F7C4DC6EF444B826249FC8A0E30 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
15:05:55.0645 1668 VMUSBArbService - ok
15:05:55.0669 1668 VMware NAT Service - ok
15:05:55.0713 1668 [ 62CD5A87FDE14701506D4E0DD8F13D2E ] vmx86 C:\Windows\system32\drivers\vmx86.sys
15:05:55.0715 1668 vmx86 - ok
15:05:55.0750 1668 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:05:55.0751 1668 volmgr - ok
15:05:55.0792 1668 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:05:55.0797 1668 volmgrx - ok
15:05:55.0823 1668 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:05:55.0828 1668 volsnap - ok
15:05:55.0864 1668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:05:55.0866 1668 vsmraid - ok
15:05:55.0942 1668 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:05:56.0008 1668 VSS - ok
15:05:56.0055 1668 [ E61C910E2DDF4797C1B1F9239636E894 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
15:05:56.0057 1668 vstor2-ws60 - ok
15:05:56.0073 1668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:05:56.0075 1668 vwifibus - ok
15:05:56.0110 1668 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:05:56.0112 1668 vwififlt - ok
15:05:56.0134 1668 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:05:56.0135 1668 vwifimp - ok
15:05:56.0163 1668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:05:56.0171 1668 W32Time - ok
15:05:56.0210 1668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:05:56.0211 1668 WacomPen - ok
15:05:56.0256 1668 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:05:56.0258 1668 WANARP - ok
15:05:56.0271 1668 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:05:56.0272 1668 Wanarpv6 - ok
15:05:56.0374 1668 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:05:56.0404 1668 WatAdminSvc - ok
15:05:56.0479 1668 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:05:56.0535 1668 wbengine - ok
15:05:56.0576 1668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:05:56.0582 1668 WbioSrvc - ok
15:05:56.0618 1668 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:05:56.0625 1668 wcncsvc - ok
15:05:56.0645 1668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:05:56.0649 1668 WcsPlugInService - ok
15:05:56.0680 1668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:05:56.0681 1668 Wd - ok
15:05:56.0717 1668 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:05:56.0726 1668 Wdf01000 - ok
15:05:56.0759 1668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:05:56.0768 1668 WdiServiceHost - ok
15:05:56.0785 1668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:05:56.0788 1668 WdiSystemHost - ok
15:05:56.0837 1668 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:05:56.0843 1668 WebClient - ok
15:05:56.0863 1668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:05:56.0871 1668 Wecsvc - ok
15:05:56.0886 1668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:05:56.0890 1668 wercplsupport - ok
15:05:56.0909 1668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:05:56.0913 1668 WerSvc - ok
15:05:56.0939 1668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:56.0941 1668 WfpLwf - ok
15:05:56.0973 1668 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:05:56.0976 1668 WimFltr - ok
15:05:57.0000 1668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:05:57.0001 1668 WIMMount - ok
15:05:57.0063 1668 [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
15:05:57.0070 1668 WinDriver6 - ok
15:05:57.0082 1668 WinHttpAutoProxySvc - ok
15:05:57.0153 1668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:05:57.0159 1668 Winmgmt - ok
15:05:57.0230 1668 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:05:57.0277 1668 WinRM - ok
15:05:57.0330 1668 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:05:57.0331 1668 WinUsb - ok
15:05:57.0379 1668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:05:57.0399 1668 Wlansvc - ok
15:05:57.0464 1668 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:05:57.0466 1668 wlcrasvc - ok
15:05:57.0541 1668 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:57.0599 1668 wlidsvc - ok
15:05:57.0642 1668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:05:57.0643 1668 WmiAcpi - ok
15:05:57.0687 1668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:05:57.0691 1668 wmiApSrv - ok
15:05:57.0724 1668 WMPNetworkSvc - ok
15:05:57.0764 1668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:05:57.0767 1668 WPCSvc - ok
15:05:57.0799 1668 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:05:57.0805 1668 WPDBusEnum - ok
15:05:57.0832 1668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:05:57.0833 1668 ws2ifsl - ok
15:05:57.0843 1668 WSearch - ok
15:05:57.0894 1668 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:05:57.0896 1668 WudfPf - ok
15:05:57.0955 1668 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:57.0958 1668 WUDFRd - ok
15:05:57.0987 1668 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:05:57.0991 1668 wudfsvc - ok
15:05:58.0020 1668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:05:58.0026 1668 WwanSvc - ok
15:05:58.0051 1668 [ 0D7D5DEF542CF01AD9665F398A0D0C78 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
15:05:58.0053 1668 XilinxPC4Driver - ok
15:05:58.0134 1668 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:05:58.0139 1668 YahooAUService - ok
15:05:58.0241 1668 ================ Scan global ===============================
15:05:58.0302 1668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:05:58.0342 1668 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:05:58.0376 1668 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:05:58.0420 1668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:05:58.0465 1668 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
15:05:58.0475 1668 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
15:05:58.0476 1668 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
15:05:58.0477 1668 ================ Scan MBR ==================================
15:05:58.0498 1668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:05:58.0803 1668 \Device\Harddisk0\DR0 - ok
15:05:58.0804 1668 ================ Scan VBR ==================================
15:05:58.0809 1668 [ D628A5B03AC9AD122DB839FD35C5BE9F ] \Device\Harddisk0\DR0\Partition1
15:05:58.0812 1668 \Device\Harddisk0\DR0\Partition1 - ok
15:05:58.0827 1668 [ D40E67A965CC2BBCB2CA195EE2B20A3C ] \Device\Harddisk0\DR0\Partition2
15:05:58.0829 1668 \Device\Harddisk0\DR0\Partition2 - ok
15:05:58.0829 1668 ============================================================
15:05:58.0829 1668 Scan finished
15:05:58.0829 1668 ============================================================
15:05:58.0841 0752 Detected object count: 3
15:05:58.0841 0752 Actual detected object count: 3
15:06:31.0111 0752 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:06:31.0111 0752 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:06:31.0111 0752 vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
15:06:31.0112 0752 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip
15:06:31.0188 0752 C:\Windows\system32\services.exe - copied to quarantine
15:06:31.0636 0752 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
15:06:31.0657 0752 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
15:06:31.0931 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\@ - copied to quarantine
15:06:31.0945 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L\00000004.@ - copied to quarantine
15:06:31.0947 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L\201d3dde - copied to quarantine
15:06:31.0949 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000004.@ - copied to quarantine
15:06:31.0952 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000008.@ - copied to quarantine
15:06:31.0954 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\000000cb.@ - copied to quarantine
15:06:31.0956 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000000.@ - copied to quarantine
15:06:31.0958 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000032.@ - copied to quarantine
15:06:31.0959 0752 C:\Windows\installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000064.@ - copied to quarantine
15:09:08.0691 0752 Backup copy not found, trying to cure infected file..
15:09:08.0692 0752 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
15:09:08.0692 0752 C:\Windows\system32\services.exe - processing error
15:09:08.0692 0752 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

Vibhor · Nov 4, 2012

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vibhor [Admin rights]
Mode : Scan -- Date : 11/04/2012 15:11:30
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0RT1 +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11042012_02d1511.txt >>
RKreport[1]_S_11042012_02d1511.txt
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vibhor [Admin rights]
Mode : Remove -- Date : 11/04/2012 15:14:22
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\ERDNT\cache64\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0RT1 +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11042012_02d1514.txt >>
RKreport[1]_S_11042012_02d1511.txt ; RKreport[2]_D_11042012_02d1514.txt
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/--/-/-/-/-/-/-/-/-/-/-/-/-
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vibhor [Admin rights]
Mode : Remove -- Date : 11/04/2012 15:15:07
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U --> ERROR [0x5]
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\ERDNT\cache64\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0RT1 +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_11042012_02d1515.txt >>
RKreport[1]_S_11042012_02d1511.txt ; RKreport[2]_D_11042012_02d1514.txt ; RKreport[3]_D_11042012_02d1515.txt

Vibhor · Nov 4, 2012

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.04.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vibhor :: MYNEWASUS [administrator]
Protection: Enabled
11/4/2012 3:23:44 PM
mbam-log-2012-11-04 (15-23-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226524
Time elapsed: 6 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Vibhor\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Vibhor\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
(end)

Vibhor · Nov 4, 2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-04 15:37:34
-----------------------------
15:37:34.372 OS Version: Windows x64 6.1.7601 Service Pack 1
15:37:34.372 Number of processors: 4 586 0x2A07
15:37:34.372 ComputerName: MYNEWASUS UserName: Vibhor
15:37:35.339 Initialize success
15:38:50.188 AVAST engine defs: 12110400
15:39:08.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:39:08.144 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:39:08.175 Disk 0 MBR read successfully
15:39:08.175 Disk 0 MBR scan
15:39:08.191 Disk 0 Windows 7 default MBR code
15:39:08.191 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
15:39:08.222 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 45062325
15:39:08.222 Disk 0 Partition - 00 0F Extended LBA 335703 MB offset 289251328
15:39:08.253 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 335702 MB offset 289253376
15:39:08.284 Disk 0 scanning C:\Windows\system32\drivers
15:39:21.794 Service scanning
15:40:03.805 Service vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys **LOCKED**
15:40:03.930 Service vdrvroot C:\Windows\system32\drivers\vdrvroot.sys **LOCKED**
15:40:04.054 Service vga C:\Windows\system32\DRIVERS\vgapnp.sys **LOCKED**
15:40:04.086 Service VgaSave C:\Windows\System32\drivers\vga.sys **LOCKED**
15:40:04.148 Service vhdmp C:\Windows\system32\drivers\vhdmp.sys **LOCKED**
15:40:04.273 Service viaide C:\Windows\system32\drivers\viaide.sys **LOCKED**
15:40:04.507 Service vmci C:\Windows\system32\drivers\vmci.sys **LOCKED**
15:40:04.632 Service vmkbd C:\Windows\system32\drivers\VMkbd.sys **LOCKED**
15:40:04.772 Service VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys **LOCKED**
15:40:04.897 Service VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys **LOCKED**
15:40:04.944 Service VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys **LOCKED**
15:40:05.068 Service vmusb C:\Windows\System32\Drivers\vmusb.sys **LOCKED**
15:40:05.349 Service vmx86 C:\Windows\system32\drivers\vmx86.sys **LOCKED**
15:40:05.458 Service volmgr C:\Windows\system32\drivers\volmgr.sys **LOCKED**
15:40:05.630 Service volmgrx C:\Windows\System32\drivers\volmgrx.sys **LOCKED**
15:40:05.786 Service volsnap C:\Windows\system32\drivers\volsnap.sys **LOCKED**
15:40:05.911 Service vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys **LOCKED**
15:40:06.207 Service vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys **LOCKED**
15:40:06.348 Service vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys **LOCKED**
15:40:06.410 Service vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys **LOCKED**
15:40:06.441 Service vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys **LOCKED**
15:40:06.550 Service WacomPen C:\Windows\system32\DRIVERS\wacompen.sys **LOCKED**
15:40:06.597 Service WANARP C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED**
15:40:06.628 Service Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys **LOCKED**
15:40:07.440 Service Wd C:\Windows\system32\DRIVERS\wd.sys **LOCKED**
15:40:07.596 Service Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys **LOCKED**
15:40:07.876 Service WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys **LOCKED**
15:40:08.110 Service WinDriver6 C:\Windows\system32\drivers\windrvr6.sys **LOCKED**
15:40:08.578 Service Winsock C:\Windows\System32\Drivers\Winsock.sys **LOCKED**
15:40:08.719 Service WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys **LOCKED**
15:40:09.187 Service WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys **LOCKED**
15:40:09.405 Service ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys **LOCKED**
15:40:09.546 Service WudfPf C:\Windows\system32\drivers\WudfPf.sys **LOCKED**
15:40:09.608 Service WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys **LOCKED**
15:40:09.733 Service XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys **LOCKED**
15:40:10.404 Modules scanning
15:40:10.419 Disk 0 trace - called modules:
15:40:10.466 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:40:10.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d78060]
15:40:10.497 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80049e6e40]
15:40:10.513 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e9050]
15:40:11.776 AVAST engine scan C:\Windows
15:40:15.661 AVAST engine scan C:\Windows\system32
15:47:26.206 AVAST engine scan C:\Windows\system32\drivers
15:47:41.369 AVAST engine scan C:\Users\Vibhor
15:56:35.046 AVAST engine scan C:\ProgramData
16:01:36.548 Scan finished successfully
18:30:33.497 Disk 0 MBR has been saved successfully to "C:\Users\Vibhor\Desktop\MBR.dat"
18:30:33.497 The log file has been saved successfully to "C:\Users\Vibhor\Desktop\aswMBR.txt"

Broni · Nov 4, 2012

Please do NOT make posts in different colors.
I still need Fixlog.txt log.

Vibhor · Nov 5, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2012
Ran by SYSTEM at 2012-11-05 10:05:20 Run:2
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb} not found.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Broni · Nov 5, 2012

I'm not sure it you ran all steps in proper order so I'd like to see fresh logs from following tools:
- TDSSKiller
- RogueKIller
- MBAM

Vibhor · Nov 5, 2012

19:56:29.0321 3484 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:56:29.0620 3484 ============================================================
19:56:29.0621 3484 Current date / time: 2012/11/05 19:56:29.0620
19:56:29.0621 3484 SystemInfo:
19:56:29.0621 3484
19:56:29.0621 3484 OS Version: 6.1.7601 ServicePack: 1.0
19:56:29.0621 3484 Product type: Workstation
19:56:29.0621 3484 ComputerName: MYNEWASUS
19:56:29.0621 3484 UserName: Vibhor
19:56:29.0621 3484 Windows directory: C:\Windows
19:56:29.0621 3484 System windows directory: C:\Windows
19:56:29.0621 3484 Running under WOW64
19:56:29.0621 3484 Processor architecture: Intel x64
19:56:29.0621 3484 Number of processors: 4
19:56:29.0621 3484 Page size: 0x1000
19:56:29.0621 3484 Boot type: Normal boot
19:56:29.0621 3484 ============================================================
19:56:30.0156 3484 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:56:30.0166 3484 ============================================================
19:56:30.0166 3484 \Device\Harddisk0\DR0:
19:56:30.0166 3484 MBR partitions:
19:56:30.0166 3484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0360
19:56:30.0183 3484 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113DA800, BlocksNum 0x28FAB000
19:56:30.0183 3484 ============================================================
19:56:30.0225 3484 C: <-> \Device\Harddisk0\DR0\Partition1
19:56:30.0258 3484 D: <-> \Device\Harddisk0\DR0\Partition2
19:56:30.0258 3484 ============================================================
19:56:30.0258 3484 Initialize success
19:56:30.0258 3484 ============================================================
19:56:31.0941 6052 ============================================================
19:56:31.0941 6052 Scan started
19:56:31.0941 6052 Mode: Manual;
19:56:31.0941 6052 ============================================================
19:56:39.0942 6052 ================ Scan system memory ========================
19:56:39.0942 6052 System memory - ok
19:56:39.0943 6052 ================ Scan services =============================
19:56:40.0122 6052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:56:40.0126 6052 1394ohci - ok
19:56:40.0155 6052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:56:40.0161 6052 ACPI - ok
19:56:40.0198 6052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:56:40.0199 6052 AcpiPmi - ok
19:56:40.0287 6052 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:56:40.0288 6052 AdobeARMservice - ok
19:56:40.0327 6052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:56:40.0348 6052 adp94xx - ok
19:56:40.0367 6052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:56:40.0376 6052 adpahci - ok
19:56:40.0404 6052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:56:40.0408 6052 adpu320 - ok
19:56:40.0442 6052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:56:40.0443 6052 AeLookupSvc - ok
19:56:40.0489 6052 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
19:56:40.0495 6052 AFBAgent - ok
19:56:40.0528 6052 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
19:56:40.0535 6052 AFD - ok
19:56:40.0567 6052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:56:40.0572 6052 agp440 - ok
19:56:40.0726 6052 [ E1B1F152C4E82C85E846D25C9E6E6CC8 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll
19:56:40.0726 6052 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll. md5: E1B1F152C4E82C85E846D25C9E6E6CC8
19:56:40.0733 6052 Akamai ( HiddenFile.Multi.Generic ) - warning
19:56:40.0733 6052 Akamai - detected HiddenFile.Multi.Generic (1)
19:56:40.0775 6052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:56:40.0777 6052 ALG - ok
19:56:40.0812 6052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:56:40.0814 6052 aliide - ok
19:56:40.0818 6052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:56:40.0821 6052 amdide - ok
19:56:40.0854 6052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:56:40.0855 6052 AmdK8 - ok
19:56:40.0860 6052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:56:40.0862 6052 AmdPPM - ok
19:56:40.0888 6052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:56:40.0890 6052 amdsata - ok
19:56:40.0919 6052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:56:40.0923 6052 amdsbs - ok
19:56:40.0952 6052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:56:40.0953 6052 amdxata - ok
19:56:40.0984 6052 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
19:56:41.0007 6052 AmUStor - ok
19:56:41.0033 6052 [ 27466E519371C6FC3A39B1F7B8A297FC ] androidusb C:\Windows\system32\Drivers\androidusb.sys
19:56:41.0034 6052 androidusb - ok
19:56:41.0066 6052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:56:41.0068 6052 AppID - ok
19:56:41.0101 6052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:56:41.0103 6052 AppIDSvc - ok
19:56:41.0127 6052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:56:41.0129 6052 Appinfo - ok
19:56:41.0185 6052 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:56:41.0187 6052 Apple Mobile Device - ok
19:56:41.0241 6052 [ 592F7AE254995274E166EEC95C28F551 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
19:56:41.0251 6052 Application Updater - ok
19:56:41.0301 6052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:56:41.0304 6052 arc - ok
19:56:41.0310 6052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:56:41.0312 6052 arcsas - ok
19:56:41.0368 6052 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:56:41.0369 6052 ASLDRService - ok
19:56:41.0415 6052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:41.0416 6052 AsyncMac - ok
19:56:41.0437 6052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:56:41.0439 6052 atapi - ok
19:56:41.0495 6052 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:56:41.0528 6052 athr - ok
19:56:41.0594 6052 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:56:41.0596 6052 ATKGFNEXSrv - ok
19:56:41.0613 6052 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:56:41.0614 6052 ATKWMIACPIIO_ - ok
19:56:41.0644 6052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:56:41.0652 6052 AudioEndpointBuilder - ok
19:56:41.0667 6052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:56:41.0672 6052 AudioSrv - ok
19:56:41.0822 6052 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:56:41.0946 6052 AVGIDSAgent - ok
19:56:41.0999 6052 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:56:42.0001 6052 AVGIDSDriver - ok
19:56:42.0037 6052 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:56:42.0039 6052 AVGIDSFilter - ok
19:56:42.0061 6052 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:56:42.0063 6052 AVGIDSHA - ok
19:56:42.0107 6052 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:56:42.0112 6052 Avgldx64 - ok
19:56:42.0162 6052 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:56:42.0164 6052 Avgmfx64 - ok
19:56:42.0204 6052 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:56:42.0205 6052 Avgrkx64 - ok
19:56:42.0235 6052 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:56:42.0240 6052 Avgtdia - ok
19:56:42.0306 6052 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:56:42.0309 6052 avgwd - ok
19:56:42.0327 6052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:56:42.0330 6052 AxInstSV - ok
19:56:42.0357 6052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:56:42.0363 6052 b06bdrv - ok
19:56:42.0417 6052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:56:42.0421 6052 b57nd60a - ok
19:56:42.0457 6052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:56:42.0459 6052 BDESVC - ok
19:56:42.0479 6052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:56:42.0481 6052 Beep - ok
19:56:42.0490 6052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:56:42.0491 6052 blbdrive - ok
19:56:42.0552 6052 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:56:42.0559 6052 Bonjour Service - ok
19:56:42.0605 6052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:56:42.0639 6052 bowser - ok
19:56:42.0663 6052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:56:42.0665 6052 BrFiltLo - ok
19:56:42.0669 6052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:56:42.0671 6052 BrFiltUp - ok
19:56:42.0685 6052 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:56:42.0687 6052 BridgeMP - ok
19:56:42.0719 6052 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
19:56:42.0722 6052 Browser - ok
19:56:42.0730 6052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:56:42.0735 6052 Brserid - ok
19:56:42.0742 6052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:56:42.0743 6052 BrSerWdm - ok
19:56:42.0748 6052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:56:42.0750 6052 BrUsbMdm - ok
19:56:42.0755 6052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:56:42.0757 6052 BrUsbSer - ok
19:56:42.0792 6052 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:56:42.0794 6052 BthEnum - ok
19:56:42.0809 6052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:56:42.0811 6052 BTHMODEM - ok
19:56:42.0835 6052 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:56:42.0837 6052 BthPan - ok
19:56:42.0863 6052 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:56:42.0870 6052 BTHPORT - ok
19:56:42.0895 6052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:56:42.0897 6052 bthserv - ok
19:56:42.0908 6052 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:56:42.0910 6052 BTHUSB - ok
19:56:42.0912 6052 catchme - ok
19:56:42.0938 6052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:56:42.0940 6052 cdfs - ok
19:56:42.0965 6052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:56:42.0968 6052 cdrom - ok
19:56:42.0998 6052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:56:43.0000 6052 CertPropSvc - ok
19:56:43.0018 6052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:56:43.0020 6052 circlass - ok
19:56:43.0065 6052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:56:43.0070 6052 CLFS - ok
19:56:43.0130 6052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:43.0134 6052 clr_optimization_v2.0.50727_32 - ok
19:56:43.0188 6052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:56:43.0192 6052 clr_optimization_v2.0.50727_64 - ok
19:56:43.0256 6052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:43.0282 6052 clr_optimization_v4.0.30319_32 - ok
19:56:43.0326 6052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:56:43.0329 6052 clr_optimization_v4.0.30319_64 - ok
19:56:43.0352 6052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:56:43.0353 6052 CmBatt - ok
19:56:43.0390 6052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:56:43.0392 6052 cmdide - ok
19:56:43.0437 6052 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
19:56:43.0445 6052 CNG - ok
19:56:43.0479 6052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:56:43.0481 6052 Compbatt - ok
19:56:43.0508 6052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:56:43.0510 6052 CompositeBus - ok
19:56:43.0518 6052 COMSysApp - ok
19:56:43.0624 6052 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:56:43.0628 6052 cphs - ok
19:56:43.0660 6052 cpuz135 - ok
19:56:43.0702 6052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:56:43.0703 6052 crcdisk - ok
19:56:43.0734 6052 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:56:43.0737 6052 CryptSvc - ok
19:56:43.0779 6052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:56:43.0787 6052 DcomLaunch - ok
19:56:43.0833 6052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:56:43.0838 6052 defragsvc - ok
19:56:43.0870 6052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:56:43.0872 6052 DfsC - ok
19:56:43.0912 6052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:56:43.0917 6052 Dhcp - ok
19:56:43.0949 6052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:56:43.0951 6052 discache - ok
19:56:43.0957 6052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:56:43.0960 6052 Disk - ok
19:56:43.0988 6052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:56:43.0992 6052 Dnscache - ok
19:56:44.0015 6052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:56:44.0019 6052 dot3svc - ok
19:56:44.0053 6052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:56:44.0057 6052 DPS - ok
19:56:44.0089 6052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:56:44.0090 6052 drmkaud - ok
19:56:44.0134 6052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:56:44.0153 6052 DXGKrnl - ok
19:56:44.0208 6052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:56:44.0211 6052 EapHost - ok
19:56:44.0305 6052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:56:44.0382 6052 ebdrv - ok
19:56:44.0408 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
19:56:44.0410 6052 EFS - ok
19:56:44.0474 6052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:56:44.0485 6052 ehRecvr - ok
19:56:44.0513 6052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:56:44.0516 6052 ehSched - ok
19:56:44.0550 6052 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:56:44.0552 6052 ElbyCDIO - ok
19:56:44.0595 6052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:56:44.0602 6052 elxstor - ok
19:56:44.0651 6052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:56:44.0652 6052 ErrDev - ok
19:56:44.0691 6052 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:56:44.0694 6052 ETD - ok
19:56:44.0757 6052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:56:44.0762 6052 EventSystem - ok
19:56:44.0788 6052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:56:44.0790 6052 exfat - ok
19:56:44.0815 6052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:56:44.0818 6052 fastfat - ok
19:56:44.0853 6052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:56:44.0863 6052 Fax - ok
19:56:44.0886 6052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:56:44.0888 6052 fdc - ok
19:56:44.0904 6052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:56:44.0906 6052 fdPHost - ok
19:56:44.0918 6052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:56:44.0920 6052 FDResPub - ok
19:56:44.0937 6052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:56:44.0939 6052 FileInfo - ok
19:56:44.0952 6052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:56:44.0954 6052 Filetrace - ok
19:56:44.0972 6052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:56:44.0974 6052 flpydisk - ok
19:56:45.0016 6052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:56:45.0021 6052 FltMgr - ok
19:56:45.0078 6052 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
19:56:45.0113 6052 FontCache - ok
19:56:45.0176 6052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:56:45.0178 6052 FontCache3.0.0.0 - ok
19:56:45.0209 6052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:56:45.0210 6052 FsDepends - ok
19:56:45.0235 6052 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:56:45.0237 6052 fssfltr - ok
19:56:45.0342 6052 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:56:45.0377 6052 fsssvc - ok
19:56:45.0407 6052 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:56:45.0409 6052 Fs_Rec - ok
19:56:45.0478 6052 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
19:56:45.0481 6052 Futuremark SystemInfo Service - ok
19:56:45.0529 6052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:56:45.0533 6052 fvevol - ok
19:56:45.0549 6052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:56:45.0551 6052 gagp30kx - ok
19:56:45.0572 6052 Giraffic - ok
19:56:45.0610 6052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:56:45.0625 6052 gpsvc - ok
19:56:45.0702 6052 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:56:45.0705 6052 gusvc - ok
19:56:45.0733 6052 [ D5FA01185A7D5A65724FD87B34E53F5B ] hcmon C:\Windows\system32\drivers\hcmon.sys
19:56:45.0735 6052 hcmon - ok
19:56:45.0768 6052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:56:45.0770 6052 hcw85cir - ok
19:56:45.0811 6052 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:56:45.0817 6052 HdAudAddService - ok
19:56:45.0847 6052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:56:45.0850 6052 HDAudBus - ok
19:56:45.0902 6052 [ 62FB29642745DD290910BFD79537FCE0 ] HH10Help.sys C:\Windows\system32\drivers\HH10Help.sys
19:56:45.0904 6052 HH10Help.sys - ok
19:56:45.0915 6052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:56:45.0917 6052 HidBatt - ok
19:56:45.0924 6052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:56:45.0927 6052 HidBth - ok
19:56:45.0934 6052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:56:45.0936 6052 HidIr - ok
19:56:45.0968 6052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:56:45.0970 6052 hidserv - ok
19:56:45.0994 6052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:56:45.0995 6052 HidUsb - ok
19:56:46.0019 6052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:56:46.0021 6052 hkmsvc - ok
19:56:46.0048 6052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:56:46.0052 6052 HomeGroupListener - ok
19:56:46.0085 6052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:56:46.0089 6052 HomeGroupProvider - ok
19:56:46.0111 6052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:56:46.0113 6052 HpSAMD - ok
19:56:46.0146 6052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:56:46.0155 6052 HTTP - ok
19:56:46.0165 6052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:56:46.0167 6052 hwpolicy - ok
19:56:46.0200 6052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:56:46.0202 6052 i8042prt - ok
19:56:46.0236 6052 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:56:46.0239 6052 iaStor - ok
19:56:46.0283 6052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:56:46.0289 6052 iaStorV - ok
19:56:46.0339 6052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:56:46.0356 6052 idsvc - ok
19:56:46.0667 6052 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:56:46.0956 6052 igfx - ok
19:56:46.0993 6052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:56:46.0994 6052 iirsp - ok
19:56:47.0052 6052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:56:47.0066 6052 IKEEXT - ok
19:56:47.0143 6052 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:56:47.0203 6052 IntcAzAudAddService - ok
19:56:47.0230 6052 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:56:47.0235 6052 IntcDAud - ok
19:56:47.0268 6052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:56:47.0269 6052 intelide - ok
19:56:47.0297 6052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:56:47.0298 6052 intelppm - ok
19:56:47.0318 6052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:56:47.0321 6052 IPBusEnum - ok
19:56:47.0346 6052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:47.0348 6052 IpFilterDriver - ok
19:56:47.0370 6052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:56:47.0373 6052 IPMIDRV - ok
19:56:47.0400 6052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:56:47.0403 6052 IPNAT - ok
19:56:47.0420 6052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:56:47.0422 6052 IRENUM - ok
19:56:47.0441 6052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:56:47.0443 6052 isapnp - ok
19:56:47.0471 6052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:56:47.0475 6052 iScsiPrt - ok
19:56:47.0562 6052 [ 040295875FDCBBEF5A3FC2D8996D9875 ] JTAGServer c:\altera\11.1\quartus\bin64\jtagserver.exe
19:56:47.0567 6052 JTAGServer - ok
19:56:47.0615 6052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:47.0617 6052 kbdclass - ok
19:56:47.0656 6052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:47.0657 6052 kbdhid - ok
19:56:47.0697 6052 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:56:47.0698 6052 kbfiltr - ok
19:56:47.0719 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
19:56:47.0720 6052 KeyIso - ok
19:56:47.0748 6052 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:56:47.0750 6052 KSecDD - ok
19:56:47.0781 6052 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:56:47.0784 6052 KSecPkg - ok
19:56:47.0819 6052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:56:47.0820 6052 ksthunk - ok
19:56:47.0850 6052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:56:47.0857 6052 KtmRm - ok
19:56:47.0898 6052 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:56:47.0899 6052 L1C - ok
19:56:47.0935 6052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:56:47.0941 6052 LanmanServer - ok
19:56:47.0963 6052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:56:47.0967 6052 LanmanWorkstation - ok
19:56:48.0003 6052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:56:48.0007 6052 lltdio - ok
19:56:48.0090 6052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:56:48.0096 6052 lltdsvc - ok
19:56:48.0115 6052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:56:48.0117 6052 lmhosts - ok
19:56:48.0326 6052 [ D55A7D0553C7102F63872936C7A9D9DB ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
19:56:48.0396 6052 LMIGuardianSvc - ok
19:56:48.0619 6052 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
19:56:48.0621 6052 LMIInfo - ok
19:56:48.0871 6052 [ A7D256C8847DF6E88BDDB55F87E54F46 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
19:56:48.0917 6052 LMIMaint - ok
19:56:49.0031 6052 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
19:56:49.0032 6052 lmimirr - ok
19:56:49.0039 6052 LMIRfsClientNP - ok
19:56:49.0140 6052 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
19:56:49.0181 6052 LMIRfsDriver - ok
19:56:49.0312 6052 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:56:49.0318 6052 LMS - ok
19:56:49.0373 6052 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
19:56:49.0380 6052 LogMeIn - ok
19:56:49.0432 6052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:56:49.0435 6052 LSI_FC - ok
19:56:49.0468 6052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:56:49.0470 6052 LSI_SAS - ok
19:56:49.0480 6052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:56:49.0482 6052 LSI_SAS2 - ok
19:56:49.0489 6052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:56:49.0492 6052 LSI_SCSI - ok
19:56:49.0505 6052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:56:49.0509 6052 luafv - ok
19:56:49.0566 6052 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:56:49.0568 6052 MBAMProtector - ok
19:56:49.0683 6052 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:56:49.0688 6052 MBAMScheduler - ok
19:56:49.0755 6052 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:56:49.0763 6052 MBAMService - ok
19:56:49.0845 6052 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
19:56:49.0849 6052 McComponentHostService - ok
19:56:49.0879 6052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:56:49.0882 6052 Mcx2Svc - ok
19:56:49.0908 6052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:56:49.0910 6052 megasas - ok
19:56:49.0921 6052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:56:49.0938 6052 MegaSR - ok
19:56:49.0963 6052 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:56:49.0964 6052 MEIx64 - ok
19:56:49.0997 6052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:56:50.0000 6052 MMCSS - ok
19:56:50.0036 6052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:56:50.0038 6052 Modem - ok
19:56:50.0046 6052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:56:50.0048 6052 monitor - ok
19:56:50.0079 6052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:56:50.0081 6052 mouclass - ok
19:56:50.0114 6052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:56:50.0115 6052 mouhid - ok
19:56:50.0162 6052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:56:50.0164 6052 mountmgr - ok
19:56:50.0220 6052 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:56:50.0222 6052 MozillaMaintenance - ok
19:56:50.0292 6052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:56:50.0295 6052 mpio - ok
19:56:50.0319 6052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:56:50.0353 6052 mpsdrv - ok
19:56:50.0470 6052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:56:50.0475 6052 MRxDAV - ok
19:56:50.0598 6052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:50.0601 6052 mrxsmb - ok
19:56:50.0678 6052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:50.0683 6052 mrxsmb10 - ok
19:56:50.0708 6052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:50.0710 6052 mrxsmb20 - ok
19:56:50.0772 6052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:56:50.0774 6052 msahci - ok
19:56:50.0846 6052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:56:50.0850 6052 msdsm - ok
19:56:50.0926 6052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:56:50.0930 6052 MSDTC - ok
19:56:50.0980 6052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:56:50.0981 6052 Msfs - ok
19:56:51.0003 6052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:56:51.0005 6052 mshidkmdf - ok
19:56:51.0046 6052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:56:51.0048 6052 msisadrv - ok
19:56:51.0087 6052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:56:51.0090 6052 MSiSCSI - ok
19:56:51.0095 6052 msiserver - ok
19:56:51.0135 6052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:56:51.0136 6052 MSKSSRV - ok
19:56:51.0155 6052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:51.0156 6052 MSPCLOCK - ok
19:56:51.0161 6052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:56:51.0164 6052 MSPQM - ok
19:56:51.0201 6052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:56:51.0207 6052 MsRPC - ok
19:56:51.0242 6052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:56:51.0245 6052 mssmbios - ok
19:56:51.0272 6052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:56:51.0274 6052 MSTEE - ok
19:56:51.0290 6052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:56:51.0291 6052 MTConfig - ok
19:56:51.0305 6052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:56:51.0307 6052 Mup - ok
19:56:51.0349 6052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:56:51.0356 6052 napagent - ok
19:56:51.0383 6052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:56:51.0387 6052 NativeWifiP - ok
19:56:51.0486 6052 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:56:51.0492 6052 NAUpdate - ok
19:56:51.0543 6052 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:56:51.0563 6052 NDIS - ok
19:56:51.0601 6052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:56:51.0603 6052 NdisCap - ok
19:56:51.0626 6052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:51.0630 6052 NdisTapi - ok
19:56:51.0653 6052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:51.0655 6052 Ndisuio - ok
19:56:51.0680 6052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:51.0683 6052 NdisWan - ok
19:56:51.0716 6052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:56:51.0718 6052 NDProxy - ok
19:56:51.0746 6052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:56:51.0748 6052 NetBIOS - ok
19:56:51.0786 6052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:56:51.0790 6052 NetBT - ok
19:56:51.0819 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
19:56:51.0821 6052 Netlogon - ok
19:56:51.0861 6052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:56:51.0868 6052 Netman - ok
19:56:51.0900 6052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:56:51.0907 6052 netprofm - ok
19:56:51.0944 6052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:51.0948 6052 NetTcpPortSharing - ok
19:56:51.0981 6052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:56:51.0983 6052 nfrd960 - ok
19:56:52.0023 6052 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:56:52.0030 6052 NlaSvc - ok
19:56:52.0080 6052 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
19:56:52.0082 6052 NPF - ok
19:56:52.0120 6052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:56:52.0122 6052 Npfs - ok
19:56:52.0153 6052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:56:52.0157 6052 nsi - ok
19:56:52.0197 6052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:56:52.0200 6052 nsiproxy - ok
19:56:52.0263 6052 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:56:52.0309 6052 Ntfs - ok
19:56:52.0341 6052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:56:52.0343 6052 Null - ok
19:56:52.0376 6052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:56:52.0379 6052 nvraid - ok
19:56:52.0396 6052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:56:52.0400 6052 nvstor - ok
19:56:52.0424 6052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:56:52.0426 6052 nv_agp - ok
19:56:52.0458 6052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:56:52.0460 6052 ohci1394 - ok
19:56:52.0517 6052 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:52.0521 6052 ose - ok
19:56:52.0662 6052 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:56:52.0787 6052 osppsvc - ok
19:56:52.0833 6052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:56:52.0840 6052 p2pimsvc - ok
19:56:52.0902 6052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:56:52.0909 6052 p2psvc - ok
19:56:52.0942 6052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:56:52.0945 6052 Parport - ok
19:56:52.0969 6052 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:56:52.0971 6052 partmgr - ok
19:56:52.0997 6052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:56:53.0002 6052 PcaSvc - ok
19:56:53.0024 6052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:56:53.0028 6052 pci - ok
19:56:53.0055 6052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:56:53.0057 6052 pciide - ok
19:56:53.0088 6052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:56:53.0092 6052 pcmcia - ok
19:56:53.0118 6052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:56:53.0120 6052 pcw - ok
19:56:53.0155 6052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:56:53.0163 6052 PEAUTH - ok
19:56:53.0260 6052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:56:53.0261 6052 PerfHost - ok
19:56:53.0330 6052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:56:53.0365 6052 pla - ok
19:56:53.0407 6052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:56:53.0413 6052 PlugPlay - ok
19:56:53.0433 6052 [ FE74BA87CDAA80AC9261F49167F0608A ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
19:56:53.0435 6052 pneteth - ok
19:56:53.0440 6052 PnkBstrA - ok
19:56:53.0463 6052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:56:53.0471 6052 PNRPAutoReg - ok
19:56:53.0489 6052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:56:53.0493 6052 PNRPsvc - ok
19:56:53.0528 6052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:56:53.0534 6052 PolicyAgent - ok
19:56:53.0577 6052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:56:53.0581 6052 Power - ok
19:56:53.0607 6052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:56:53.0610 6052 PptpMiniport - ok
19:56:53.0647 6052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:56:53.0649 6052 Processor - ok
19:56:53.0673 6052 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
19:56:53.0678 6052 ProfSvc - ok
19:56:53.0697 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
19:56:53.0699 6052 ProtectedStorage - ok
19:56:53.0763 6052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:56:53.0766 6052 Psched - ok
19:56:53.0812 6052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:56:53.0847 6052 ql2300 - ok
19:56:53.0878 6052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:56:53.0881 6052 ql40xx - ok
19:56:53.0911 6052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:56:53.0916 6052 QWAVE - ok
19:56:53.0936 6052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:56:53.0938 6052 QWAVEdrv - ok
19:56:53.0954 6052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:56:53.0956 6052 RasAcd - ok
19:56:53.0984 6052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:56:53.0986 6052 RasAgileVpn - ok
19:56:54.0016 6052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:56:54.0019 6052 RasAuto - ok
19:56:54.0036 6052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:54.0038 6052 Rasl2tp - ok
19:56:54.0079 6052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:56:54.0085 6052 RasMan - ok
19:56:54.0121 6052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:54.0124 6052 RasPppoe - ok
19:56:54.0143 6052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:56:54.0146 6052 RasSstp - ok
19:56:54.0202 6052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:56:54.0207 6052 rdbss - ok
19:56:54.0235 6052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:56:54.0238 6052 rdpbus - ok
19:56:54.0257 6052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:54.0259 6052 RDPCDD - ok
19:56:54.0271 6052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:56:54.0276 6052 RDPENCDD - ok
19:56:54.0308 6052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:56:54.0311 6052 RDPREFMP - ok
19:56:54.0338 6052 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:56:54.0342 6052 RDPWD - ok
19:56:54.0372 6052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:56:54.0375 6052 rdyboost - ok
19:56:54.0428 6052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:56:54.0431 6052 RemoteAccess - ok
19:56:54.0453 6052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:56:54.0458 6052 RemoteRegistry - ok
19:56:54.0478 6052 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:56:54.0482 6052 RFCOMM - ok
19:56:54.0528 6052 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
19:56:54.0531 6052 rpcapd - ok
19:56:54.0556 6052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:56:54.0559 6052 RpcEptMapper - ok
19:56:54.0585 6052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:56:54.0587 6052 RpcLocator - ok
19:56:54.0623 6052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:56:54.0630 6052 RpcSs - ok
19:56:54.0663 6052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:56:54.0665 6052 rspndr - ok
19:56:54.0750 6052 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce

Vibhor · Nov 5, 2012

C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:56:54.0782 6052 RTL8192Ce - ok
19:56:54.0797 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
19:56:54.0798 6052 SamSs - ok
19:56:54.0837 6052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:56:54.0839 6052 sbp2port - ok
19:56:54.0875 6052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:56:54.0880 6052 SCardSvr - ok
19:56:54.0914 6052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:56:54.0915 6052 scfilter - ok
19:56:54.0970 6052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:56:55.0004 6052 Schedule - ok
19:56:55.0054 6052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:56:55.0055 6052 SCPolicySvc - ok
19:56:55.0069 6052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:56:55.0073 6052 SDRSVC - ok
19:56:55.0102 6052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:56:55.0103 6052 secdrv - ok
19:56:55.0130 6052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:56:55.0133 6052 seclogon - ok
19:56:55.0152 6052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:56:55.0155 6052 SENS - ok
19:56:55.0171 6052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:56:55.0173 6052 SensrSvc - ok
19:56:55.0198 6052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:56:55.0200 6052 Serenum - ok
19:56:55.0208 6052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:56:55.0210 6052 Serial - ok
19:56:55.0235 6052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:56:55.0237 6052 sermouse - ok
19:56:55.0336 6052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:56:55.0339 6052 SessionEnv - ok
19:56:55.0371 6052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:56:55.0373 6052 sffdisk - ok
19:56:55.0380 6052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:56:55.0383 6052 sffp_mmc - ok
19:56:55.0392 6052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:56:55.0394 6052 sffp_sd - ok
19:56:55.0424 6052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:56:55.0427 6052 sfloppy - ok
19:56:55.0506 6052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:56:55.0513 6052 ShellHWDetection - ok
19:56:55.0537 6052 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:56:55.0539 6052 SiSGbeLH - ok
19:56:55.0556 6052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:56:55.0558 6052 SiSRaid2 - ok
19:56:55.0566 6052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:56:55.0570 6052 SiSRaid4 - ok
19:56:55.0582 6052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:56:55.0591 6052 Smb - ok
19:56:55.0631 6052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:56:55.0636 6052 SNMPTRAP - ok
19:56:55.0660 6052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:56:55.0662 6052 spldr - ok
19:56:55.0702 6052 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:56:55.0712 6052 Spooler - ok
19:56:55.0826 6052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:56:55.0892 6052 sppsvc - ok
19:56:55.0956 6052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:56:55.0959 6052 sppuinotify - ok
19:56:56.0002 6052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:56:56.0008 6052 srv - ok
19:56:56.0052 6052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:56:56.0059 6052 srv2 - ok
19:56:56.0069 6052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:56:56.0073 6052 srvnet - ok
19:56:56.0117 6052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:56:56.0122 6052 SSDPSRV - ok
19:56:56.0144 6052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:56:56.0147 6052 SstpSvc - ok
19:56:56.0177 6052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:56:56.0179 6052 stexstor - ok
19:56:56.0223 6052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:56:56.0232 6052 stisvc - ok
19:56:56.0324 6052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:56:56.0327 6052 swenum - ok
19:56:56.0371 6052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:56:56.0382 6052 swprv - ok
19:56:56.0470 6052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:56:56.0520 6052 SysMain - ok
19:56:56.0561 6052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:56:56.0565 6052 TabletInputService - ok
19:56:56.0590 6052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:56:56.0596 6052 TapiSrv - ok
19:56:56.0626 6052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:56:56.0629 6052 TBS - ok
19:56:56.0752 6052 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:56:56.0800 6052 Tcpip - ok
19:56:56.0838 6052 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:56:56.0850 6052 TCPIP6 - ok
19:56:56.0879 6052 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:56:56.0881 6052 tcpipreg - ok
19:56:56.0914 6052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:56:56.0916 6052 TDPIPE - ok
19:56:56.0922 6052 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:56:56.0924 6052 TDTCP - ok
19:56:56.0963 6052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:56:56.0965 6052 tdx - ok
19:56:57.0128 6052 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:56:57.0188 6052 TeamViewer7 - ok
19:56:57.0236 6052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:56:57.0238 6052 TermDD - ok
19:56:57.0288 6052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:56:57.0313 6052 TermService - ok
19:56:57.0346 6052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:56:57.0348 6052 Themes - ok
19:56:57.0385 6052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:56:57.0387 6052 THREADORDER - ok
19:56:57.0416 6052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:56:57.0420 6052 TrkWks - ok
19:56:57.0502 6052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:56:57.0505 6052 TrustedInstaller - ok
19:56:57.0549 6052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:57.0551 6052 tssecsrv - ok
19:56:57.0572 6052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:56:57.0574 6052 TsUsbFlt - ok
19:56:57.0687 6052 [ DAFEEE8F55E0FA1567E734299AC0AF06 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:56:57.0740 6052 TuneUp.UtilitiesSvc - ok
19:56:57.0765 6052 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:56:57.0767 6052 TuneUpUtilitiesDrv - ok
19:56:57.0797 6052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:56:57.0800 6052 tunnel - ok
19:56:57.0834 6052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:56:57.0836 6052 uagp35 - ok
19:56:57.0862 6052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:56:57.0868 6052 udfs - ok
19:56:57.0941 6052 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
19:56:57.0945 6052 ufad-ws60 - ok
19:56:57.0977 6052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:56:57.0980 6052 UI0Detect - ok
19:56:58.0001 6052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:56:58.0003 6052 uliagpkx - ok
19:56:58.0032 6052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:56:58.0034 6052 umbus - ok
19:56:58.0066 6052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:56:58.0068 6052 UmPass - ok
19:56:58.0297 6052 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:56:58.0348 6052 UNS - ok
19:56:58.0386 6052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:56:58.0392 6052 upnphost - ok
19:56:58.0425 6052 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:56:58.0427 6052 USBAAPL64 - ok
19:56:58.0442 6052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:58.0445 6052 usbccgp - ok
19:56:58.0471 6052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:56:58.0473 6052 usbcir - ok
19:56:58.0494 6052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:56:58.0496 6052 usbehci - ok
19:56:58.0518 6052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:56:58.0523 6052 usbhub - ok
19:56:58.0539 6052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:56:58.0541 6052 usbohci - ok
19:56:58.0582 6052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:56:58.0584 6052 usbprint - ok
19:56:58.0625 6052 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:56:58.0654 6052 usbscan - ok
19:56:58.0689 6052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:58.0692 6052 USBSTOR - ok
19:56:58.0723 6052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:56:58.0724 6052 usbuhci - ok
19:56:58.0756 6052 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:56:58.0760 6052 usbvideo - ok
19:56:58.0795 6052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:56:58.0798 6052 UxSms - ok
19:56:58.0842 6052 [ ED551A5FA7DC414B050A1D7D55E56674 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
19:56:58.0845 6052 UxTuneUp - ok
19:56:58.0863 6052 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
19:56:58.0865 6052 VaultSvc - ok
19:56:59.0523 6052 [ D269E71B969DCDC731D9874DB937B2A9 ] VC10SecS D:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
19:56:59.0526 6052 VC10SecS - ok
19:56:59.0608 6052 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
19:56:59.0609 6052 vcd10bus - ok
19:56:59.0641 6052 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:56:59.0643 6052 VClone - ok
19:56:59.0650 6052 Suspicious service (NoAccess): vdrv1000
19:56:59.0717 6052 [ 091EC06D96FF191ED889A65BFCCEDACD ] vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys
19:56:59.0745 6052 vdrv1000 ( LockedService.Multi.Generic ) - warning
19:56:59.0745 6052 vdrv1000 - detected LockedService.Multi.Generic (1)
19:56:59.0750 6052 Suspicious service (NoAccess): vdrv1000.ini
19:56:59.0760 6052 Suspicious service (NoAccess): vdrvroot
19:56:59.0778 6052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:56:59.0783 6052 vdrvroot ( LockedService.Multi.Generic ) - warning
19:56:59.0783 6052 vdrvroot - detected LockedService.Multi.Generic (1)
19:56:59.0787 6052 Suspicious service (NoAccess): vds
19:56:59.0821 6052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:56:59.0833 6052 vds ( LockedService.Multi.Generic ) - warning
19:56:59.0833 6052 vds - detected LockedService.Multi.Generic (1)
19:56:59.0839 6052 Suspicious service (NoAccess): vga
19:56:59.0870 6052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:59.0877 6052 vga ( LockedService.Multi.Generic ) - warning
19:56:59.0877 6052 vga - detected LockedService.Multi.Generic (1)
19:56:59.0882 6052 Suspicious service (NoAccess): VgaSave
19:56:59.0896 6052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:56:59.0900 6052 VgaSave ( LockedService.Multi.Generic ) - warning
19:56:59.0900 6052 VgaSave - detected LockedService.Multi.Generic (1)
19:56:59.0905 6052 Suspicious service (NoAccess): vhdmp
19:56:59.0940 6052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:56:59.0947 6052 vhdmp ( LockedService.Multi.Generic ) - warning
19:56:59.0947 6052 vhdmp - detected LockedService.Multi.Generic (1)
19:56:59.0954 6052 Suspicious service (NoAccess): viaide
19:56:59.0990 6052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:56:59.0995 6052 viaide ( LockedService.Multi.Generic ) - warning
19:56:59.0995 6052 viaide - detected LockedService.Multi.Generic (1)
19:57:00.0000 6052 Suspicious service (NoAccess): VMAuthdService
19:57:00.0024 6052 [ 7AC6239C65DADE55DEFD573B98616C3F ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
19:57:00.0029 6052 VMAuthdService ( LockedService.Multi.Generic ) - warning
19:57:00.0029 6052 VMAuthdService - detected LockedService.Multi.Generic (1)
19:57:00.0034 6052 Suspicious service (NoAccess): vmci
19:57:00.0060 6052 [ 312AEC23A85424543AF898A59209B479 ] vmci C:\Windows\system32\drivers\vmci.sys
19:57:00.0066 6052 vmci ( LockedService.Multi.Generic ) - warning
19:57:00.0066 6052 vmci - detected LockedService.Multi.Generic (1)
19:57:00.0071 6052 Suspicious service (NoAccess): vmkbd
19:57:00.0093 6052 [ FFC30CAEEB2FC5FEE8568CFF74EDEAED ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
19:57:00.0098 6052 vmkbd ( LockedService.Multi.Generic ) - warning
19:57:00.0098 6052 vmkbd - detected LockedService.Multi.Generic (1)
19:57:00.0103 6052 Suspicious service (NoAccess): VMnetAdapter
19:57:00.0113 6052 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:57:00.0119 6052 VMnetAdapter ( LockedService.Multi.Generic ) - warning
19:57:00.0119 6052 VMnetAdapter - detected LockedService.Multi.Generic (1)
19:57:00.0123 6052 Suspicious service (NoAccess): VMnetBridge
19:57:00.0140 6052 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:57:00.0145 6052 VMnetBridge ( LockedService.Multi.Generic ) - warning
19:57:00.0145 6052 VMnetBridge - detected LockedService.Multi.Generic (1)
19:57:00.0150 6052 Suspicious service (NoAccess): VMnetDHCP
19:57:00.0154 6052 VMnetDHCP ( LockedService.Multi.Generic ) - warning
19:57:00.0154 6052 VMnetDHCP - detected LockedService.Multi.Generic (1)
19:57:00.0159 6052 Suspicious service (NoAccess): VMnetuserif
19:57:00.0174 6052 [ 56D547BFC3F1619FA82EC9EF5D24E802 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
19:57:00.0178 6052 VMnetuserif ( LockedService.Multi.Generic ) - warning
19:57:00.0178 6052 VMnetuserif - detected LockedService.Multi.Generic (1)
19:57:00.0183 6052 Suspicious service (NoAccess): vmusb
19:57:00.0202 6052 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
19:57:00.0206 6052 vmusb ( LockedService.Multi.Generic ) - warning
19:57:00.0206 6052 vmusb - detected LockedService.Multi.Generic (1)
19:57:00.0210 6052 Suspicious service (NoAccess): VMUSBArbService
19:57:00.0277 6052 [ 19368F7C4DC6EF444B826249FC8A0E30 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
19:57:00.0288 6052 VMUSBArbService ( LockedService.Multi.Generic ) - warning
19:57:00.0289 6052 VMUSBArbService - detected LockedService.Multi.Generic (1)
19:57:00.0293 6052 Suspicious service (NoAccess): VMware
19:57:00.0300 6052 Suspicious service (NoAccess): VMware NAT Service
19:57:00.0305 6052 VMware NAT Service ( LockedService.Multi.Generic ) - warning
19:57:00.0305 6052 VMware NAT Service - detected LockedService.Multi.Generic (1)
19:57:00.0310 6052 Suspicious service (NoAccess): vmx86
19:57:00.0338 6052 [ 62CD5A87FDE14701506D4E0DD8F13D2E ] vmx86 C:\Windows\system32\drivers\vmx86.sys
19:57:00.0343 6052 vmx86 ( LockedService.Multi.Generic ) - warning
19:57:00.0344 6052 vmx86 - detected LockedService.Multi.Generic (1)
19:57:00.0349 6052 Suspicious service (NoAccess): volmgr
19:57:00.0374 6052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:57:00.0380 6052 volmgr ( LockedService.Multi.Generic ) - warning
19:57:00.0380 6052 volmgr - detected LockedService.Multi.Generic (1)
19:57:00.0385 6052 Suspicious service (NoAccess): volmgrx
19:57:00.0416 6052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:57:00.0425 6052 volmgrx ( LockedService.Multi.Generic ) - warning
19:57:00.0425 6052 volmgrx - detected LockedService.Multi.Generic (1)
19:57:00.0430 6052 Suspicious service (NoAccess): volsnap
19:57:00.0447 6052 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:57:00.0456 6052 volsnap ( LockedService.Multi.Generic ) - warning
19:57:00.0456 6052 volsnap - detected LockedService.Multi.Generic (1)
19:57:00.0460 6052 Suspicious service (NoAccess): vsmraid
19:57:00.0488 6052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:57:00.0494 6052 vsmraid ( LockedService.Multi.Generic ) - warning
19:57:00.0494 6052 vsmraid - detected LockedService.Multi.Generic (1)
19:57:00.0500 6052 Suspicious service (NoAccess): VSS
19:57:00.0578 6052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:57:00.0666 6052 VSS ( LockedService.Multi.Generic ) - warning
19:57:00.0666 6052 VSS - detected LockedService.Multi.Generic (1)
19:57:00.0671 6052 Suspicious service (NoAccess): vstor2-ws60
19:57:00.0713 6052 [ E61C910E2DDF4797C1B1F9239636E894 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
19:57:00.0718 6052 vstor2-ws60 ( LockedService.Multi.Generic ) - warning
19:57:00.0718 6052 vstor2-ws60 - detected LockedService.Multi.Generic (1)
19:57:00.0722 6052 Suspicious service (NoAccess): vwifibus
19:57:00.0731 6052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:57:00.0736 6052 vwifibus ( LockedService.Multi.Generic ) - warning
19:57:00.0736 6052 vwifibus - detected LockedService.Multi.Generic (1)
19:57:00.0742 6052 Suspicious service (NoAccess): vwififlt
19:57:00.0768 6052 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:57:00.0774 6052 vwififlt ( LockedService.Multi.Generic ) - warning
19:57:00.0774 6052 vwififlt - detected LockedService.Multi.Generic (1)
19:57:00.0779 6052 Suspicious service (NoAccess): vwifimp
19:57:00.0792 6052 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:57:00.0796 6052 vwifimp ( LockedService.Multi.Generic ) - warning
19:57:00.0796 6052 vwifimp - detected LockedService.Multi.Generic (1)
19:57:00.0800 6052 Suspicious service (NoAccess): W32Time
19:57:00.0831 6052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:57:00.0841 6052 W32Time ( LockedService.Multi.Generic ) - warning
19:57:00.0841 6052 W32Time - detected LockedService.Multi.Generic (1)
19:57:00.0845 6052 Suspicious service (NoAccess): W3SVC
19:57:00.0850 6052 Suspicious service (NoAccess): WacomPen
19:57:00.0868 6052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:57:00.0873 6052 WacomPen ( LockedService.Multi.Generic ) - warning
19:57:00.0873 6052 WacomPen - detected LockedService.Multi.Generic (1)
19:57:00.0879 6052 Suspicious service (NoAccess): WANARP
19:57:00.0913 6052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:57:00.0921 6052 WANARP ( LockedService.Multi.Generic ) - warning
19:57:00.0921 6052 WANARP - detected LockedService.Multi.Generic (1)
19:57:00.0928 6052 Suspicious service (NoAccess): Wanarpv6
19:57:00.0935 6052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:57:00.0940 6052 Wanarpv6 ( LockedService.Multi.Generic ) - warning
19:57:00.0940 6052 Wanarpv6 - detected LockedService.Multi.Generic (1)
19:57:00.0945 6052 Suspicious service (NoAccess): WatAdminSvc
19:57:01.0017 6052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:57:01.0069 6052 WatAdminSvc ( LockedService.Multi.Generic ) - warning
19:57:01.0069 6052 WatAdminSvc - detected LockedService.Multi.Generic (1)
19:57:01.0077 6052 Suspicious service (NoAccess): wbengine
19:57:01.0136 6052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:57:01.0197 6052 wbengine ( LockedService.Multi.Generic ) - warning
19:57:01.0197 6052 wbengine - detected LockedService.Multi.Generic (1)
19:57:01.0203 6052 Suspicious service (NoAccess): WbioSrvc
19:57:01.0277 6052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:57:01.0287 6052 WbioSrvc ( LockedService.Multi.Generic ) - warning
19:57:01.0288 6052 WbioSrvc - detected LockedService.Multi.Generic (1)
19:57:01.0293 6052 Suspicious service (NoAccess): wcncsvc
19:57:01.0330 6052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:57:01.0340 6052 wcncsvc ( LockedService.Multi.Generic ) - warning
19:57:01.0340 6052 wcncsvc - detected LockedService.Multi.Generic (1)
19:57:01.0345 6052 Suspicious service (NoAccess): WcsPlugInService
19:57:01.0358 6052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:57:01.0365 6052 WcsPlugInService ( LockedService.Multi.Generic ) - warning
19:57:01.0365 6052 WcsPlugInService - detected LockedService.Multi.Generic (1)
19:57:01.0369 6052 Suspicious service (NoAccess): Wd
19:57:01.0395 6052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:57:01.0399 6052 Wd ( LockedService.Multi.Generic ) - warning
19:57:01.0399 6052 Wd - detected LockedService.Multi.Generic (1)
19:57:01.0406 6052 Suspicious service (NoAccess): Wdf01000
19:57:01.0429 6052 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:57:01.0441 6052 Wdf01000 ( LockedService.Multi.Generic ) - warning
19:57:01.0441 6052 Wdf01000 - detected LockedService.Multi.Generic (1)
19:57:01.0446 6052 Suspicious service (NoAccess): WdiServiceHost
19:57:01.0460 6052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:57:01.0468 6052 WdiServiceHost ( LockedService.Multi.Generic ) - warning
19:57:01.0468 6052 WdiServiceHost - detected LockedService.Multi.Generic (1)
19:57:01.0473 6052 Suspicious service (NoAccess): WdiSystemHost
19:57:01.0476 6052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:57:01.0482 6052 WdiSystemHost ( LockedService.Multi.Generic ) - warning
19:57:01.0482 6052 WdiSystemHost - detected LockedService.Multi.Generic (1)
19:57:01.0487 6052 Suspicious service (NoAccess): WebClient
19:57:01.0528 6052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:57:01.0536 6052 WebClient ( LockedService.Multi.Generic ) - warning
19:57:01.0536 6052 WebClient - detected LockedService.Multi.Generic (1)
19:57:01.0541 6052 Suspicious service (NoAccess): Wecsvc
19:57:01.0588 6052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:57:01.0597 6052 Wecsvc ( LockedService.Multi.Generic ) - warning
19:57:01.0597 6052 Wecsvc - detected LockedService.Multi.Generic (1)
19:57:01.0604 6052 Suspicious service (NoAccess): wercplsupport
19:57:01.0610 6052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:57:01.0617 6052 wercplsupport ( LockedService.Multi.Generic ) - warning
19:57:01.0617 6052 wercplsupport - detected LockedService.Multi.Generic (1)
19:57:01.0622 6052 Suspicious service (NoAccess): WerSvc
19:57:01.0633 6052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:57:01.0640 6052 WerSvc ( LockedService.Multi.Generic ) - warning
19:57:01.0640 6052 WerSvc - detected LockedService.Multi.Generic (1)
19:57:01.0645 6052 Suspicious service (NoAccess): WfpLwf
19:57:01.0664 6052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:57:01.0669 6052 WfpLwf ( LockedService.Multi.Generic ) - warning
19:57:01.0669 6052 WfpLwf - detected LockedService.Multi.Generic (1)
19:57:01.0673 6052 Suspicious service (NoAccess): WimFltr
19:57:01.0698 6052 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:57:01.0704 6052 WimFltr ( LockedService.Multi.Generic ) - warning
19:57:01.0704 6052 WimFltr - detected LockedService.Multi.Generic (1)
19:57:01.0710 6052 Suspicious service (NoAccess): WIMMount
19:57:01.0724 6052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:57:01.0729 6052 WIMMount ( LockedService.Multi.Generic ) - warning
19:57:01.0729 6052 WIMMount - detected LockedService.Multi.Generic (1)
19:57:01.0734 6052 Suspicious service (NoAccess): Windows Workflow Foundation 3.0.0.0
19:57:01.0739 6052 Suspicious service (NoAccess): WinDriver6
19:57:01.0764 6052 [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
19:57:01.0793 6052 WinDriver6 ( LockedService.Multi.Generic ) - warning
19:57:01.0793 6052 WinDriver6 - detected LockedService.Multi.Generic (1)
19:57:01.0799 6052 Suspicious service (NoAccess): WinHttpAutoProxySvc
19:57:01.0804 6052 WinHttpAutoProxySvc ( LockedService.Multi.Generic ) - warning
19:57:01.0804 6052 WinHttpAutoProxySvc - detected LockedService.Multi.Generic (1)
19:57:01.0809 6052 Suspicious service (NoAccess): Winmgmt
19:57:01.0898 6052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:57:01.0906 6052 Winmgmt ( LockedService.Multi.Generic ) - warning
19:57:01.0906 6052 Winmgmt - detected LockedService.Multi.Generic (1)
19:57:01.0925 6052 Suspicious service (NoAccess): WinRM
19:57:02.0033 6052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:57:02.0064 6052 WinRM ( LockedService.Multi.Generic ) - warning
19:57:02.0064 6052 WinRM - detected LockedService.Multi.Generic (1)
19:57:02.0070 6052 Suspicious service (NoAccess): Winsock
19:57:02.0076 6052 Suspicious service (NoAccess): WinSock2
19:57:02.0091 6052 Suspicious service (NoAccess): WinUsb
19:57:02.0110 6052 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:57:02.0139 6052 WinUsb ( LockedService.Multi.Generic ) - warning
19:57:02.0139 6052 WinUsb - detected LockedService.Multi.Generic (1)
19:57:02.0146 6052 Suspicious service (NoAccess): Wlansvc
19:57:02.0191 6052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:57:02.0212 6052 Wlansvc ( LockedService.Multi.Generic ) - warning
19:57:02.0212 6052 Wlansvc - detected LockedService.Multi.Generic (1)
19:57:02.0220 6052 Suspicious service (NoAccess): wlcrasvc
19:57:02.0288 6052 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:57:02.0294 6052 wlcrasvc ( LockedService.Multi.Generic ) - warning
19:57:02.0294 6052 wlcrasvc - detected LockedService.Multi.Generic (1)
19:57:02.0300 6052 Suspicious service (NoAccess): wlidsvc
19:57:02.0431 6052 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:57:02.0496 6052 wlidsvc ( LockedService.Multi.Generic ) - warning
19:57:02.0496 6052 wlidsvc - detected LockedService.Multi.Generic (1)
19:57:02.0502 6052 Suspicious service (NoAccess): WmiAcpi
19:57:02.0533 6052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:57:02.0538 6052 WmiAcpi ( LockedService.Multi.Generic ) - warning
19:57:02.0538 6052 WmiAcpi - detected LockedService.Multi.Generic (1)
19:57:02.0542 6052 Suspicious service (NoAccess): WmiApRpl
19:57:02.0547 6052 Suspicious service (NoAccess): wmiApSrv
19:57:02.0577 6052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:57:02.0609 6052 wmiApSrv ( LockedService.Multi.Generic ) - warning
19:57:02.0609 6052 wmiApSrv - detected LockedService.Multi.Generic (1)
19:57:02.0614 6052 Suspicious service (NoAccess): WMPNetworkSvc
19:57:02.0641 6052 WMPNetworkSvc ( LockedService.Multi.Generic ) - warning
19:57:02.0641 6052 WMPNetworkSvc - detected LockedService.Multi.Generic (1)
19:57:02.0646 6052 Suspicious service (NoAccess): WPCSvc
19:57:02.0711 6052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:57:02.0717 6052 WPCSvc ( LockedService.Multi.Generic ) - warning
19:57:02.0718 6052 WPCSvc - detected LockedService.Multi.Generic (1)
19:57:02.0723 6052 Suspicious service (NoAccess): WPDBusEnum
19:57:02.0757 6052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:57:02.0764 6052 WPDBusEnum ( LockedService.Multi.Generic ) - warning
19:57:02.0764 6052 WPDBusEnum - detected LockedService.Multi.Generic (1)
19:57:02.0769 6052 Suspicious service (NoAccess): ws2ifsl
19:57:02.0790 6052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:57:02.0795 6052 ws2ifsl ( LockedService.Multi.Generic ) - warning
19:57:02.0795 6052 ws2ifsl - detected LockedService.Multi.Generic (1)
19:57:02.0799 6052 Suspicious service (NoAccess): WSearch
19:57:02.0806 6052 WSearch ( LockedService.Multi.Generic ) - warning
19:57:02.0806 6052 WSearch - detected LockedService.Multi.Generic (1)
19:57:02.0810 6052 Suspicious service (NoAccess): WSearchIdxPi
19:57:02.0816 6052 Suspicious service (NoAccess): WudfPf
19:57:02.0840 6052 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:57:02.0846 6052 WudfPf ( LockedService.Multi.Generic ) - warning
19:57:02.0846 6052 WudfPf - detected LockedService.Multi.Generic (1)
19:57:02.0851 6052 Suspicious service (NoAccess): WUDFRd
19:57:02.0879 6052 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:57:02.0886 6052 WUDFRd ( LockedService.Multi.Generic ) - warning
19:57:02.0886 6052 WUDFRd - detected LockedService.Multi.Generic (1)
19:57:02.0891 6052 Suspicious service (NoAccess): wudfsvc
19:57:02.0911 6052 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:57:02.0918 6052 wudfsvc ( LockedService.Multi.Generic ) - warning
19:57:02.0918 6052 wudfsvc - detected LockedService.Multi.Generic (1)
19:57:02.0923 6052 Suspicious service (NoAccess): WwanSvc
19:57:02.0944 6052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:57:02.0955 6052 WwanSvc ( LockedService.Multi.Generic ) - warning
19:57:02.0955 6052 WwanSvc - detected LockedService.Multi.Generic (1)
19:57:02.0961 6052 Suspicious service (NoAccess): XilinxPC4Driver
19:57:02.0975 6052 [ 0D7D5DEF542CF01AD9665F398A0D0C78 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
19:57:02.0979 6052 XilinxPC4Driver ( LockedService.Multi.Generic ) - warning
19:57:02.0979 6052 XilinxPC4Driver - detected LockedService.Multi.Generic (1)
19:57:02.0984 6052 Suspicious service (NoAccess): xmlprov
19:57:02.0989 6052 Suspicious service (NoAccess): YahooAUService
19:57:03.0058 6052 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:57:03.0070 6052 YahooAUService ( LockedService.Multi.Generic ) - warning
19:57:03.0070 6052 YahooAUService - detected LockedService.Multi.Generic (1)
19:57:03.0075 6052 Suspicious service (NoAccess): {05AECD5C-5983-4433-AAD9-492D474D60B2}
19:57:03.0080 6052 Suspicious service (NoAccess): {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
19:57:03.0086 6052 Suspicious service (NoAccess): {2D9CB93B-910D-4F36-A439-5357872DC36E}
19:57:03.0094 6052 Suspicious service (NoAccess): {51D18F0F-5E6C-43BA-9D96-23A7888E0AAB}
19:57:03.0099 6052 Suspicious service (NoAccess): {62D00B05-5C14-41E5-9A56-1530E074D0CC}
19:57:03.0104 6052 Suspicious service (NoAccess): {6D498CDD-56BB-4BC8-8F25-FF1B057F7504}
19:57:03.0109 6052 Suspicious service (NoAccess): {6E2F2010-4E58-4D81-B8B5-D7F905FF48DA}
19:57:03.0115 6052 Suspicious service (NoAccess): {9736D227-865A-4D73-BF34-95FD567B0366}
19:57:03.0120 6052 Suspicious service (NoAccess): {A9B37425-9201-4EE4-9393-7C44C0C2607B}
19:57:03.0125 6052 Suspicious service (NoAccess): {C1D821EC-2C83-4CA9-8041-09A5E1F3DF1B}
19:57:03.0130 6052 Suspicious service (NoAccess): {EA8A7A78-2505-4D4C-B252-4CE7AC97DAAC}
19:57:03.0130 6052 ================ Scan global ===============================
19:57:03.0181 6052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:57:03.0220 6052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:57:03.0230 6052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:57:03.0254 6052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:57:03.0285 6052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:57:03.0289 6052 [Global] - ok
19:57:03.0290 6052 ================ Scan MBR ==================================
19:57:03.0310 6052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:57:03.0761 6052 \Device\Harddisk0\DR0 - ok
19:57:03.0761 6052 ================ Scan VBR ==================================
19:57:03.0787 6052 [ D628A5B03AC9AD122DB839FD35C5BE9F ] \Device\Harddisk0\DR0\Partition1
19:57:03.0790 6052 \Device\Harddisk0\DR0\Partition1 - ok
19:57:03.0817 6052 [ D40E67A965CC2BBCB2CA195EE2B20A3C ] \Device\Harddisk0\DR0\Partition2
19:57:03.0820 6052 \Device\Harddisk0\DR0\Partition2 - ok
19:57:03.0821 6052 ============================================================
19:57:03.0821 6052 Scan finished
19:57:03.0821 6052 ============================================================
19:57:03.0839 5828 Detected object count: 69
19:57:03.0840 5828 Actual detected object count: 69
19:57:20.0757 5828 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:57:20.0757 5828 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:57:20.0757 5828 vdrv1000 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0757 5828 vdrv1000 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0759 5828 vdrvroot ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0759 5828 vdrvroot ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0760 5828 vds ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0760 5828 vds ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0762 5828 vga ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0762 5828 vga ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0765 5828 VgaSave ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0765 5828 VgaSave ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0768 5828 vhdmp ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0768 5828 vhdmp ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0769 5828 viaide ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0769 5828 viaide ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0770 5828 VMAuthdService ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0770 5828 VMAuthdService ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0772 5828 vmci ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0772 5828 vmci ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0774 5828 vmkbd ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0774 5828 vmkbd ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0775 5828 VMnetAdapter ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0775 5828 VMnetAdapter ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0776 5828 VMnetBridge ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0777 5828 VMnetBridge ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0778 5828 VMnetDHCP ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0778 5828 VMnetDHCP ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0779 5828 VMnetuserif ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0779 5828 VMnetuserif ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0781 5828 vmusb ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0781 5828 vmusb ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0784 5828 VMUSBArbService ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0784 5828 VMUSBArbService ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0785 5828 VMware NAT Service ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0785 5828 VMware NAT Service ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0786 5828 vmx86 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0786 5828 vmx86 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0788 5828 volmgr ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0788 5828 volmgr ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0789 5828 volmgrx ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0789 5828 volmgrx ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0790 5828 volsnap ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0790 5828 volsnap ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0792 5828 vsmraid ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0792 5828 vsmraid ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0794 5828 VSS ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0795 5828 VSS ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0795 5828 vstor2-ws60 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0795 5828 vstor2-ws60 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0797 5828 vwifibus ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0797 5828 vwifibus ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0798 5828 vwififlt ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0798 5828 vwififlt ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0800 5828 vwifimp ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0800 5828 vwifimp ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0801 5828 W32Time ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0801 5828 W32Time ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0802 5828 WacomPen ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0803 5828 WacomPen ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0804 5828 WANARP ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0804 5828 WANARP ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0806 5828 Wanarpv6 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0806 5828 Wanarpv6 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0807 5828 WatAdminSvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0807 5828 WatAdminSvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0808 5828 wbengine ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0808 5828 wbengine ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0810 5828 WbioSrvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0810 5828 WbioSrvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0811 5828 wcncsvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0811 5828 wcncsvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0812 5828 WcsPlugInService ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0812 5828 WcsPlugInService ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0814 5828 Wd ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0815 5828 Wd ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0816 5828 Wdf01000 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0817 5828 Wdf01000 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0818 5828 WdiServiceHost ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0818 5828 WdiServiceHost ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0819 5828 WdiSystemHost ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0819 5828 WdiSystemHost ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0820 5828 WebClient ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0820 5828 WebClient ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0822 5828 Wecsvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0822 5828 Wecsvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0824 5828 wercplsupport ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0824 5828 wercplsupport ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0825 5828 WerSvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0825 5828 WerSvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0826 5828 WfpLwf ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0827 5828 WfpLwf ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0828 5828 WimFltr ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0828 5828 WimFltr ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0829 5828 WIMMount ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0829 5828 WIMMount ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0831 5828 WinDriver6 ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0831 5828 WinDriver6 ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0832 5828 WinHttpAutoProxySvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0832 5828 WinHttpAutoProxySvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0834 5828 Winmgmt ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0834 5828 Winmgmt ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0835 5828 WinRM ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0835 5828 WinRM ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0837 5828 WinUsb ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0837 5828 WinUsb ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0838 5828 Wlansvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0838 5828 Wlansvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0839 5828 wlcrasvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0839 5828 wlcrasvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0841 5828 wlidsvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0841 5828 wlidsvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0842 5828 WmiAcpi ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0842 5828 WmiAcpi ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0845 5828 wmiApSrv ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0845 5828 wmiApSrv ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0845 5828 WMPNetworkSvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0845 5828 WMPNetworkSvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0847 5828 WPCSvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0848 5828 WPCSvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0848 5828 WPDBusEnum ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0848 5828 WPDBusEnum ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0850 5828 ws2ifsl ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0850 5828 ws2ifsl ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0851 5828 WSearch ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0852 5828 WSearch ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0853 5828 WudfPf ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0853 5828 WudfPf ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0854 5828 WUDFRd ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0854 5828 WUDFRd ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0856 5828 wudfsvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0856 5828 wudfsvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0858 5828 WwanSvc ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0858 5828 WwanSvc ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0859 5828 XilinxPC4Driver ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0859 5828 XilinxPC4Driver ( LockedService.Multi.Generic ) - User select action: Skip
19:57:20.0860 5828 YahooAUService ( LockedService.Multi.Generic ) - skipped by user
19:57:20.0860 5828 YahooAUService ( LockedService.Multi.Generic ) - User select action: Skip
19:57:27.0567 1080 Deinitialize success

Vibhor · Nov 5, 2012

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vibhor [Admin rights]
Mode : Scan -- Date : 11/05/2012 19:58:57
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0RT1 +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11052012_02d1958.txt >>
RKreport[1]_S_11052012_02d1958.txt

Vibhor · Nov 5, 2012

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Vibhor [Admin rights]
Mode : Remove -- Date : 11/05/2012 19:59:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0RT1 +++++
--- User ---
[MBR] 98b2113ef826f5b18be4789def9be224
[BSP] 3d08166b18bfc7a96b227f534e974f6f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119232 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289251328 | Size: 335703 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11052012_02d1959.txt >>
RKreport[1]_S_11052012_02d1958.txt ; RKreport[2]_D_11052012_02d1959.txt

Vibhor · Nov 5, 2012

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.04.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vibhor :: MYNEWASUS [administrator]
Protection: Enabled
11/5/2012 8:00:50 PM
mbam-log-2012-11-05 (20-00-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227165
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Broni · Nov 5, 2012

That's better

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Vibhor · Nov 6, 2012

OK here's this, I disabled AntiMalwarebyte, and uninstalled AVG before running Combofix. It created a restore point and everything was good. It restarted the computer on it's own and everything was fine until after the Windows login and password stage ... Combofix opened a Blue window (like DOS) and says "Please Wait.." I left the computer last night like that and it's still like that... should I be concerned?? The top of the window says Administrator: Combofix.

P.S: Also just so you know, I had disabled my wifi connection before running the program

Vibhor · Nov 6, 2012

ComboFix 12-11-05.03 - Vibhor 11/06/2012 10:22:11.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.2601 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\1323752111.bdinstall.bin
c:\programdata\1323887526.bdinstall.bin
c:\users\Vibhor\AppData\Roaming\Microsoft\Windows\Recent\NYIT Email.url
c:\windows\msvcr71.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 15:28 . 2012-11-06 15:28--------d-----w-c:\users\Public\AppData\Local\temp
2012-11-06 15:28 . 2012-11-06 15:28--------d-----w-c:\users\Guest\AppData\Local\temp
2012-11-06 15:28 . 2012-11-06 15:28--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-06 15:19 . 2012-11-06 15:1969000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{098D2970-885C-450A-BAEA-7C385C6D2467}\offreg.dll
2012-11-06 15:17 . 2012-11-06 15:17--------d-----w-c:\windows\SysWow64\drivers\AVG
2012-11-06 00:55 . 2012-11-06 00:55--------d-----w-c:\program files (x86)\Common Files\Adobe
2012-11-04 20:20 . 2012-11-04 20:20--------d-----w-c:\users\Vibhor\AppData\Roaming\Malwarebytes
2012-11-04 20:20 . 2012-11-04 20:20--------d-----w-c:\programdata\Malwarebytes
2012-11-04 20:20 . 2012-11-04 20:20--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 20:20 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-04 20:06 . 2012-11-04 20:06--------d-----w-C:\TDSSKiller_Quarantine
2012-11-04 19:21 . 2012-11-04 19:21--------d-----w-C:\FRST
2012-11-04 18:05 . 2012-11-04 18:05--------d-----w-c:\program files (x86)\ESET
2012-11-04 05:51 . 2012-11-04 05:51--------d-----w-c:\users\Vibhor\AppData\Local\Ubisoft Game Launcher
2012-11-04 05:44 . 2012-11-04 05:44--------d-----w-c:\program files (x86)\Ubisoft
2012-11-04 04:21 . 2012-11-04 04:21--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-11-04 03:20 . 2012-11-04 04:04--------d-----w-c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 04:38 . 2011-12-16 06:32183112----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-09-12 22:19 . 2012-06-28 05:05696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 22:19 . 2011-11-06 03:1973416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DKADGmon"="c:\program files (x86)\Dell V520 Series\DKADGmon.exe" [2012-03-08 947520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Autorun Eater"="c:\program files (x86)\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SonicMasterTray"=c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
"ASUS Screen Saver Protector"=c:\windows\AsScrPro.exe
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-14 36256]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-20 375176]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-03-25 223256]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VC10SecS;Virtual CD v10 Management Service;d:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2010-04-14 144712]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-25 138024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-23 1103976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000Core.job
- c:\users\Vibhor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 23:23]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000UA.job
- c:\users\Vibhor\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 23:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:4970656----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:4970656----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 23:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 23:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 23:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 23:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-25 2188904]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyEtA0AtBtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\n9fxrtoa.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyEtA0AtBtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyEtA0AtBtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyEtA0AtBtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389&q=
FF - user.js: extensions.funmoods.id - F46D040BA89643A2
FF - user.js: extensions.funmoods.instlDay - 15544
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:2:34
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8CUIGnih&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - c40a43a2000000000000002637bd3942
FF - user.js: extensions.incredibar_i.instlDay - 15575
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:33
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8CUIGnih
FF - user.js: extensions.incredibar_i.upn2n - 92824928163079353
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
Toolbar-Locked - (no file)
Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000.ini]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMAuthdService]
"ImagePath"="\"c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmci]
"ImagePath"="\??\c:\windows\system32\drivers\vmci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmkbd]
"ImagePath"="\??\c:\windows\system32\drivers\VMkbd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetAdapter]
"ImagePath"="system32\DRIVERS\vmnetadapter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetBridge]
"ImagePath"="system32\DRIVERS\vmnetbridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetDHCP]
"ImagePath"="c:\windows\system32\vmnetdhcp.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetuserif]
"ImagePath"="\??\c:\windows\system32\drivers\vmnetuserif.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmusb]
"ImagePath"="System32\Drivers\vmusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMUSBArbService]
"ImagePath"="\"c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMware]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMware NAT Service]
"ImagePath"="c:\windows\system32\vmnat.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmx86]
"ImagePath"="\??\c:\windows\system32\drivers\vmx86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vstor2-ws60]
"ImagePath"="\??\c:\program files (x86)\VMware\VMware Workstation\vstor2-ws60.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WimFltr]
"ImagePath"="system32\DRIVERS\wimfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDriver6]
"ImagePath"="system32\drivers\windrvr6.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlcrasvc]
"ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
.
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\XilinxPC4Driver]
"ImagePath"="\SystemRoot\System32\drivers\xpc4drvr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\YahooAUService]
"ImagePath"="\"c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{05AECD5C-5983-4433-AAD9-492D474D60B2}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{2D9CB93B-910D-4F36-A439-5357872DC36E}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{51D18F0F-5E6C-43BA-9D96-23A7888E0AAB}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{62D00B05-5C14-41E5-9A56-1530E074D0CC}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{6D498CDD-56BB-4BC8-8F25-FF1B057F7504}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{6E2F2010-4E58-4D81-B8B5-D7F905FF48DA}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{9736D227-865A-4D73-BF34-95FD567B0366}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{A9B37425-9201-4EE4-9393-7C44C0C2607B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{C1D821EC-2C83-4CA9-8041-09A5E1F3DF1B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{EA8A7A78-2505-4D4C-B252-4CE7AC97DAAC}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-06 10:31:03
ComboFix-quarantined-files.txt 2012-11-06 15:31
.
Pre-Run: 20,665,802,752 bytes free
Post-Run: 20,494,196,736 bytes free
.
- - End Of File - - E8AA979A5FC38D3C2A9B50FC5F6CB647

Broni · Nov 6, 2012

Looks good

Any current issues?

You can reinstall AVG now.

Also:

Running from: d:\downloads\ComboFix.exe

Please move Combofix file to its proper location which is your computer Desktop...

======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Vibhor · Nov 7, 2012

OTL logfile created on: 11/7/2012 9:52:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vibhor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.78 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 64.40% Memory free
7.57 Gb Paging File | 5.88 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 23.37 Gb Free Space | 20.07% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 79.59 Gb Free Space | 24.28% Space Free | Partition Type: NTFS

Computer Name: MYNEWASUS | User Name: Vibhor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/07 19:42:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vibhor\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 21:43:28 | 000,947,520 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/16 01:32:18 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/25 13:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/10/07 16:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
PRC - [2010/04/14 09:09:58 | 000,144,712 | ---- | M] (H+H Software GmbH) -- D:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/07 21:43:28 | 000,947,520 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
MOD - [2011/11/14 02:31:44 | 001,454,080 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKabdrs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2012/02/09 14:13:28 | 000,035,648 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
SRV - [2012/11/01 11:04:58 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012/10/05 09:35:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/19 22:02:23 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/19 22:02:11 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/03/19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/09 14:13:24 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/02/09 14:13:18 | 000,028,992 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/01/22 09:15:32 | 002,230,416 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/12/16 01:32:18 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/01 01:39:16 | 000,272,384 | ---- | M] () [Auto | Running] -- c:\Altera\11.1\quartus\bin64\jtagserver.exe -- (JTAGServer)
SRV - [2011/09/16 13:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/03/25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/14 09:09:58 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- D:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\Windows\SysWow64\drivers\wimmount.sys -- (WIMMount)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/19 22:02:11 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/07 10:31:47 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2012/01/07 10:31:46 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2011/09/16 13:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 13:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/04/25 05:10:50 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/03/25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/03/25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011/03/25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/03/25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/03/25 20:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/03/25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/03/25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/23 05:09:41 | 001,103,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/05 10:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/14 11:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/02 17:49:46 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2010/08/24 04:55:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/11 01:11:25 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/03/25 10:44:42 | 000,223,256 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv1000.sys -- (vdrv1000)
DRV:64bit: - [2009/11/14 00:05:36 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 10:24:30 | 000,024,088 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH10Help.sys -- (HH10Help.sys)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/02/09 13:16:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/09/16 13:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/07/26 15:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWow64\drivers\wimmount.sys -- (WIMMount)

Vibhor · Nov 7, 2012

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv...tBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.p...tBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv...tBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{03891D03-9986-1709-36C1-0845431110FF}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.p...tBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\..\SearchScopes,Backup.Old.DefaultScope = {38D8934C-BFD3-4391-AF81-72C070C6A429}
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\..\SearchScopes,DefaultScope = {03891D03-9986-1709-36C1-0845431110FF}
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\..\SearchScopes\{03891D03-9986-1709-36C1-0845431110FF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vibhor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vibhor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/11/06 10:44:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/03 22:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/05 19:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/06 10:44:38 | 000,000,000 | ---D | M]

[2012/06/26 13:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Extensions
[2011/12/13 16:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/13 16:39:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/07/23 13:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/23 13:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/06/26 12:37:41 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012/07/23 13:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged
[2012/10/30 20:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\n9fxrtoa.default\extensions
[2012/08/10 05:39:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\n9fxrtoa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/01 23:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/01 23:22:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/10/05 09:35:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/12 18:35:55 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/01 23:22:38 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.facebook.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - Extension: Angry Birds = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Facebook Disconnect = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_1\
CHR - Extension: Phone 2 Google Chrome\\u2122 = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\3.3_0\
CHR - Extension: Glossy Blue = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Gmail = C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/05 20:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2533852507-2709772334-1735327317-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9CB93B-910D-4F36-A439-5357872DC36E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D498CDD-56BB-4BC8-8F25-FF1B057F7504}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Vibhor · Nov 7, 2012

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 21:52:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vibhor\Desktop\OTL.exe
[2012/11/07 18:57:03 | 000,000,000 | ---D | C] -- D:\Documents\DSP FALL 2012 NOTES
[2012/11/07 08:45:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/07 08:45:21 | 004,997,488 | R--- | C] (Swearware) -- C:\Users\Vibhor\Desktop\ComboFix.exe
[2012/11/06 14:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver San Francisco
[2012/11/06 11:26:30 | 000,000,000 | ---D | C] -- D:\Documents\Driver San Francisco BLACK-BOX Repack 3.2GB[.Dude]
[2012/11/06 10:46:22 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\AppData\Roaming\ESET
[2012/11/06 10:46:22 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\AppData\Local\ESET
[2012/11/06 10:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/11/06 10:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/11/06 10:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/06 10:17:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/11/05 20:57:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/05 19:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/04 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\AppData\Roaming\Malwarebytes
[2012/11/04 15:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 15:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 15:20:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/04 15:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/04 15:06:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/04 14:21:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/04 13:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/04 01:00:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/04 00:51:05 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\AppData\Local\Ubisoft Game Launcher
[2012/11/04 00:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/11/03 23:21:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/11/03 22:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/11/03 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\AppData\Roaming\Real
[2012/11/03 22:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/11/03 21:22:10 | 000,000,000 | ---D | C] -- C:\Users\Vibhor\Desktop\RAR'
[2012/11/03 20:13:53 | 000,000,000 | ---D | C] -- D:\Documents\Ubisoft
[2011/11/07 18:44:14 | 007,887,120 | ---- | C] (Electronic Arts Inc.) -- C:\Users\Vibhor\shiftdemo.exe
[2011/11/07 18:43:44 | 000,423,184 | ---- | C] (Electronic Arts) -- C:\Users\Vibhor\EASetup.exe
[2011/11/07 18:43:39 | 000,419,088 | ---- | C] (Electronic Arts) -- C:\Users\Vibhor\AutoRun.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 21:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000UA.job
[2012/11/07 19:42:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vibhor\Desktop\OTL.exe
[2012/11/07 17:08:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/07 17:08:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/07 17:05:15 | 000,759,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 17:05:15 | 000,647,042 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 17:05:15 | 000,115,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/07 17:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/07 09:08:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2533852507-2709772334-1735327317-1000Core.job
[2012/11/06 14:14:18 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\Driver San Francisco.lnk
[2012/11/06 11:26:30 | 000,000,095 | ---- | M] () -- D:\Documents\1Click.cfg
[2012/11/06 10:17:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/11/05 20:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/05 20:42:27 | 004,997,488 | R--- | M] (Swearware) -- C:\Users\Vibhor\Desktop\ComboFix.exe
[2012/11/04 18:30:33 | 000,000,512 | ---- | M] () -- C:\Users\Vibhor\Desktop\MBR.dat
[2012/11/04 14:47:43 | 000,002,983 | ---- | M] () -- C:\scu.dat
[2012/11/04 13:00:48 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/03 23:26:47 | 000,073,618 | ---- | M] () -- D:\Documents\cc_20121104_002639.reg
[2012/10/10 21:25:28 | 000,002,497 | ---- | M] () -- C:\Users\Vibhor\Desktop\Google Chrome.lnk
[2012/10/10 21:25:28 | 000,002,374 | ---- | M] () -- C:\Users\Vibhor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/06 14:14:18 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\Driver San Francisco.lnk
[2012/11/06 11:19:49 | 000,000,095 | ---- | C] () -- D:\Documents\1Click.cfg
[2012/11/06 10:17:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/11/05 19:55:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/04 18:30:33 | 000,000,512 | ---- | C] () -- C:\Users\Vibhor\Desktop\MBR.dat
[2012/11/04 14:13:02 | 000,002,983 | ---- | C] () -- C:\scu.dat
[2012/11/04 13:00:48 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/03 23:26:43 | 000,073,618 | ---- | C] () -- D:\Documents\cc_20121104_002639.reg
[2012/07/22 17:12:53 | 000,000,258 | RHS- | C] () -- C:\Users\Vibhor\ntuser.pol
[2012/06/28 23:57:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lexlog.dll
[2012/04/16 12:48:28 | 000,000,016 | -H-- | C] () -- C:\Users\Vibhor\cy0MKJiJqke
[2012/04/16 12:38:12 | 000,000,248 | ---- | C] () -- C:\Users\Vibhor\quartus2.qreg
[2012/04/16 12:20:49 | 000,000,478 | ---- | C] () -- C:\Users\Vibhor\quartus2.ini
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/07 10:59:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 10:59:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 10:59:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/07 10:59:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/07 10:59:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/16 01:32:19 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/16 01:32:14 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/08 10:04:40 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\DKADGQ32comc.dll
[2011/12/02 00:29:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/11/27 12:24:10 | 000,128,512 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/11/27 12:24:10 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/11/22 23:30:46 | 000,772,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/07 18:43:45 | 495,564,644 | ---- | C] () -- C:\Users\Vibhor\Group5.cab
[2011/11/07 18:43:44 | 070,663,579 | ---- | C] () -- C:\Users\Vibhor\Group4.cab
[2011/11/07 18:43:44 | 000,097,459 | ---- | C] () -- C:\Users\Vibhor\Group1.cab
[2011/11/07 18:43:39 | 010,810,880 | R--- | C] () -- C:\Users\Vibhor\autorun.dat
[2011/11/06 10:55:15 | 000,007,666 | ---- | C] () -- C:\Users\Vibhor\AppData\Local\Resmon.ResmonCfg
[2011/11/05 18:18:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/04/25 06:20:44 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/25 06:16:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/04/25 05:10:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 08:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/24 09:46:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012
[2012/05/24 09:45:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TuneUp Software
[2012/08/26 09:04:08 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Virtual CD v10
[2012/05/02 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Asus WebStorage
[2012/02/07 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\AVG
[2011/12/14 15:42:42 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\AVG2012
[2012/07/01 23:22:35 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Babylon
[2012/11/03 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\BitTorrent
[2012/08/22 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\DVDVideoSoft
[2012/05/02 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\EeeStorageUploader
[2012/11/06 10:46:22 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\ESET
[2011/11/09 01:35:58 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\GetRightToGo
[2012/03/05 22:35:45 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\HDI
[2012/04/08 09:19:11 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\hte
[2012/03/06 15:58:13 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Intersil
[2011/12/16 01:13:48 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Leadertech
[2012/05/13 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\LowRateVoip
[2011/11/06 14:26:05 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Need for Speed World
[2011/11/05 18:19:31 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Nuance
[2012/04/08 09:19:12 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Opera
[2012/06/27 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Origin
[2012/03/27 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\PlayFirst
[2011/12/12 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\QuickScan
[2012/07/01 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\R-TT
[2011/12/13 13:10:19 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\SoftGrid Client
[2012/11/04 00:25:17 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Spotify
[2012/06/28 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\SystemRequirementsLab
[2012/04/08 09:19:18 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\TeamViewer
[2012/05/02 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\temp
[2012/04/02 01:08:32 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\TownScape Found Viri
[2011/11/22 23:32:18 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\TP
[2012/04/08 09:19:18 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\TuneUp Software
[2012/08/22 23:49:51 | 000,000,000 | --SD | M] -- C:\Users\Vibhor\AppData\Roaming\Virtual CD v10
[2012/06/25 10:35:02 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\wargaming.net
[2012/01/09 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Windows Live Writer
[2012/05/13 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Xilinx
[2011/11/05 18:19:29 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\Zeon

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC
< End of report >

Vibhor · Nov 7, 2012

I didn't get Extras.txt, should I run again??

Broni · Nov 7, 2012

No.
You didn't say:

Any current issues?

===================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O2:64bit: - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/11/04 14:21:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/16 12:48:28 | 000,000,016 | -H-- | C] () -- C:\Users\Vibhor\cy0MKJiJqke
[2012/05/24 09:46:31 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012
[2012/02/07 21:44:22 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\AVG
[2011/12/14 15:42:42 | 000,000,000 | ---D | M] -- C:\Users\Vibhor\AppData\Roaming\AVG2012
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

5. Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

Solved Win64/Patched.A infection on services.exe

Posts: 35 +0

Posts: 56,041 +516

Attachments

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 35 +0

Posts: 56,041 +516

Similar threads