Inactive No Internet on Win7 normal mode plus it's slow...

[pudgyman]

Hi, thank you in advance for helping me out. My pc is running slow right now and I can't work with it plus I don't have internet. I downloaded some stuff in torrents and some games and I probably had a virus from there. I saw my kaspersky got cut off and is not loading anymore plus a sudden change in speed and booting. I need help badly.

These are the logs as requested by you guys.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paolo :: PAOLO-PC [administrator]

Protection: Enabled

8/9/2012 1:44:08 PM
mbam-log-2012-08-09 (13-44-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212276
Time elapsed: 18 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[pudgyman]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paolo at 16:15:15 on 2012-08-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8096.6345 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Anti-Virus *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ASDR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TCP: DhcpNameServer = 124.106.4.2 124.106.5.2
TCP: Interfaces\{443C4912-4774-42AC-BE70-E97159EC6DF1} : DhcpNameServer = 124.106.5.2 124.106.7.2
TCP: Interfaces\{6416797A-B523-41A1-A24F-C46F3F0A2F47} : DhcpNameServer = 124.106.4.2 124.106.5.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-8 44808]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2011-4-25 365336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-8 655944]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-5-3 2253120]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 381248]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-25 1436424]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
S4 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
S4 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-8-3 654944]
.
=============== Created Last 30 ================
.
2012-08-08 15:58:1169000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1827742F-6583-4701-85CC-3761111152BF}\offreg.dll
2012-08-08 11:09:578917360----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1827742F-6583-4701-85CC-3761111152BF}\mpengine.dll
2012-08-07 16:42:51--------d-----w-C:\Users\Paolo\AppData\Roaming\Malwarebytes
2012-08-07 16:42:4524904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-08-07 16:42:45--------d-----w-C:\ProgramData\Malwarebytes
2012-08-07 16:42:45--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-07 16:38:59--------d-----w-C:\Program Files (x86)\Siber Systems
2012-08-07 16:36:5754072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-08-07 16:36:56958400----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-08-07 16:36:5471064----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-07 16:36:4141224----a-w-C:\Windows\avastSS.scr
2012-08-07 16:36:34--------d-----w-C:\ProgramData\AVAST Software
2012-08-07 16:36:34--------d-----w-C:\Program Files\AVAST Software
2012-08-02 16:57:29654944----a-w-C:\Windows\SysWow64\xsherlock.xem
2012-08-02 16:21:22--------d-----w-C:\Program Files (x86)\Overwolf
2012-08-02 16:14:50--------d-----w-C:\Users\Paolo\AppData\Local\Overwolf
2012-08-02 16:14:35--------d-----w-C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-08-02 16:12:29--------d-----w-C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-27 12:36:49--------d-----w-C:\Windows\System32\appmgmt
2012-07-24 03:09:16--------d-----w-C:\Users\Paolo\AppData\Local\dxhr
2012-07-24 03:00:09--------d-----w-C:\Users\Paolo\AppData\Local\28050
2012-07-23 12:48:33--------d-----w-C:\Users\Paolo\AppData\Roaming\IrfanView
2012-07-19 06:15:10--------d-----w-C:\Program Files\Adobe Premiere Pro CS6
2012-07-19 06:09:11--------d-----w-C:\Users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-19 06:09:02--------d-----w-C:\Program Files (x86)\Adobe Download Assistant
2012-07-16 09:00:34204800----a-w-C:\Windows\System32\unrar64.dll
2012-07-16 09:00:33--------d-----w-C:\Program Files\MPC-HC
.
==================== Find3M ====================
.
2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
2012-06-02 07:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-02 07:15:1236864----a-w-C:\Windows\System32\wuapp.exe
2012-05-31 04:25:12279656------w-C:\Windows\System32\MpSigStub.exe
2011-10-24 07:30:12796520----a-w-C:\Program Files (x86)\QTPlugin.ocx
2011-10-24 07:30:121234808----a-w-C:\Program Files (x86)\QuickTimePlayer.exe
2011-10-24 07:02:288120168----a-w-C:\Program Files (x86)\QuickTimePlayer.dll
2011-10-24 07:02:24370536----a-w-C:\Program Files (x86)\QTUIPanelControl.dll
2011-10-24 07:02:20894824----a-w-C:\Program Files (x86)\QTOControl.dll
2011-10-24 07:02:20821096----a-w-C:\Program Files (x86)\QTOLibrary.dll
2011-10-24 06:28:52421888----a-w-C:\Program Files (x86)\QTTask.exe
2011-10-24 06:28:38561152----a-w-C:\Program Files (x86)\PictureViewer.exe
2011-03-11 01:30:541572864----a-w-C:\Program Files (x86)\ResDLL.dll
2011-03-10 07:53:0298304----a-w-C:\Program Files (x86)\EIO.dll
2011-02-25 11:22:5877824----a-w-C:\Program Files (x86)\ASUSRC.dll
2010-11-11 14:30:5053760----a-w-C:\Program Files (x86)\ResetDiver.exe
2010-04-27 12:55:4228672----a-w-C:\Program Files (x86)\InitSD.exe
2010-03-04 10:49:5833280----a-w-C:\Program Files (x86)\IOMap.sys
2010-02-22 07:46:3623680----a-w-C:\Program Files (x86)\IOMap64.sys
2009-08-21 01:48:1244032----a-w-C:\Program Files (x86)\2dpainting.exe
2009-07-30 03:16:5216384----a-w-C:\Program Files (x86)\EIO64_xp.sys
2009-07-30 03:15:5414336----a-w-C:\Program Files (x86)\EIO_xp.sys
2009-07-22 02:34:5414336----a-w-C:\Program Files (x86)\EIO.sys
2009-07-22 02:34:4416384----a-w-C:\Program Files (x86)\EIO64.sys
2009-06-30 15:35:262741248----a-w-C:\Program Files (x86)\QtCore4.dll
2009-02-26 08:31:20613376----a-w-C:\Program Files (x86)\QtOpenGL4.dll
2009-02-26 08:23:2611448320----a-w-C:\Program Files (x86)\QtGui4.dll
2008-11-12 14:08:42188416----a-w-C:\Program Files (x86)\atipdlxx2543.dll
2007-10-05 07:53:3257344----a-w-C:\Program Files (x86)\xgctl.dll
2007-05-24 13:53:14139264----a-w-C:\Program Files (x86)\atipdlxx.dll
2006-02-22 07:11:12163840----a-w-C:\Program Files (x86)\atistclk.dll
2006-01-04 07:01:52110592----a-w-C:\Program Files (x86)\R5ClkLib.dll
2005-12-22 08:34:1298304----a-w-C:\Program Files (x86)\AiPanelUtilityDLL.dll
2005-12-07 23:23:1620480----a-w-C:\Program Files (x86)\HyperDrive.exe
2005-10-20 01:35:1015872----a-w-C:\Program Files (x86)\atikia64.sys
2005-10-20 01:34:027680----a-w-C:\Program Files (x86)\atillk64.sys
2005-10-20 01:29:025376----a-w-C:\Program Files (x86)\atidgllk.sys
2005-09-09 00:32:1853248----a-w-C:\Program Files (x86)\nvgpio.dll
2004-10-28 09:23:3812451----a-w-C:\Program Files (x86)\EIO.VXD
2003-06-23 05:17:5865536----a-w-C:\Program Files (x86)\2DTEST.EXE
2003-03-19 03:14:00499712----a-w-C:\Program Files (x86)\msvcp71.dll
2003-02-21 12:42:22348160----a-w-C:\Program Files (x86)\msvcr71.dll
2002-08-28 18:41:08401462----a-w-C:\Program Files (x86)\msvcp60.dll
2002-01-05 23:43:501310720----a-w-C:\Program Files (x86)\SmartDoctor.exe
1999-08-21 04:21:007869----a-w-C:\Program Files (x86)\Idlehlt.vxd
.
============= FINISH: 16:16:15.60 ===============

 

[pudgyman]

Seems there is a problem posting my gmer file... may I upload it.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

If GMER log is huge...
Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

I still need Attach.txt part of DDS.

You're running two AV programs, Avast and Kaspersky.
You must uninstall one of them.

 

[pudgyman]

http://www.uploadmb.com/dw.php?id=1344578211 - gmer log

I'll get back on the attach.txt part of the dds as I'm running on safe mode right now.

The kaspersky I can't uninstall or repair for some reason and it's no longer working. Should I uninstall avast instead?

 

[pudgyman]

Attach.txt from dds

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/11/2012 12:56:24 PM
System Uptime: 8/10/2012 2:02:11 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | MAXIMUS IV GENE-Z/GEN3
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz | LGA1155 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 247 GiB total, 70.013 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free.
K: is FIXED (NTFS) - 219 GiB total, 150.932 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05\3&11583659&0&FB
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&108ABD8A&0&00E4
Service:
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_1C3A&SUBSYS_844D1043&REV_04\3&11583659&0&B0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&87D54EE&0&00E5
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&87D54EE&0&00E5
Service:
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Standard VGA Graphics Adapter
Device ID: PCI\VEN_8086&DEV_0102&SUBSYS_844D1043&REV_09\3&11583659&0&10
Manufacturer: (Standard display types)
Name: Standard VGA Graphics Adapter
PNP Device ID: PCI\VEN_8086&DEV_0102&SUBSYS_844D1043&REV_09\3&11583659&0&10
Service: vga
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe After Effects CS5.5
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Illustrator CS5.1
Adobe Photoshop CS5
Apple Application Support
Apple Software Update
ASUS Smart Doctor
Autodesk Backburner 2011.0.0
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
avast! Free Antivirus
Batman Arkham City version 1.0
CBR Reader
Geeks3D.com FurMark 1.10.0
Google Chrome
Kaspersky Anti-Virus 2011
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PDF Settings CS5
Pen Tablet
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Trapcode Suite 64-bit
VLC media player 1.1.11
Wings 3D 1.4.1
WinRAR archiver
ZBrush 4R2
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 2:24:16 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/9/2012 1:46:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/9/2012 1:24:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/9/2012 1:07:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
8/8/2012 9:50:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2012 7:28:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/8/2012 7:28:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2012 4:47:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/8/2012 4:47:11 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2012 4:47:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/8/2012 4:40:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Anti-Virus Service service to connect.
8/8/2012 4:40:13 PM, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2012 4:38:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit service to connect.
8/8/2012 12:38:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/8/2012 12:35:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
8/8/2012 12:35:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2012 12:16:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache KLIF spldr Wanarpv6
8/8/2012 12:11:26 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
8/8/2012 12:06:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
8/8/2012 12:04:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
8/8/2012 10:53:49 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/8/2012 10:43:47 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/8/2012 1:33:01 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: Error performing inpage operation.
8/7/2012 7:57:41 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
8/7/2012 7:56:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/7/2012 7:54:19 PM, Error: Service Control Manager [7023] - The Network Connections service terminated with the following error: Network Connections is not a valid Win32 application.
8/7/2012 7:46:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.
8/7/2012 7:44:24 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/7/2012 7:42:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/7/2012 7:42:19 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Error performing inpage operation.
8/7/2012 7:41:38 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
8/7/2012 7:40:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
8/7/2012 7:40:42 PM, Error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 7:40:39 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The request could not be performed because of an I/O device error.
8/7/2012 7:39:49 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 7:34:43 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 7:14:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/7/2012 7:14:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/7/2012 7:14:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache kl2 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 7:14:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/7/2012 6:40:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {8F5DF053-3013-4DD8-B5F4-88214E81C0CF}
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 6:30:33 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 6:30:32 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 6:27:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
8/7/2012 6:27:47 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 5:24:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
8/7/2012 5:24:13 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/7/2012 5:23:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/7/2012 4:48:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
8/7/2012 4:47:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2012 4:46:08 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2012 4:45:56 PM, Error: Service Control Manager [7023] - The Windows Font Cache Service service terminated with the following error: Error performing inpage operation.
8/7/2012 4:42:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/7/2012 12:00:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.
8/7/2012 11:29:08 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
8/7/2012 11:05:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Stereoscopic 3D Driver Service service to connect.
8/7/2012 11:05:22 PM, Error: Service Control Manager [7000] - The NVIDIA Stereoscopic 3D Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2012 6:03:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/4/2012 2:35:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/4/2012 2:35:24 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/4/2012 2:35:24 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
8/3/2012 5:44:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/3/2012 5:44:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/10/2012 2:11:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:11:10 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/10/2012 2:11:09 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/10/2012 2:07:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
8/10/2012 2:07:51 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/10/2012 2:04:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
8/10/2012 2:04:37 PM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
8/10/2012 1:54:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2012 1:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/10/2012 1:54:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/10/2012 1:54:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/10/2012 1:54:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/10/2012 1:53:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/10/2012 1:52:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache KLIF spldr Wanarpv6
.
==== End Of File ===========================

 

[Broni]

As for Kaspersky try this uninstaller: http://support.kaspersky.com/faq/?qid=208279463

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[pudgyman]

Hi, I have a new problem. After uninstalling kaspersky I'm always booting up with system recovery repair then it says it can't repair it. The log says kdcom is corrupted or something in the log. I can't go past it. I also can't access safe mode. I'm using a laptop right now.

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[pudgyman]

This is frst.txt

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 13-08-2012 21:25:17
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKU\Paolo\...\Run: [AdobeBridge] [x]
HKU\Paolo\...\Run: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-03] (Google Inc.)
HKLM-x32\...\RunOnce: [UnKIS] wscript.exe //b C:\Users\Paolo\AppData\Local\Temp\UnKIS.vbs [4326 2012-08-10] ()
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 124.106.4.2 124.106.5.2

==================== Services (Whitelisted) ======

2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-26] ()
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
2 mi-raysat_3dsmax2011_64; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" [86016 2010-03-09] ()
2 PSI_SVC_2_x64; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [336824 2010-11-29] (arvato digital services llc)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
1 EIO64; C:\Windows\System32\Drivers\EIO64.sys [16384 2012-05-07] (ASUSTeK Computer Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
4 xsherlock; C:\Windows\system32\xsherlock.xem [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-13 21:25 - 2012-08-13 21:25 - 00000000 ____D C:\FRST
2012-08-10 08:45 - 2012-08-10 09:13 - 01813429 ____A C:\Users\Paolo\Desktop\kavremvr 2012-08-11 00-45-03 (pid 1980).log
2012-08-10 08:44 - 2012-07-31 06:28 - 03887544 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Desktop\kavremover.exe
2012-08-10 08:42 - 2012-08-10 08:43 - 04731392 ____A (AVAST Software) C:\Users\Paolo\Desktop\aswMBR.exe
2012-08-10 08:39 - 2012-08-10 08:40 - 01845728 ____A C:\Users\Paolo\Desktop\kavremover.zip
2012-08-10 08:39 - 2012-08-10 08:39 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Paolo\Desktop\rkill.exe
2012-08-09 00:35 - 2012-08-09 00:35 - 01439705 ____A (Farbar) C:\Users\Paolo\Downloads\FRST64.exe
2012-08-09 00:31 - 2012-08-09 00:33 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Downloads\tdsskiller.exe
2012-08-08 21:23 - 2012-08-08 21:23 - 00007748 ____A C:\Users\Paolo\Desktop\FIRST STEP TO FREE YOURSELF.txt
2012-08-08 21:20 - 2012-08-08 21:20 - 00066677 ____A C:\Users\Paolo\Downloads\ECC9.tmp
2012-08-08 21:17 - 2012-08-08 21:18 - 02721168 ____A (Microsoft Corporation) C:\Users\Paolo\Downloads\Windows7-USB-DVD-tool.exe
2012-08-08 21:16 - 2012-08-08 21:16 - 00004143 ____A C:\Users\Paolo\Downloads\JeffsBrowser.zip
2012-08-08 21:16 - 2010-01-28 22:27 - 00020480 ____A (McKesson Corp) C:\Users\Paolo\Desktop\JeffsBrowser.exe
2012-08-08 21:15 - 2012-08-08 21:15 - 00066783 ____A C:\Users\Paolo\Downloads\9E68.tmp
2012-08-08 21:08 - 2012-08-08 21:08 - 00607260 ____R (Swearware) C:\Users\Paolo\Desktop\dds.com
2012-08-08 21:07 - 2012-08-08 22:05 - 00000000 ____D C:\Users\Paolo\Desktop\gmer
2012-08-07 23:36 - 2012-08-07 23:36 - 00183158 ____A C:\Users\Paolo\Downloads\lspfix.zip
2012-08-07 21:15 - 2012-08-10 09:17 - 00000000 ____D C:\Users\Paolo\Desktop\hjt
2012-08-07 21:10 - 2012-08-07 21:10 - 01402880 ____A C:\Users\Paolo\Downloads\HiJackThis.msi
2012-08-07 20:04 - 2012-08-08 00:34 - 00001518 ____A C:\Windows\PFRO.log
2012-08-07 08:42 - 2012-08-07 08:42 - 00001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\Malwarebytes
2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-07 08:42 - 2012-08-07 08:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-07 08:42 - 2012-07-02 21:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-07 08:38 - 2012-08-07 08:38 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2012-08-07 08:37 - 2012-08-07 08:41 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Paolo\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-07 08:37 - 2012-08-07 08:37 - 00001931 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-07 08:37 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-07 08:37 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-07 08:36 - 2012-08-07 08:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-07 08:36 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-07 08:36 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-07 08:36 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-07 08:36 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-07 08:36 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-07 08:36 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-07 08:36 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-07 08:21 - 2012-08-07 08:36 - 89340632 ____A C:\Users\Paolo\Downloads\avast_free_antivirus_setup.exe
2012-08-07 07:40 - 2012-08-07 07:40 - 00000000 ____A C:\Users\Paolo\Downloads\E670.tmp
2012-08-07 07:04 - 2012-08-07 07:04 - 00292344 ____A C:\Windows\Minidump\080712-82742-01.dmp
2012-08-07 03:50 - 2012-08-07 07:04 - 324444527 ____A C:\Windows\MEMORY.DMP
2012-08-07 03:50 - 2012-08-07 03:50 - 00304592 ____A C:\Windows\Minidump\080712-112632-01.dmp
2012-08-07 02:32 - 2012-08-10 02:04 - 00000728 ____A C:\Windows\setupact.log
2012-08-07 02:32 - 2012-08-07 02:32 - 00000000 ____A C:\Windows\setuperr.log
2012-08-03 07:36 - 2012-08-03 08:06 - 224712607 ____A C:\Users\Paolo\Downloads\FL Studio 10.7z
2012-08-02 17:00 - 2012-08-02 17:00 - 00002463 ____A C:\Users\Paolo\Desktop\Google Chrome.lnk
2012-08-02 08:57 - 2012-08-02 08:57 - 00654944 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
2012-08-02 08:21 - 2012-08-07 01:36 - 00000000 ____D C:\Program Files (x86)\Overwolf
2012-08-02 08:14 - 2012-08-02 08:29 - 00000000 ____D C:\Users\Paolo\AppData\Local\Overwolf
2012-08-02 08:14 - 2012-08-02 08:14 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-07-30 02:51 - 2012-07-30 02:51 - 00001101 ____A C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
2012-07-27 04:41 - 2012-07-27 08:13 - 1608371797 ____A C:\Users\Paolo\Downloads\autodesk_maya_2011_hotfix3_win_64bit.exe
2012-07-27 04:36 - 2012-07-30 02:41 - 00000000 ____D C:\Windows\System32\appmgmt
2012-07-26 18:07 - 2012-07-26 18:09 - 06054881 ____A C:\Users\Paolo\Downloads\My_Brush_Pack_by_adonihs.zip
2012-07-26 02:12 - 2012-07-26 02:12 - 00000000 ____A C:\Users\Paolo\Downloads\LATHE.JPG.crdownload
2012-07-23 19:09 - 2012-08-02 04:09 - 00000000 ____D C:\Users\Paolo\AppData\Local\dxhr
2012-07-23 19:00 - 2012-07-23 19:00 - 00000000 ____D C:\Users\Paolo\AppData\Local\28050
2012-07-23 04:48 - 2012-07-23 08:45 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\IrfanView
2012-07-23 04:46 - 2012-07-23 04:46 - 01539072 ____A (Irfan Skiljan) C:\Users\Paolo\Downloads\iview433_setup.exe
2012-07-19 22:49 - 2012-07-19 22:50 - 02032703 ____A C:\Users\Paolo\Downloads\iPod ad - Technologic.mp4
2012-07-19 22:46 - 2012-07-19 23:10 - 02386941 ____A C:\Users\Paolo\Downloads\06 - iPod 4G - Walkie Talkie Man.mp4
2012-07-19 07:25 - 2012-07-19 07:25 - 00030459 ____A C:\Users\Paolo\Downloads\ufonts.com_gill_sans-bold.ttf
2012-07-19 07:21 - 2012-07-19 07:21 - 00052367 ____A C:\Users\Paolo\Downloads\ufonts.com_gillsans.ttf
2012-07-19 07:09 - 2012-07-19 07:09 - 00000000 ____D C:\Users\Paolo\Desktop\Marvel Comics - Infinity Sagas (Guantlet, War, Crusade, Abyss & The End) - Complete
2012-07-19 03:40 - 2012-07-30 06:52 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\Media Player Classic
2012-07-18 22:15 - 2012-07-18 22:19 - 00000000 ____D C:\Program Files\Adobe Premiere Pro CS6
2012-07-18 22:09 - 2012-07-18 22:09 - 00000000 ____D C:\Users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-18 22:09 - 2012-07-18 22:09 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-07-18 22:07 - 2012-07-18 22:07 - 02500792 ____A C:\Users\Paolo\Downloads\AdobeDownloadAssistant.exe
2012-07-16 07:46 - 2012-07-16 07:47 - 02077226 ____A C:\Users\Paolo\Downloads\pap.rar
2012-07-16 01:00 - 2012-07-16 01:00 - 00000000 ____D C:\Program Files\MPC-HC
2012-07-16 01:00 - 2012-05-25 20:36 - 00204800 ____A C:\Windows\System32\unrar64.dll
2012-07-16 00:57 - 2012-07-16 00:58 - 06401754 ____A (MPC-HC Team ) C:\Users\Paolo\Downloads\mplayerc_homecinema.1.6.2.4902.x64.exe

============ 3 Months Modified Files ========================

2012-08-10 09:13 - 2012-08-10 08:45 - 01813429 ____A C:\Users\Paolo\Desktop\kavremvr 2012-08-11 00-45-03 (pid 1980).log
2012-08-10 08:43 - 2012-08-10 08:42 - 04731392 ____A (AVAST Software) C:\Users\Paolo\Desktop\aswMBR.exe
2012-08-10 08:40 - 2012-08-10 08:39 - 01845728 ____A C:\Users\Paolo\Desktop\kavremover.zip
2012-08-10 08:39 - 2012-08-10 08:39 - 01118624 ____A (Bleeping Computer, LLC) C:\Users\Paolo\Desktop\rkill.exe
2012-08-10 05:12 - 2012-06-26 07:55 - 01161101 ____A C:\Windows\WindowsUpdate.log
2012-08-10 04:59 - 2012-05-03 02:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717066741-4032231883-1466426073-1000UA.job
2012-08-10 02:16 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 02:15 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 02:04 - 2012-08-07 02:32 - 00000728 ____A C:\Windows\setupact.log
2012-08-10 02:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 22:11 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-09 00:35 - 2012-08-09 00:35 - 01439705 ____A (Farbar) C:\Users\Paolo\Downloads\FRST64.exe
2012-08-09 00:33 - 2012-08-09 00:31 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Downloads\tdsskiller.exe
2012-08-08 21:23 - 2012-08-08 21:23 - 00007748 ____A C:\Users\Paolo\Desktop\FIRST STEP TO FREE YOURSELF.txt
2012-08-08 21:20 - 2012-08-08 21:20 - 00066677 ____A C:\Users\Paolo\Downloads\ECC9.tmp
2012-08-08 21:18 - 2012-08-08 21:17 - 02721168 ____A (Microsoft Corporation) C:\Users\Paolo\Downloads\Windows7-USB-DVD-tool.exe
2012-08-08 21:16 - 2012-08-08 21:16 - 00004143 ____A C:\Users\Paolo\Downloads\JeffsBrowser.zip
2012-08-08 21:15 - 2012-08-08 21:15 - 00066783 ____A C:\Users\Paolo\Downloads\9E68.tmp
2012-08-08 21:08 - 2012-08-08 21:08 - 00607260 ____R (Swearware) C:\Users\Paolo\Desktop\dds.com
2012-08-08 00:34 - 2012-08-07 20:04 - 00001518 ____A C:\Windows\PFRO.log
2012-08-07 23:36 - 2012-08-07 23:36 - 00183158 ____A C:\Users\Paolo\Downloads\lspfix.zip
2012-08-07 21:10 - 2012-08-07 21:10 - 01402880 ____A C:\Users\Paolo\Downloads\HiJackThis.msi
2012-08-07 20:01 - 2012-05-03 02:49 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1717066741-4032231883-1466426073-1000Core.job
2012-08-07 08:42 - 2012-08-07 08:42 - 00001122 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 08:41 - 2012-08-07 08:37 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Paolo\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-07 08:37 - 2012-08-07 08:37 - 00001931 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-07 08:36 - 2012-08-07 08:36 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-08-07 08:36 - 2012-08-07 08:36 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-07 08:36 - 2012-08-07 08:21 - 89340632 ____A C:\Users\Paolo\Downloads\avast_free_antivirus_setup.exe
2012-08-07 07:40 - 2012-08-07 07:40 - 00000000 ____A C:\Users\Paolo\Downloads\E670.tmp
2012-08-07 07:04 - 2012-08-07 07:04 - 00292344 ____A C:\Windows\Minidump\080712-82742-01.dmp
2012-08-07 07:04 - 2012-08-07 03:50 - 324444527 ____A C:\Windows\MEMORY.DMP
2012-08-07 03:50 - 2012-08-07 03:50 - 00304592 ____A C:\Windows\Minidump\080712-112632-01.dmp
2012-08-07 02:32 - 2012-08-07 02:32 - 00000000 ____A C:\Windows\setuperr.log
2012-08-05 14:07 - 2009-07-13 21:13 - 00778730 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 08:06 - 2012-08-03 07:36 - 224712607 ____A C:\Users\Paolo\Downloads\FL Studio 10.7z
2012-08-02 17:00 - 2012-08-02 17:00 - 00002463 ____A C:\Users\Paolo\Desktop\Google Chrome.lnk
2012-08-02 08:57 - 2012-08-02 08:57 - 00654944 ____A (Wellbia.com Co., Ltd.) C:\Windows\SysWOW64\xsherlock.xem
2012-07-31 06:28 - 2012-08-10 08:44 - 03887544 ____A (Kaspersky Lab ZAO) C:\Users\Paolo\Desktop\kavremover.exe
2012-07-30 21:02 - 2012-05-06 08:39 - 00001456 ____A C:\Users\Paolo\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-30 02:51 - 2012-07-30 02:51 - 00001101 ____A C:\Users\Public\Desktop\Autodesk Maya 2011 64-bit.lnk
2012-07-27 08:13 - 2012-07-27 04:41 - 1608371797 ____A C:\Users\Paolo\Downloads\autodesk_maya_2011_hotfix3_win_64bit.exe
2012-07-27 04:24 - 2012-05-29 23:26 - 00007603 ____A C:\Users\Paolo\AppData\Local\Resmon.ResmonCfg
2012-07-26 18:09 - 2012-07-26 18:07 - 06054881 ____A C:\Users\Paolo\Downloads\My_Brush_Pack_by_adonihs.zip
2012-07-26 02:12 - 2012-07-26 02:12 - 00000000 ____A C:\Users\Paolo\Downloads\LATHE.JPG.crdownload
2012-07-23 04:46 - 2012-07-23 04:46 - 01539072 ____A (Irfan Skiljan) C:\Users\Paolo\Downloads\iview433_setup.exe
2012-07-19 23:10 - 2012-07-19 22:46 - 02386941 ____A C:\Users\Paolo\Downloads\06 - iPod 4G - Walkie Talkie Man.mp4
2012-07-19 22:50 - 2012-07-19 22:49 - 02032703 ____A C:\Users\Paolo\Downloads\iPod ad - Technologic.mp4
2012-07-19 20:18 - 2009-07-13 20:45 - 04920432 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-19 14:48 - 2012-02-11 04:36 - 00090808 ____A C:\Users\Paolo\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-19 07:25 - 2012-07-19 07:25 - 00030459 ____A C:\Users\Paolo\Downloads\ufonts.com_gill_sans-bold.ttf
2012-07-19 07:21 - 2012-07-19 07:21 - 00052367 ____A C:\Users\Paolo\Downloads\ufonts.com_gillsans.ttf
2012-07-18 22:07 - 2012-07-18 22:07 - 02500792 ____A C:\Users\Paolo\Downloads\AdobeDownloadAssistant.exe
2012-07-16 07:47 - 2012-07-16 07:46 - 02077226 ____A C:\Users\Paolo\Downloads\pap.rar
2012-07-16 00:58 - 2012-07-16 00:57 - 06401754 ____A (MPC-HC Team ) C:\Users\Paolo\Downloads\mplayerc_homecinema.1.6.2.4902.x64.exe
2012-07-06 00:16 - 2012-07-06 00:15 - 08698259 ____A C:\Users\Paolo\Downloads\Zbrush(Fixing symmetry) (1).mp4
2012-07-03 08:21 - 2012-08-07 08:37 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-07 08:37 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-07 08:36 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-07 08:36 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-07 08:36 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-08-07 08:36 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-07 08:36 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-08-07 08:36 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-08-07 08:36 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-02 21:46 - 2012-08-07 08:42 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 01:44 - 2012-05-28 09:05 - 00000132 ____A C:\Users\Paolo\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-06-24 18:55 - 2012-06-24 18:55 - 00729143 ____A C:\Users\Paolo\Downloads\bolted trusses.3ds
2012-06-19 20:57 - 2012-06-19 20:57 - 00000132 ____A C:\Users\Paolo\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2012-06-16 06:19 - 2012-06-16 06:19 - 01072102 ____A (cbrreader.com ) C:\Users\Paolo\Downloads\cbrreader_setup.exe
2012-06-14 08:47 - 2012-06-14 08:25 - 160713285 ____A C:\Users\Paolo\Downloads\Adobe Audition CS5.5.exe
2012-06-05 05:31 - 2012-06-05 05:31 - 00000108 ____A C:\VRSpawner.log
2012-06-05 05:31 - 2012-06-05 05:18 - 00000015 ____A C:\Program Files\plugin.ini
2012-06-05 04:56 - 2012-06-05 04:56 - 00001983 ____A C:\Users\Public\Desktop\Autodesk 3ds Max 2011 64-bit.lnk
2012-06-05 04:52 - 2009-07-13 18:34 - 00017588 ____A C:\Windows\System32\Drivers\etc\services
2012-06-02 14:19 - 2012-06-20 17:41 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 17:41 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 17:41 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 17:41 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 17:41 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 17:41 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 17:41 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 23:19 - 2012-06-20 17:41 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:15 - 2012-06-20 17:41 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 19:18 - 2012-06-01 18:04 - 180640053 ____A C:\Users\Paolo\Desktop\Phase 1 -- Start It Up.mp4
2012-05-31 20:59 - 2012-05-31 20:58 - 08420980 ____A C:\Users\Paolo\Downloads\2.rar
2012-05-31 20:57 - 2012-05-31 20:56 - 08195341 ____A C:\Users\Paolo\Downloads\1.rar
2012-05-30 20:25 - 2012-05-05 07:48 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-30 07:25 - 2012-05-30 07:08 - 111941779 ____A C:\Users\Paolo\Downloads\TCSuite_Win_Full.zip
2012-05-30 06:12 - 2012-05-30 06:11 - 02480268 ____A C:\Users\Paolo\Downloads\opticalflares.rar
2012-05-28 07:43 - 2012-05-28 07:43 - 00154572 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-28 01:38 - 2012-05-28 01:36 - 18644826 ____A C:\Users\Paolo\Downloads\UVMaster_WIN_4.0.zip
2012-05-25 20:36 - 2012-07-16 01:00 - 00204800 ____A C:\Windows\System32\unrar64.dll
2012-05-24 22:06 - 2012-05-23 19:57 - 975385425 ____A C:\Users\Paolo\Downloads\Zbrush For Character Artists.7z
2012-05-23 01:19 - 2012-05-23 01:17 - 09098180 ____A C:\Users\Paolo\Downloads\wings-1.4.1.exe
2012-05-22 20:35 - 2012-05-22 20:35 - 00252912 ____A C:\Users\Paolo\Downloads\RT_Industr_033.zip
2012-05-22 20:34 - 2012-05-22 20:34 - 01322008 ____A C:\Users\Paolo\Downloads\RT_Industr_006.zip
2012-05-22 20:29 - 2012-05-22 20:29 - 01258050 ____A C:\Users\Paolo\Downloads\InkComic_material.zip
2012-05-22 19:29 - 2012-05-22 19:29 - 00436687 ____A C:\Users\Paolo\Downloads\TransposeMaster_4_12-04.zip
2012-05-19 03:35 - 2012-05-19 03:35 - 00001171 ____A C:\Users\Paolo\Desktop\TLR.exe.lnk
2012-05-17 02:22 - 2012-05-17 02:20 - 08698259 ____A C:\Users\Paolo\Downloads\Zbrush(Fixing symmetry).mp4
2012-05-16 23:40 - 2012-05-14 02:09 - 00002170 ____A C:\Users\Public\Desktop\ZBrush 4R3.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8096.39 MB
Available physical RAM: 7298.34 MB
Total Pagefile: 8094.54 MB
Available Pagefile: 7295 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Caldereta) (Fixed) (Total:246.66 GB) (Free:70.03 GB) NTFS
2 Drive e: (Karekare) (Fixed) (Total:219 GB) (Free:150.93 GB) NTFS
3 Drive f: (FLASH DRIVE) (Removable) (Total:14.42 GB) (Free:13.89 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 246 GB 101 MB
Partition 3 Primary 218 GB 246 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Caldereta NTFS Partition 246 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Karekare NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASH DRIVE FAT32 Removable 14 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-23 22:03

======================= End Of Log ==========================

search.txt

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-13 21:31:13
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

 

[pudgyman]

It's still not booting up right... before the fix though, it booted up normally but it's really slow.

 

[Broni]

Are you getting any error message?
Can you boot to safe mode?

 

[pudgyman]

I managed to get by to normal mode again after three or so tries. It's very slow, minutes in booting and while it's running it's very erratic. Usually when it says it's broken and repairing something I see kdcom.dll is broken in the logs. I ran the rkill and am now running aswmbr right now cause I'm exploiting the chance it's running. I have yet to check to check if I can go back to safe mode. Should I still post those logs from rkill and aswmbr?

 

[Broni]

Go ahead....

 

[pudgyman]

++Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/14/2012 11:47:08 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\System32\svchost.exe (PID: 932) [WD-HEUR]
* C:\Windows\System32\svchost.exe (PID: 964) [WD-HEUR]
* C:\Windows\System32\spoolsv.exe (PID: 1620) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Paolo\Desktop\rkill-backup\rkill-08-15-2012-12-29-42.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\explorer.exe [NoSig]
* C:\Windows\System32\appmgmts.dll [NoSig]
* C:\Windows\System32\browser.dll [NoSig]
* C:\Windows\System32\cngaudit.dll [NoSig]
* C:\Windows\System32\comctl32.dll [NoSig]
* C:\Windows\System32\comres.dll [NoSig]
* C:\Windows\System32\conhost.exe [NoSig]
* C:\Windows\System32\cryptsvc.dll [NoSig]
* C:\Windows\System32\csrss.exe [NoSig]
* C:\Windows\System32\ctfmon.exe [NoSig]
* C:\Windows\System32\d3d9.dll [NoSig]
* C:\Windows\System32\ddraw.dll [NoSig]
* C:\Windows\System32\dllhost.exe [NoSig]
* C:\Windows\System32\dsound.dll [NoSig]
* C:\Windows\System32\dwm.exe [NoSig]
* C:\Windows\System32\es.dll [NoSig]
* C:\Windows\System32\hnetcfg.dll [NoSig]
* C:\Windows\System32\ias.dll [NoSig]
* C:\Windows\System32\imm32.dll [NoSig]
* C:\Windows\System32\kernel32.dll [NoSig]
* C:\Windows\System32\ksuser.dll [NoSig]
* C:\Windows\System32\linkinfo.dll [NoSig]
* C:\Windows\System32\lpk.dll [NoSig]
* C:\Windows\System32\lsass.exe [NoSig]
* C:\Windows\System32\lsm.exe [NoSig]
* C:\Windows\System32\midimap.dll [NoSig]
* C:\Windows\System32\mshtml.dll [NoSig]
* C:\Windows\System32\msvcrt.dll [NoSig]
* C:\Windows\System32\mswsock.dll [NoSig]
* C:\Windows\System32\netlogon.dll [NoSig]
* C:\Windows\System32\netman.dll [NoSig]
* C:\Windows\System32\ole32.dll [NoSig]
* C:\Windows\System32\perfctrs.dll [NoSig]
* C:\Windows\System32\powrprof.dll [NoSig]
* C:\Windows\System32\qmgr.dll [NoSig]
* C:\Windows\System32\rasadhlp.dll [NoSig]
* C:\Windows\System32\regsvc.dll [NoSig]
* C:\Windows\System32\rpcss.dll [NoSig]
* C:\Windows\System32\scecli.dll [NoSig]
* C:\Windows\System32\schedsvc.dll [NoSig]
* C:\Windows\System32\services.exe [NoSig]
* C:\Windows\System32\sfc.dll [NoSig]
* C:\Windows\System32\shsvcs.dll [NoSig]
* C:\Windows\System32\smss.exe [NoSig]
* C:\Windows\System32\spoolsv.exe [NoSig]
* C:\Windows\System32\ssdpsrv.dll [NoSig]
* C:\Windows\System32\svchost.exe [NoSig]
* C:\Windows\System32\tapisrv.dll [NoSig]
* C:\Windows\System32\taskeng.exe [NoSig]
* C:\Windows\System32\taskhost.exe [NoSig]
* C:\Windows\System32\termsrv.dll [NoSig]
* C:\Windows\System32\upnphost.dll [NoSig]
* C:\Windows\System32\user32.dll [NoSig]
* C:\Windows\System32\userinit.exe [NoSig]
* C:\Windows\System32\usp10.dll [NoSig]
* C:\Windows\System32\version.dll [NoSig]
* C:\Windows\System32\w32time.dll [NoSig]
* C:\Windows\System32\wiaservc.dll [NoSig]
* C:\Windows\System32\wininet.dll [NoSig]
* C:\Windows\System32\wininit.exe [NoSig]
* C:\Windows\System32\winlogon.exe [NoSig]
* C:\Windows\System32\ws2_32.dll [NoSig]
* C:\Windows\System32\ws2help.dll [NoSig]
* C:\Windows\System32\drivers\asyncmac.sys [NoSig]
* C:\Windows\System32\Drivers\asyncmac.sys [NoSig]
* C:\Windows\System32\drivers\beep.sys [NoSig]
* C:\Windows\System32\Drivers\beep.sys [NoSig]
* C:\Windows\System32\drivers\null.sys [NoSig]
* C:\Windows\System32\Drivers\null.sys [NoSig]
* C:\Windows\System32\drivers\tdx.sys [NoSig]
* C:\Windows\System32\wbem\wmiprvse.exe [NoSig]

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/15/2012 12:58:47 AM
Execution time: 1 hours(s), 11 minute(s), and 39 seconds(s)

 

[pudgyman]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 01:23:35
-----------------------------
01:23:35.951 OS Version: Windows x64 6.1.7601 Service Pack 1
01:23:35.951 Number of processors: 4 586 0x2A07
01:23:35.951 ComputerName: PAOLO-PC UserName: Paolo
01:23:38.244 Initialze error C0000043 - driver not loaded
01:23:41.676 AVAST engine defs: 12080801
01:35:20.182 Service scanning
01:36:11.615 Modules scanning
01:36:11.615 Disk 0 trace - called modules:
01:36:11.615
01:36:12.364 AVAST engine scan C:\Windows
01:36:13.908 AVAST engine scan C:\Windows\system32
01:46:05.493 AVAST engine scan C:\Windows\system32\drivers
01:46:15.524 AVAST engine scan C:\Users\Paolo
03:14:36.647 AVAST engine scan C:\ProgramData
04:05:20.743 Scan finished successfully
11:19:37.359 The log file has been saved successfully to "C:\Users\Paolo\Desktop\aswMBR.txt"

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[pudgyman]

14:18:40.0435 1960 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:18:40.0513 1960 ============================================================
14:18:40.0513 1960 Current date / time: 2012/08/15 14:18:40.0513
14:18:40.0513 1960 SystemInfo:
14:18:40.0513 1960
14:18:40.0513 1960 OS Version: 6.1.7601 ServicePack: 1.0
14:18:40.0513 1960 Product type: Workstation
14:18:40.0513 1960 ComputerName: PAOLO-PC
14:18:40.0513 1960 UserName: Paolo
14:18:40.0513 1960 Windows directory: C:\Windows
14:18:40.0513 1960 System windows directory: C:\Windows
14:18:40.0513 1960 Running under WOW64
14:18:40.0513 1960 Processor architecture: Intel x64
14:18:40.0513 1960 Number of processors: 4
14:18:40.0513 1960 Page size: 0x1000
14:18:40.0513 1960 Boot type: Normal boot
14:18:40.0513 1960 ============================================================
14:18:41.0824 1960 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:18:41.0824 1960 ============================================================
14:18:41.0824 1960 \Device\Harddisk0\DR0:
14:18:41.0824 1960 MBR partitions:
14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1ED53000
14:18:41.0824 1960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1ED85800, BlocksNum 0x1B5FF800
14:18:41.0824 1960 ============================================================
14:18:41.0855 1960 C: <-> \Device\Harddisk0\DR0\Partition2
14:18:41.0870 1960 E: <-> \Device\Harddisk0\DR0\Partition1
14:18:42.0104 1960 K: <-> \Device\Harddisk0\DR0\Partition3
14:18:42.0104 1960 ============================================================
14:18:42.0104 1960 Initialize success
14:18:42.0104 1960 ============================================================
14:19:03.0024 3152 ============================================================
14:19:03.0024 3152 Scan started
14:19:03.0024 3152 Mode: Manual;
14:19:03.0024 3152 ============================================================
14:19:32.0009 3152 ================ Scan services =============================
14:19:32.0586 3152 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:19:32.0586 3152 1394ohci - ok
14:19:32.0617 3152 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:19:32.0617 3152 ACPI - ok
14:19:32.0695 3152 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:19:32.0727 3152 AcpiPmi - ok
14:19:32.0851 3152 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:19:32.0898 3152 adp94xx - ok
14:19:32.0929 3152 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:19:32.0929 3152 adpahci - ok
14:19:32.0961 3152 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:19:32.0961 3152 adpu320 - ok
14:19:32.0992 3152 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:19:32.0992 3152 AeLookupSvc - ok
14:19:33.0070 3152 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:19:33.0085 3152 AFD - ok
14:19:33.0117 3152 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:19:33.0132 3152 agp440 - ok
14:19:33.0148 3152 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:19:33.0148 3152 ALG - ok
14:19:33.0163 3152 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:19:33.0163 3152 aliide - ok
14:19:33.0179 3152 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
14:19:33.0179 3152 amdide - ok
14:19:33.0195 3152 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:19:33.0195 3152 AmdK8 - ok
14:19:33.0195 3152 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:19:33.0195 3152 AmdPPM - ok
14:19:33.0257 3152 [ 6ec6d772eae38dc17c14aed9b178d24b ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:19:33.0257 3152 amdsata - ok
14:19:33.0319 3152 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:19:33.0319 3152 amdsbs - ok
14:19:33.0335 3152 [ 1142a21db581a84ea5597b03a26ebaa0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:19:33.0335 3152 amdxata - ok
14:19:33.0413 3152 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
14:19:33.0413 3152 AppID - ok
14:19:33.0444 3152 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:19:33.0444 3152 AppIDSvc - ok
14:19:33.0569 3152 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:19:33.0569 3152 Appinfo - ok
14:19:33.0709 3152 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:19:33.0709 3152 AppMgmt - ok
14:19:33.0772 3152 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
14:19:33.0772 3152 arc - ok
14:19:33.0787 3152 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:19:33.0787 3152 arcsas - ok
14:19:33.0928 3152 [ 4b720cc508b4fb999a7bf0e6d84f73e1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
14:19:34.0084 3152 ASDR - ok
14:19:34.0162 3152 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:19:34.0240 3152 aspnet_state - ok
14:19:34.0333 3152 [ df59b8e8df0bd2e0e303778a3806a17d ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:19:34.0333 3152 aswFsBlk - ok
14:19:34.0521 3152 [ f8e6ab4f876feff69250f2e0c29ef004 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:19:34.0521 3152 aswMonFlt - ok
14:19:34.0536 3152 [ aa92bc4bcba40ca3aa3ffd1be24f0c09 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:19:34.0536 3152 aswRdr - ok
14:19:34.0942 3152 [ f06e230e1e8ca9437a6474b7b551cd37 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:19:34.0957 3152 aswSnx - ok
14:19:35.0020 3152 [ 3610ca74a69e380424f0452dec5c1317 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:19:35.0020 3152 aswSP - ok
14:19:35.0020 3152 [ 87de3e31cb0091d22351349869324065 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:19:35.0020 3152 aswTdi - ok
14:19:35.0051 3152 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:35.0051 3152 AsyncMac - ok
14:19:35.0254 3152 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
14:19:35.0254 3152 atapi - ok
14:19:35.0441 3152 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:19:35.0457 3152 AudioEndpointBuilder - ok
14:19:35.0457 3152 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:19:35.0472 3152 AudioSrv - ok
14:19:35.0753 3152 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:19:35.0753 3152 avast! Antivirus - ok
14:19:35.0893 3152 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:19:35.0893 3152 AxInstSV - ok
14:19:36.0003 3152 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:19:36.0003 3152 b06bdrv - ok
14:19:36.0143 3152 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:19:36.0143 3152 b57nd60a - ok
14:19:36.0221 3152 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:19:36.0221 3152 BDESVC - ok
14:19:36.0299 3152 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:19:36.0299 3152 Beep - ok
14:19:36.0814 3152 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
14:19:36.0829 3152 BFE - ok
14:19:37.0219 3152 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
14:19:37.0235 3152 BITS - ok
14:19:37.0313 3152 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:19:37.0329 3152 blbdrive - ok
14:19:37.0453 3152 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:19:37.0453 3152 bowser - ok
14:19:37.0500 3152 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:19:37.0609 3152 BrFiltLo - ok
14:19:37.0609 3152 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:19:37.0625 3152 BrFiltUp - ok
14:19:37.0719 3152 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
14:19:37.0719 3152 Browser - ok
14:19:37.0890 3152 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:19:37.0906 3152 Brserid - ok
14:19:37.0968 3152 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:19:37.0984 3152 BrSerWdm - ok
14:19:37.0999 3152 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:19:37.0999 3152 BrUsbMdm - ok
14:19:37.0999 3152 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:19:37.0999 3152 BrUsbSer - ok
14:19:38.0015 3152 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:19:38.0015 3152 BTHMODEM - ok
14:19:38.0062 3152 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:19:38.0062 3152 bthserv - ok
14:19:38.0093 3152 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:19:38.0093 3152 cdfs - ok
14:19:38.0171 3152 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:19:38.0171 3152 cdrom - ok
14:19:38.0280 3152 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
14:19:38.0280 3152 CertPropSvc - ok
14:19:38.0296 3152 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:19:38.0296 3152 circlass - ok
14:19:40.0168 3152 CLFS - ok
14:19:43.0272 3152 clr_optimization_v2.0.50727_32 - ok
14:19:50.0885 3152 clr_optimization_v2.0.50727_64 - ok
14:20:11.0976 3152 clr_optimization_v4.0.30319_32 - ok
14:20:14.0441 3152 clr_optimization_v4.0.30319_64 - ok
14:20:18.0403 3152 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:20:18.0403 3152 CmBatt - ok
14:20:20.0759 3152 cmdide - ok
14:20:40.0041 3152 CNG - ok
14:20:42.0942 3152 Compbatt - ok
14:20:57.0934 3152 [ 31e14c04c60244fdc3737cc73a13aacd ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:21:08.0105 3152 Suspicious file (Forged): C:\Windows\system32\drivers\CompositeBus.sys. Real md5: 31e14c04c60244fdc3737cc73a13aacd, Fake md5: 03edb043586cceba243d689bdda370a8
14:21:08.0105 3152 CompositeBus ( ForgedFile.Multi.Generic ) - warning
14:21:08.0105 3152 CompositeBus - detected ForgedFile.Multi.Generic (1)
14:21:08.0152 3152 COMSysApp - ok
14:21:57.0370 3152 [ 89920a916e12e88179ead52e34eb71af ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:22:01.0395 3152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\crcdisk.sys. Real md5: 89920a916e12e88179ead52e34eb71af, Fake md5: 1c827878a998c18847245fe1f34ee597
14:22:01.0395 3152 crcdisk ( ForgedFile.Multi.Generic ) - warning
14:22:01.0395 3152 crcdisk - detected ForgedFile.Multi.Generic (1)
14:22:03.0314 3152 CryptSvc - ok
14:22:06.0184 3152 CSC - ok
14:22:09.0554 3152 CscService - ok
14:22:22.0595 3152 DcomLaunch - ok
14:22:27.0275 3152 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:22:31.0206 3152 defragsvc - ok
14:22:31.0409 3152 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:22:31.0409 3152 DfsC - ok
14:22:31.0612 3152 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
14:22:31.0628 3152 Dhcp - ok
14:22:31.0721 3152 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:22:31.0721 3152 discache - ok
14:22:31.0815 3152 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:22:31.0815 3152 Disk - ok
14:22:31.0893 3152 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:22:31.0908 3152 Dnscache - ok
14:22:32.0018 3152 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:22:32.0018 3152 dot3svc - ok
14:22:32.0158 3152 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
14:22:32.0158 3152 DPS - ok
14:22:32.0205 3152 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:22:32.0205 3152 drmkaud - ok
14:22:32.0470 3152 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:22:32.0486 3152 DXGKrnl - ok
14:22:32.0626 3152 [ eafcb4551836ff44ee775ceddfa7a77e ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
14:22:32.0626 3152 e1cexpress - ok
14:22:32.0751 3152 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:22:32.0751 3152 EapHost - ok
14:22:33.0141 3152 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:22:33.0281 3152 ebdrv - ok
14:22:33.0390 3152 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
14:22:33.0390 3152 EFS - ok
14:22:33.0500 3152 ehRecvr - ok
14:22:33.0578 3152 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:22:33.0578 3152 ehSched - ok
14:22:33.0796 3152 [ 343ada10d948db29251f2d9c809af204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
14:22:33.0796 3152 EIO64 - ok
14:22:34.0404 3152 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:22:34.0420 3152 elxstor - ok
14:22:34.0498 3152 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:22:34.0498 3152 ErrDev - ok
14:22:34.0701 3152 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:22:34.0716 3152 EventSystem - ok
14:22:34.0841 3152 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:22:34.0841 3152 exfat - ok
14:22:34.0888 3152 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:22:34.0888 3152 fastfat - ok
14:22:35.0028 3152 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
14:22:35.0044 3152 Fax - ok
14:22:35.0075 3152 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:22:35.0075 3152 fdc - ok
14:22:35.0138 3152 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:22:35.0138 3152 fdPHost - ok
14:22:35.0169 3152 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:22:35.0184 3152 FDResPub - ok
14:22:35.0262 3152 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:22:35.0262 3152 FileInfo - ok
14:22:35.0356 3152 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:22:35.0356 3152 Filetrace - ok
14:22:35.0652 3152 [ a4297244d4f817278a6ae45b1899ca9c ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:22:35.0668 3152 FLEXnet Licensing Service 64 - ok
14:22:35.0746 3152 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:35.0746 3152 flpydisk - ok
14:22:35.0824 3152 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:22:35.0824 3152 FltMgr - ok
14:22:35.0886 3152 [ b4447f606bb19fd8ad0bafb59b90f5d9 ] FontCache C:\Windows\system32\FntCache.dll
14:22:35.0902 3152 FontCache - ok
14:22:36.0042 3152 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:36.0042 3152 FontCache3.0.0.0 - ok
14:22:36.0074 3152 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:22:36.0074 3152 FsDepends - ok
14:22:36.0183 3152 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:22:36.0183 3152 Fs_Rec - ok
14:22:36.0339 3152 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:22:36.0339 3152 fvevol - ok
14:22:36.0401 3152 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:22:36.0401 3152 gagp30kx - ok
14:22:36.0526 3152 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
14:22:36.0542 3152 gpsvc - ok
14:22:36.0604 3152 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:22:36.0604 3152 hcw85cir - ok
14:22:36.0760 3152 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:22:36.0776 3152 HdAudAddService - ok
14:22:36.0900 3152 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:22:36.0900 3152 HDAudBus - ok
14:22:36.0932 3152 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:22:36.0932 3152 HidBatt - ok
14:22:36.0978 3152 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:22:36.0978 3152 HidBth - ok
14:22:37.0041 3152 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:22:37.0056 3152 HidIr - ok
14:22:37.0119 3152 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
14:22:37.0134 3152 hidserv - ok
14:22:37.0181 3152 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:22:37.0181 3152 HidUsb - ok
14:22:37.0306 3152 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:22:37.0306 3152 hkmsvc - ok
14:22:37.0462 3152 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:37.0462 3152 HomeGroupListener - ok
14:22:37.0602 3152 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:37.0602 3152 HomeGroupProvider - ok
14:22:37.0665 3152 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:22:37.0712 3152 HpSAMD - ok
14:22:37.0836 3152 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:22:37.0836 3152 HTTP - ok
14:22:37.0914 3152 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:22:37.0914 3152 hwpolicy - ok
14:22:38.0070 3152 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:22:38.0070 3152 i8042prt - ok
14:22:38.0242 3152 [ 3df4395a7cf8b7a72a5f4606366b8c2d ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:22:38.0242 3152 iaStorV - ok
14:22:39.0038 3152 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:22:39.0038 3152 IDriverT - ok
14:22:39.0786 3152 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:39.0802 3152 idsvc - ok
14:22:40.0176 3152 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:22:40.0286 3152 iirsp - ok
14:22:41.0222 3152 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
14:22:41.0237 3152 IKEEXT - ok
14:22:41.0502 3152 [ d7b978f4504d3da95a21002863d0e7ee ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:22:41.0502 3152 Intel(R) PROSet Monitoring Service - ok
14:22:41.0518 3152 intelide - ok
14:22:41.0643 3152 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:22:41.0643 3152 intelppm - ok
14:22:41.0877 3152 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:22:41.0877 3152 IPBusEnum - ok
14:22:42.0064 3152 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:42.0064 3152 IpFilterDriver - ok
14:22:42.0423 3152 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:22:42.0438 3152 iphlpsvc - ok
14:22:44.0388 3152 [ 7e2f5b69bd4b20ac940cddd9852f7e67 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:23:01.0174 3152 Suspicious file (Forged): C:\Windows\system32\drivers\IPMIDrv.sys. Real md5: 7e2f5b69bd4b20ac940cddd9852f7e67, Fake md5: 0fc1aea580957aa8817b8f305d18ca3a
14:23:01.0174 3152 IPMIDRV ( ForgedFile.Multi.Generic ) - warning
14:23:01.0174 3152 IPMIDRV - detected ForgedFile.Multi.Generic (1)
14:23:10.0051 3152 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:23:10.0051 3152 IPNAT - ok
14:23:10.0097 3152 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:23:10.0097 3152 IRENUM - ok
14:23:12.0890 3152 [ 4d98c92287b0e09e9fda43228c878de2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:23:38.0755 3152 Suspicious file (Forged): C:\Windows\system32\drivers\isapnp.sys. Real md5: 4d98c92287b0e09e9fda43228c878de2, Fake md5: 2f7b28dc3e1183e5eb418df55c204f38
14:23:38.0755 3152 isapnp ( ForgedFile.Multi.Generic ) - warning
14:23:38.0755 3152 isapnp - detected ForgedFile.Multi.Generic (1)
14:23:38.0973 3152 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:23:38.0989 3152 iScsiPrt - ok
14:23:39.0004 3152 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:23:39.0004 3152 kbdclass - ok
14:23:40.0970 3152 kbdhid - ok
14:23:56.0273 3152 [ 9cc544b7333c1f741765ce8afc8b8f27 ] KeyIso C:\Windows\system32\lsass.exe
14:23:56.0289 3152 Suspicious file (Forged): C:\Windows\system32\lsass.exe. Real md5: 9cc544b7333c1f741765ce8afc8b8f27, Fake md5: c118a82cd78818c29ab228366ebf81c3
14:23:56.0289 3152 KeyIso ( ForgedFile.Multi.Generic ) - warning
14:23:56.0289 3152 KeyIso - detected ForgedFile.Multi.Generic (1)
14:23:59.0284 3152 KSecDD - ok
14:24:04.0198 3152 KSecPkg - ok
14:24:08.0644 3152 ksthunk - ok
14:24:10.0048 3152 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:24:10.0095 3152 KtmRm - ok
14:24:10.0657 3152 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:24:10.0672 3152 LanmanServer - ok
14:24:10.0875 3152 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:24:10.0875 3152 LanmanWorkstation - ok
14:24:11.0093 3152 lltdio - ok
14:24:11.0686 3152 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:24:11.0780 3152 lltdsvc - ok
14:24:11.0936 3152 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:24:12.0029 3152 lmhosts - ok
14:24:12.0404 3152 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:24:12.0404 3152 LSI_FC - ok
14:24:12.0435 3152 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:24:12.0451 3152 LSI_SAS - ok
14:24:12.0497 3152 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:24:12.0513 3152 LSI_SAS2 - ok
14:24:12.0591 3152 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:24:12.0591 3152 LSI_SCSI - ok
14:24:12.0638 3152 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:24:12.0638 3152 luafv - ok
14:24:12.0747 3152 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:24:12.0747 3152 MBAMProtector - ok
14:24:12.0872 3152 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:24:12.0872 3152 MBAMService - ok
14:24:13.0028 3152 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
14:24:13.0028 3152 mcdbus - ok
14:24:13.0121 3152 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:24:13.0121 3152 Mcx2Svc - ok
14:24:20.0641 3152 [ 5d1b13d4f0ae172eef23c787aecf91e1 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:25:32.0838 3152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\megasas.sys. Real md5: 5d1b13d4f0ae172eef23c787aecf91e1, Fake md5: a55805f747c6edb6a9080d7c633bd0f4
14:25:32.0838 3152 megasas ( ForgedFile.Multi.Generic ) - warning
14:25:32.0838 3152 megasas - detected ForgedFile.Multi.Generic (1)
14:25:33.0399 3152 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:25:33.0399 3152 MegaSR - ok
14:25:34.0195 3152 [ 0af89452a8ce3928168f4e5b2208c68b ] mi-raysat_3dsmax2011_64 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
14:25:34.0195 3152 mi-raysat_3dsmax2011_64 - ok
14:25:34.0320 3152 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:25:34.0335 3152 MMCSS - ok
14:25:34.0398 3152 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:25:34.0398 3152 Modem - ok
14:25:34.0538 3152 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:25:34.0538 3152 monitor - ok
14:25:34.0585 3152 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:25:34.0585 3152 mouclass - ok
14:25:34.0725 3152 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:25:34.0725 3152 mouhid - ok
14:25:34.0866 3152 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:25:34.0866 3152 mountmgr - ok
14:25:34.0897 3152 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:25:34.0897 3152 mpio - ok
14:25:34.0944 3152 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:25:34.0944 3152 mpsdrv - ok
14:25:36.0784 3152 MpsSvc - ok
14:25:39.0624 3152 MRxDAV - ok
14:25:45.0614 3152 mrxsmb - ok
14:25:51.0480 3152 mrxsmb10 - ok
14:25:57.0314 3152 mrxsmb20 - ok
14:26:01.0510 3152 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:26:01.0510 3152 msahci - ok
14:26:01.0666 3152 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:26:01.0666 3152 msdsm - ok
14:26:01.0776 3152 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:26:01.0776 3152 MSDTC - ok
14:26:01.0885 3152 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:26:01.0885 3152 Msfs - ok
14:26:02.0056 3152 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:26:02.0056 3152 mshidkmdf - ok
14:26:04.0490 3152 [ bd7e02f254bf869488fcf8c56a4d87c2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:26:05.0504 3152 Suspicious file (Forged): C:\Windows\system32\drivers\msisadrv.sys. Real md5: bd7e02f254bf869488fcf8c56a4d87c2, Fake md5: d916874bbd4f8b07bfb7fa9b3ccae29d
14:26:05.0504 3152 msisadrv ( ForgedFile.Multi.Generic ) - warning
14:26:05.0504 3152 msisadrv - detected ForgedFile.Multi.Generic (1)
14:26:05.0629 3152 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:26:05.0629 3152 MSiSCSI - ok
14:26:05.0629 3152 msiserver - ok
14:26:05.0676 3152 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:26:05.0676 3152 MSKSSRV - ok
14:26:05.0691 3152 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:05.0691 3152 MSPCLOCK - ok
14:26:05.0707 3152 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:26:05.0707 3152 MSPQM - ok
14:26:06.0409 3152 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:26:06.0409 3152 MsRPC - ok
14:26:07.0142 3152 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:26:07.0142 3152 mssmbios - ok
14:26:07.0282 3152 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:26:07.0282 3152 MSTEE - ok
14:26:07.0298 3152 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:26:07.0298 3152 MTConfig - ok
14:26:07.0314 3152 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:26:07.0314 3152 Mup - ok
14:26:11.0338 3152 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
14:26:13.0632 3152 napagent - ok
14:26:19.0029 3152 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:26:21.0010 3152 NativeWifiP - ok
14:26:27.0032 3152 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
14:26:30.0807 3152 NDIS - ok
14:26:44.0894 3152 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:26:49.0012 3152 NdisCap - ok

 

[pudgyman]

14:26:51.0275 3152 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:51.0290 3152 NdisTapi - ok
14:26:58.0622 3152 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:58.0638 3152 Ndisuio - ok
14:27:03.0879 3152 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:27:03.0879 3152 NdisWan - ok
14:27:12.0584 3152 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:27:12.0600 3152 NDProxy - ok
14:27:22.0989 3152 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:27:30.0228 3152 NetBIOS - ok
14:27:37.0092 3152 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:27:38.0823 3152 NetBT - ok
14:27:50.0726 3152 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
14:27:50.0726 3152 Netlogon - ok
14:28:04.0766 3152 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:28:06.0779 3152 Netman - ok
14:28:07.0028 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:08.0495 3152 NetMsmqActivator - ok
14:28:08.0526 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:08.0526 3152 NetPipeActivator - ok
14:28:08.0651 3152 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:28:08.0651 3152 netprofm - ok
14:28:08.0666 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:08.0666 3152 NetTcpActivator - ok
14:28:08.0666 3152 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:28:08.0666 3152 NetTcpPortSharing - ok
14:28:08.0744 3152 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:28:08.0775 3152 nfrd960 - ok
14:28:09.0103 3152 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:28:09.0103 3152 NlaSvc - ok
14:28:09.0119 3152 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:28:09.0119 3152 Npfs - ok
14:28:09.0197 3152 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:28:09.0197 3152 nsi - ok
14:28:09.0243 3152 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:28:09.0243 3152 nsiproxy - ok
14:28:09.0602 3152 [ 05d78aa5cb5f3f5c31160bdb955d0b7c ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:28:09.0633 3152 Ntfs - ok
14:28:09.0665 3152 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:28:09.0680 3152 Null - ok
14:28:09.0930 3152 [ 10204955027011e08a9dc27737a48a54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:28:09.0930 3152 NVHDA - ok
14:28:10.0616 3152 [ d877fd69e520de8cf2ba831bf76506e9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:28:10.0663 3152 nvlddmkm - ok
14:28:10.0928 3152 [ 5d9fd91f3d38dc9da01e3cb5fa89cd48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:28:10.0944 3152 nvraid - ok
14:28:11.0006 3152 [ f7cd50fe7139f07e77da8ac8033d1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:28:11.0022 3152 nvstor - ok
14:28:11.0303 3152 [ 8d1d42215100566824d2693d7ff4866d ] NVSvc C:\Windows\system32\nvvsvc.exe
14:28:11.0318 3152 NVSvc - ok
14:28:11.0989 3152 [ 496bd042f418e2b98a1947f5800e32f0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:28:12.0005 3152 nvUpdatusService - ok
14:28:12.0332 3152 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:28:12.0332 3152 nv_agp - ok
14:28:12.0457 3152 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:28:12.0488 3152 ohci1394 - ok
14:28:13.0050 3152 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:28:13.0050 3152 ose - ok
14:28:13.0393 3152 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:28:13.0471 3152 osppsvc - ok
14:28:13.0487 3152 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:28:13.0502 3152 p2pimsvc - ok
14:28:13.0549 3152 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:28:13.0565 3152 p2psvc - ok
14:28:13.0596 3152 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:28:13.0596 3152 Parport - ok
14:28:13.0643 3152 [ 871eadac56b0a4c6512bbe32753ccf79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:28:13.0643 3152 partmgr - ok
14:28:13.0674 3152 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:28:13.0674 3152 PcaSvc - ok
14:28:13.0736 3152 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
14:28:13.0736 3152 pci - ok
14:28:13.0752 3152 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
14:28:13.0752 3152 pciide - ok
14:28:13.0767 3152 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:28:13.0783 3152 pcmcia - ok
14:28:13.0845 3152 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:28:13.0845 3152 pcw - ok
14:28:13.0908 3152 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:28:13.0908 3152 PEAUTH - ok
14:28:14.0423 3152 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:28:14.0438 3152 PeerDistSvc - ok
14:28:14.0594 3152 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:28:15.0249 3152 PerfHost - ok
14:28:15.0405 3152 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
14:28:15.0468 3152 pla - ok
14:28:15.0795 3152 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:28:15.0795 3152 PlugPlay - ok
14:28:15.0842 3152 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:28:15.0873 3152 PNRPAutoReg - ok
14:28:15.0936 3152 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:28:15.0936 3152 PNRPsvc - ok
14:28:16.0076 3152 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:28:16.0092 3152 PolicyAgent - ok
14:28:16.0217 3152 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:28:16.0232 3152 Power - ok
14:28:16.0529 3152 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:28:16.0529 3152 PptpMiniport - ok
14:28:16.0544 3152 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:28:16.0544 3152 Processor - ok
14:28:16.0841 3152 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll
14:28:16.0950 3152 ProfSvc - ok
14:28:16.0997 3152 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:28:16.0997 3152 ProtectedStorage - ok
14:28:17.0168 3152 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:28:17.0168 3152 Psched - ok
14:28:18.0229 3152 [ 788cb65d49d1162c5ee6814afe5b0a70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
14:28:18.0245 3152 PSI_SVC_2_x64 - ok
14:28:18.0806 3152 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:28:18.0853 3152 ql2300 - ok
14:28:18.0884 3152 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:28:18.0884 3152 ql40xx - ok
14:28:18.0931 3152 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:28:18.0947 3152 QWAVE - ok
14:28:18.0978 3152 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:28:18.0978 3152 QWAVEdrv - ok
14:28:18.0993 3152 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:28:18.0993 3152 RasAcd - ok
14:28:19.0025 3152 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:28:19.0025 3152 RasAgileVpn - ok
14:28:19.0383 3152 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:28:19.0383 3152 RasAuto - ok
14:28:19.0477 3152 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:19.0477 3152 Rasl2tp - ok
14:28:19.0742 3152 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:28:19.0773 3152 RasMan - ok
14:28:19.0883 3152 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:19.0883 3152 RasPppoe - ok
14:28:19.0929 3152 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:28:19.0929 3152 RasSstp - ok
14:28:20.0241 3152 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:28:20.0241 3152 rdbss - ok
14:28:20.0304 3152 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:28:20.0304 3152 rdpbus - ok
14:28:20.0397 3152 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:20.0397 3152 RDPCDD - ok
14:28:20.0491 3152 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:28:20.0491 3152 RDPDR - ok
14:28:20.0507 3152 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:28:20.0507 3152 RDPENCDD - ok
14:28:20.0585 3152 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:28:20.0585 3152 RDPREFMP - ok
14:28:20.0741 3152 [ 70cba1a0c98600a2aa1863479b35cb90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:28:20.0741 3152 RdpVideoMiniport - ok
14:28:20.0959 3152 [ 6d76e6433574b058adcb0c50df834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:28:20.0959 3152 RDPWD - ok
14:28:21.0037 3152 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:28:21.0037 3152 rdyboost - ok
14:28:21.0177 3152 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:28:21.0177 3152 RemoteAccess - ok
14:28:21.0318 3152 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:28:21.0318 3152 RemoteRegistry - ok
14:28:21.0489 3152 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:28:21.0489 3152 RpcEptMapper - ok
14:28:21.0692 3152 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:28:21.0708 3152 RpcLocator - ok
14:28:21.0833 3152 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:28:21.0848 3152 RpcSs - ok
14:28:21.0895 3152 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:28:21.0911 3152 rspndr - ok
14:28:22.0035 3152 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:28:22.0035 3152 s3cap - ok
14:28:22.0098 3152 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:28:22.0098 3152 SamSs - ok
14:28:22.0176 3152 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:28:22.0176 3152 sbp2port - ok
14:28:22.0207 3152 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:28:22.0207 3152 SCardSvr - ok
14:28:22.0238 3152 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:28:22.0238 3152 scfilter - ok
14:28:22.0316 3152 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:28:22.0347 3152 Schedule - ok
14:28:22.0410 3152 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:28:22.0410 3152 SCPolicySvc - ok
14:28:22.0472 3152 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:28:22.0472 3152 SDRSVC - ok
14:28:22.0550 3152 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:28:22.0550 3152 secdrv - ok
14:28:22.0597 3152 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:28:22.0597 3152 seclogon - ok
14:28:22.0706 3152 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
14:28:22.0722 3152 SENS - ok
14:28:22.0769 3152 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:28:23.0003 3152 SensrSvc - ok
14:28:23.0096 3152 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:28:23.0096 3152 Serenum - ok
14:28:23.0127 3152 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:28:23.0283 3152 Serial - ok
14:28:23.0408 3152 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:28:23.0424 3152 sermouse - ok
14:28:23.0471 3152 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:28:23.0502 3152 SessionEnv - ok
14:28:23.0580 3152 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:28:23.0580 3152 sffdisk - ok
14:28:23.0611 3152 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:28:23.0611 3152 sffp_mmc - ok
14:28:23.0658 3152 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:28:23.0658 3152 sffp_sd - ok
14:28:23.0658 3152 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:28:23.0658 3152 sfloppy - ok
14:28:23.0861 3152 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:28:23.0876 3152 SharedAccess - ok
14:28:24.0017 3152 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:28:24.0017 3152 ShellHWDetection - ok
14:28:24.0095 3152 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:28:24.0095 3152 SiSRaid2 - ok
14:28:24.0141 3152 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:28:24.0141 3152 SiSRaid4 - ok
14:28:24.0235 3152 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:28:24.0235 3152 Smb - ok
14:28:24.0375 3152 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:28:24.0375 3152 SNMPTRAP - ok
14:28:24.0407 3152 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:28:24.0407 3152 spldr - ok
14:28:24.0516 3152 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
14:28:24.0531 3152 Spooler - ok
14:28:24.0828 3152 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:28:24.0859 3152 sppsvc - ok
14:28:24.0937 3152 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:28:24.0937 3152 sppuinotify - ok
14:28:25.0155 3152 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:28:25.0155 3152 srv - ok
14:28:25.0327 3152 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:28:25.0327 3152 srv2 - ok
14:28:25.0467 3152 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:28:25.0467 3152 srvnet - ok
14:28:25.0530 3152 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:28:25.0545 3152 SSDPSRV - ok
14:28:25.0545 3152 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:28:25.0561 3152 SstpSvc - ok
14:28:25.0951 3152 [ 37e909075c910b37779dbe1dbe7f180b ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:28:25.0951 3152 Stereo Service - ok
14:28:26.0060 3152 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:28:26.0060 3152 stexstor - ok
14:28:26.0419 3152 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:28:26.0435 3152 stisvc - ok
14:28:26.0513 3152 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:28:26.0513 3152 storflt - ok
14:28:26.0622 3152 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:28:26.0622 3152 storvsc - ok
14:28:26.0669 3152 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:28:26.0669 3152 swenum - ok
14:28:26.0887 3152 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:28:26.0949 3152 SwitchBoard - ok
14:28:27.0261 3152 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:28:27.0277 3152 swprv - ok
14:28:27.0277 3152 Synth3dVsc - ok
14:28:27.0573 3152 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:28:27.0605 3152 SysMain - ok
14:28:27.0714 3152 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:28:27.0729 3152 TabletInputService - ok
14:28:28.0057 3152 [ 37bea19dbd43301fd987f5d277dfbea5 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
14:28:28.0197 3152 TabletServicePen - ok
14:28:28.0322 3152 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:28:28.0322 3152 TapiSrv - ok
14:28:28.0385 3152 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:28:28.0385 3152 TBS - ok
14:28:28.0509 3152 [ fc62769e7bff2896035aeed399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:28:28.0587 3152 Tcpip - ok
14:28:28.0681 3152 [ fc62769e7bff2896035aeed399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:28:28.0697 3152 TCPIP6 - ok
14:28:28.0837 3152 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:28:28.0837 3152 tcpipreg - ok
14:28:28.0868 3152 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:28:28.0868 3152 TDPIPE - ok
14:28:28.0993 3152 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:28:29.0009 3152 TDTCP - ok
14:28:29.0118 3152 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:28:29.0118 3152 tdx - ok
14:28:29.0133 3152 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:28:29.0133 3152 TermDD - ok
14:28:29.0165 3152 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:28:29.0180 3152 TermService - ok
14:28:29.0227 3152 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:28:29.0227 3152 Themes - ok
14:28:29.0274 3152 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:28:29.0289 3152 THREADORDER - ok
14:28:29.0305 3152 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:28:29.0305 3152 TrkWks - ok
14:28:29.0477 3152 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:28:29.0477 3152 TrustedInstaller - ok
14:28:29.0555 3152 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:29.0555 3152 tssecsrv - ok
14:28:29.0679 3152 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:28:29.0679 3152 TsUsbFlt - ok
14:28:29.0679 3152 tsusbhub - ok
14:28:29.0804 3152 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:28:29.0835 3152 tunnel - ok
14:28:29.0867 3152 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:28:29.0867 3152 uagp35 - ok
14:28:29.0882 3152 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:28:29.0882 3152 udfs - ok
14:28:30.0007 3152 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:28:30.0007 3152 UI0Detect - ok
14:28:30.0085 3152 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:28:30.0085 3152 uliagpkx - ok
14:28:30.0116 3152 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:28:30.0116 3152 umbus - ok
14:28:30.0147 3152 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:28:30.0147 3152 UmPass - ok
14:28:30.0210 3152 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
14:28:30.0210 3152 UmRdpService - ok
14:28:30.0303 3152 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:28:30.0319 3152 upnphost - ok
14:28:30.0366 3152 [ 481dff26b4dca8f4cbac1f7dce1d6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:28:30.0366 3152 usbccgp - ok
14:28:30.0428 3152 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:28:30.0444 3152 usbcir - ok
14:28:30.0491 3152 [ 74ee782b1d9c241efe425565854c661c ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:28:30.0491 3152 usbehci - ok
14:28:30.0584 3152 [ dc96bd9ccb8403251bcf25047573558e ] usbhub C:\Windows\system32\drivers\usbhub.sys
14:28:30.0584 3152 usbhub - ok
14:28:30.0631 3152 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:28:30.0647 3152 usbohci - ok
14:28:30.0678 3152 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:28:30.0678 3152 usbprint - ok
14:28:30.0725 3152 [ d76510cfa0fc09023077f22c2f979d86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:30.0725 3152 USBSTOR - ok
14:28:30.0756 3152 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:28:30.0803 3152 usbuhci - ok
14:28:30.0818 3152 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:28:30.0834 3152 UxSms - ok
14:28:30.0849 3152 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:28:30.0849 3152 VaultSvc - ok
14:28:30.0865 3152 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:28:30.0865 3152 vdrvroot - ok
14:28:31.0271 3152 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:28:31.0286 3152 vds - ok
14:28:31.0317 3152 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:31.0333 3152 vga - ok
14:28:31.0349 3152 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:28:31.0349 3152 VgaSave - ok
14:28:31.0349 3152 VGPU - ok
14:28:31.0395 3152 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:28:31.0395 3152 vhdmp - ok
14:28:31.0442 3152 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:28:31.0458 3152 viaide - ok
14:28:31.0614 3152 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:28:31.0614 3152 vmbus - ok
14:28:31.0629 3152 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:28:31.0629 3152 VMBusHID - ok
14:28:31.0676 3152 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:28:31.0676 3152 volmgr - ok
14:28:31.0910 3152 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:28:31.0910 3152 volmgrx - ok
14:28:31.0941 3152 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:28:31.0941 3152 volsnap - ok
14:28:32.0097 3152 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:28:32.0113 3152 vsmraid - ok
14:28:32.0316 3152 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:28:32.0331 3152 VSS - ok
14:28:32.0347 3152 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:28:32.0347 3152 vwifibus - ok
14:28:32.0378 3152 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:28:32.0394 3152 W32Time - ok
14:28:32.0565 3152 [ f39fc224758290a3193c68c091e6f11a ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:28:32.0565 3152 wacmoumonitor - ok
14:28:32.0675 3152 [ e04d43c7d1641e95d35cae6086c7e350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:28:32.0675 3152 wacommousefilter - ok
14:28:32.0690 3152 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:28:32.0768 3152 WacomPen - ok
14:28:32.0893 3152 [ 53b03e71e88109a5c3c074a33889258a ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
14:28:32.0893 3152 wacomvhid - ok
14:28:33.0018 3152 [ 8b4255329edfba3ecfbd0714476fad38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
14:28:33.0018 3152 WacomVKHid - ok
14:28:33.0127 3152 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:28:33.0158 3152 WANARP - ok
14:28:33.0174 3152 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:28:33.0174 3152 Wanarpv6 - ok
14:28:33.0267 3152 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:28:33.0299 3152 WatAdminSvc - ok
14:28:33.0938 3152 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:28:34.0812 3152 wbengine - ok
14:28:34.0983 3152 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:28:34.0999 3152 WbioSrvc - ok
14:28:35.0077 3152 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:28:35.0077 3152 wcncsvc - ok
14:28:35.0108 3152 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:28:35.0108 3152 WcsPlugInService - ok
14:28:35.0155 3152 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:28:35.0155 3152 Wd - ok
14:28:35.0217 3152 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:28:35.0217 3152 Wdf01000 - ok
14:28:35.0233 3152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:28:35.0249 3152 WdiServiceHost - ok
14:28:35.0249 3152 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:28:35.0249 3152 WdiSystemHost - ok
14:28:35.0327 3152 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:28:35.0327 3152 WebClient - ok
14:28:35.0373 3152 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:28:35.0373 3152 Wecsvc - ok
14:28:35.0405 3152 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:28:35.0405 3152 wercplsupport - ok
14:28:35.0467 3152 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:28:35.0467 3152 WerSvc - ok
14:28:35.0483 3152 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:28:35.0498 3152 WfpLwf - ok
14:28:35.0514 3152 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:28:35.0514 3152 WIMMount - ok
14:28:35.0514 3152 WinDefend - ok
14:28:35.0529 3152 WinHttpAutoProxySvc - ok
14:28:35.0607 3152 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:28:35.0607 3152 Winmgmt - ok
14:28:35.0810 3152 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:28:35.0873 3152 WinRM - ok
14:28:35.0919 3152 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:28:35.0919 3152 WinUsb - ok
14:28:36.0029 3152 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:28:36.0044 3152 Wlansvc - ok
14:28:36.0216 3152 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:28:36.0231 3152 wlidsvc - ok
14:28:36.0309 3152 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:28:36.0309 3152 WmiAcpi - ok
14:28:36.0387 3152 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:28:36.0387 3152 wmiApSrv - ok
14:28:36.0434 3152 WMPNetworkSvc - ok
14:28:36.0481 3152 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:28:36.0481 3152 WPCSvc - ok
14:28:36.0543 3152 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:28:36.0543 3152 WPDBusEnum - ok
14:28:36.0606 3152 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:28:36.0606 3152 ws2ifsl - ok
14:28:36.0637 3152 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
14:28:36.0637 3152 wscsvc - ok
14:28:36.0637 3152 WSearch - ok
14:28:36.0793 3152 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:28:36.0933 3152 wuauserv - ok
14:28:36.0949 3152 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:28:36.0949 3152 WudfPf - ok
14:28:37.0011 3152 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:37.0011 3152 WUDFRd - ok
14:28:37.0058 3152 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:28:37.0074 3152 wudfsvc - ok
14:28:37.0089 3152 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:28:37.0089 3152 WwanSvc - ok
14:28:37.0152 3152 xsherlock - ok
14:28:37.0167 3152 ================ Scan global ===============================
14:28:37.0183 3152 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:28:37.0277 3152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:28:37.0277 3152 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:28:37.0323 3152 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:28:37.0417 3152 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:28:37.0417 3152 [Global] - ok
14:28:37.0417 3152 ================ Scan MBR ==================================
14:28:37.0448 3152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:28:37.0854 3152 \Device\Harddisk0\DR0 - ok
14:28:37.0854 3152 ================ Scan VBR ==================================
14:28:37.0885 3152 Boot (0x1200) (5d2ec72b470746c00219353f106fc8e4) \Device\Harddisk0\DR0\Partition1
14:28:37.0916 3152 \Device\Harddisk0\DR0\Partition1 - ok
14:28:37.0932 3152 Boot (0x1200) (4e1e751a8df3974421cf721548f82476) \Device\Harddisk0\DR0\Partition2
14:28:37.0932 3152 \Device\Harddisk0\DR0\Partition2 - ok
14:28:38.0010 3152 Boot (0x1200) (1a481a24f624f43aabe5baefc40abd37) \Device\Harddisk0\DR0\Partition3
14:28:38.0010 3152 \Device\Harddisk0\DR0\Partition3 - ok
14:28:38.0010 3152 ============================================================
14:28:38.0010 3152 Scan finished
14:28:38.0010 3152 ============================================================
14:28:38.0025 3132 Detected object count: 7
14:28:38.0025 3132 Actual detected object count: 7
14:29:34.0981 3132 CompositeBus ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 CompositeBus ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0981 3132 crcdisk ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 crcdisk ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0981 3132 IPMIDRV ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 IPMIDRV ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0981 3132 isapnp ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 isapnp ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0981 3132 KeyIso ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 KeyIso ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0981 3132 megasas ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0981 3132 megasas ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:34.0997 3132 msisadrv ( ForgedFile.Multi.Generic ) - skipped by user
14:29:34.0997 3132 msisadrv ( ForgedFile.Multi.Generic ) - User select action: Skip
14:29:42.0500 2980 Deinitialize success

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[pudgyman]

if there's an error in one of the files being written/installed by combofix should I download a new one?

 

[Broni]

You may as well.

 

[pudgyman]

I'm trying to open my combofix.txt for pasting, it says
"Illegal operation attempted on a registry key that has been marked for deletion"

But it finished though

 

[pudgyman]

Sorry was able to open after restarting. On the internet on normal mode again. Thank you so much! I feel I'm on the verge of better days for my pc.

ComboFix 12-08-17.01 - Paolo 08/17/2012 14:37:21.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8096.6767 [GMT 8:00]
Running from: c:\users\Paolo\Desktop\paoloval.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 07:17 . 2012-08-17 07:17--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-08-17 07:17 . 2012-08-17 07:17--------d-----w-c:\users\Default\AppData\Local\temp
2012-08-17 05:58 . 2012-08-17 05:59--------d-----w-C:\paoloval
2012-08-14 05:25 . 2012-08-14 05:25--------d-----w-C:\FRST
2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\users\Paolo\AppData\Roaming\Malwarebytes
2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-07 16:42 . 2012-08-07 16:42--------d-----w-c:\programdata\Malwarebytes
2012-08-07 16:42 . 2012-07-03 05:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-07 16:38 . 2012-08-07 16:38--------d-----w-c:\program files (x86)\Siber Systems
2012-08-07 16:37 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
2012-08-07 16:37 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-08-07 16:36 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-08-07 16:36 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-08-07 16:36 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-08-07 16:36 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-08-07 16:36 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
2012-08-07 16:36 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
2012-08-07 16:36 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
2012-08-07 16:36 . 2012-08-07 16:36--------d-----w-c:\programdata\AVAST Software
2012-08-07 16:36 . 2012-08-07 16:36--------d-----w-c:\program files\AVAST Software
2012-08-02 16:21 . 2012-08-07 09:36--------d-----w-c:\program files (x86)\Overwolf
2012-08-02 16:14 . 2012-08-02 16:29--------d-----w-c:\users\Paolo\AppData\Local\Overwolf
2012-08-02 16:14 . 2012-08-02 16:14--------d-----w-c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-08-02 16:12 . 2012-08-02 16:12--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-27 12:36 . 2012-07-30 10:41--------d-----w-c:\windows\system32\appmgmt
2012-07-24 03:09 . 2012-08-02 12:09--------d-----w-c:\users\Paolo\AppData\Local\dxhr
2012-07-24 03:00 . 2012-07-24 03:00--------d-----w-c:\users\Paolo\AppData\Local\28050
2012-07-23 12:48 . 2012-07-23 16:45--------d-----w-c:\users\Paolo\AppData\Roaming\IrfanView
2012-07-19 11:40 . 2012-07-30 14:52--------d-----w-c:\users\Paolo\AppData\Roaming\Media Player Classic
2012-07-19 06:15 . 2012-07-19 06:19--------d-----w-c:\program files\Adobe Premiere Pro CS6
2012-07-19 06:09 . 2012-07-19 06:09--------d-----w-c:\users\Paolo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-07-19 06:09 . 2012-07-19 06:09--------d-----w-c:\program files (x86)\Adobe Download Assistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 16:57 . 2012-08-02 16:57654944----a-w-c:\windows\SysWow64\xsherlock.xem
2012-06-02 22:19 . 2012-06-21 01:4138424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:412428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 01:4157880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:4144056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:41701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 01:412622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 01:4199840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 07:19 . 2012-06-21 01:41186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 07:15 . 2012-06-21 01:4136864----a-w-c:\windows\system32\wuapp.exe
2012-05-31 04:25 . 2012-05-05 15:48279656------w-c:\windows\system32\MpSigStub.exe
2012-05-26 04:36 . 2012-07-16 09:00204800----a-w-c:\windows\system32\unrar64.dll
2011-10-24 07:30 . 2011-10-24 07:30796520----a-w-c:\program files (x86)\QTPlugin.ocx
2011-10-24 07:30 . 2011-10-24 07:301234808----a-w-c:\program files (x86)\QuickTimePlayer.exe
2011-10-24 07:02 . 2011-10-24 07:028120168----a-w-c:\program files (x86)\QuickTimePlayer.dll
2011-10-24 07:02 . 2011-10-24 07:02370536----a-w-c:\program files (x86)\QTUIPanelControl.dll
2011-10-24 07:02 . 2011-10-24 07:02894824----a-w-c:\program files (x86)\QTOControl.dll
2011-10-24 07:02 . 2011-10-24 07:02821096----a-w-c:\program files (x86)\QTOLibrary.dll
2011-10-24 06:28 . 2011-10-24 06:28421888----a-w-c:\program files (x86)\QTTask.exe
2011-10-24 06:28 . 2011-10-24 06:28561152----a-w-c:\program files (x86)\PictureViewer.exe
2011-03-11 01:30 . 2011-03-11 01:301572864----a-w-c:\program files (x86)\ResDLL.dll
2011-03-10 07:53 . 2011-03-10 07:5398304----a-w-c:\program files (x86)\EIO.dll
2011-02-25 11:22 . 2011-02-25 11:2277824----a-w-c:\program files (x86)\ASUSRC.dll
2010-11-11 14:30 . 2010-11-11 14:3053760----a-w-c:\program files (x86)\ResetDiver.exe
2010-04-27 12:55 . 2010-04-27 12:5528672----a-w-c:\program files (x86)\InitSD.exe
2010-03-04 10:49 . 2010-03-04 10:4933280----a-w-c:\program files (x86)\IOMap.sys
2010-02-22 07:46 . 2010-02-22 07:4623680----a-w-c:\program files (x86)\IOMap64.sys
2009-08-21 01:48 . 2009-08-21 01:4844032----a-w-c:\program files (x86)\2dpainting.exe
2009-07-30 03:16 . 2009-07-30 03:1616384----a-w-c:\program files (x86)\EIO64_xp.sys
2009-07-30 03:15 . 2009-07-30 03:1514336----a-w-c:\program files (x86)\EIO_xp.sys
2009-07-22 02:34 . 2009-07-22 02:3414336----a-w-c:\program files (x86)\EIO.sys
2009-07-22 02:34 . 2009-07-22 02:3416384----a-w-c:\program files (x86)\EIO64.sys
2009-06-30 15:35 . 2009-06-30 15:352741248----a-w-c:\program files (x86)\QtCore4.dll
2009-02-26 08:31 . 2009-02-26 08:31613376----a-w-c:\program files (x86)\QtOpenGL4.dll
2009-02-26 08:23 . 2009-02-26 08:2311448320----a-w-c:\program files (x86)\QtGui4.dll
2008-11-12 14:08 . 2008-11-12 14:08188416----a-w-c:\program files (x86)\atipdlxx2543.dll
2007-10-05 07:53 . 2007-10-05 07:5357344----a-w-c:\program files (x86)\xgctl.dll
2007-05-24 13:53 . 2007-05-24 13:53139264----a-w-c:\program files (x86)\atipdlxx.dll
2006-02-22 07:11 . 2006-02-22 07:11163840----a-w-c:\program files (x86)\atistclk.dll
2006-01-04 07:01 . 2006-01-04 07:01110592----a-w-c:\program files (x86)\R5ClkLib.dll
2005-12-22 08:34 . 2005-12-22 08:3498304----a-w-c:\program files (x86)\AiPanelUtilityDLL.dll
2005-12-07 23:23 . 2005-12-07 23:2320480----a-w-c:\program files (x86)\HyperDrive.exe
2005-10-20 01:35 . 2005-10-20 01:3515872----a-w-c:\program files (x86)\atikia64.sys
2005-10-20 01:34 . 2005-10-20 01:347680----a-w-c:\program files (x86)\atillk64.sys
2005-10-20 01:29 . 2005-10-20 01:295376----a-w-c:\program files (x86)\atidgllk.sys
2005-09-09 00:32 . 2005-09-09 00:3253248----a-w-c:\program files (x86)\nvgpio.dll
2004-10-28 09:23 . 2004-10-28 09:2312451----a-w-c:\program files (x86)\EIO.VXD
2003-06-23 05:17 . 2003-06-23 05:1765536----a-w-c:\program files (x86)\2DTEST.EXE
2003-03-19 03:14 . 2003-03-19 03:14499712----a-w-c:\program files (x86)\msvcp71.dll
2003-02-21 12:42 . 2003-02-21 12:42348160----a-w-c:\program files (x86)\msvcr71.dll
2002-08-28 18:41 . 2002-08-28 18:41401462----a-w-c:\program files (x86)\msvcp60.dll
2002-01-05 23:43 . 2002-01-05 23:431310720----a-w-c:\program files (x86)\SmartDoctor.exe
1999-08-21 04:21 . 1999-08-21 04:217869----a-w-c:\program files (x86)\Idlehlt.vxd
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2010-11-20 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
.
[-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[-] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.20560] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16447] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe
[7] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
[7] 2009-07-14 . 0C12A2B863FEA45598134E3B6E379F88 . 51200 . . [7.3.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_8ca5655e8bc7dae9\wuauclt.exe
[7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe
.
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
[7] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll
[7] 2010-08-24 . 882C1C473BE598DF08730DA11C5B2B27 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
[7] 2010-08-21 . 113921FC4A80A3DDF646852998B836D0 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll
[7] 2009-07-14 . C093E7835C1372D6D70A6675EDAA97B5 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
.
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[7] 2011-07-16 . DDBD24DC04DA5FD0EDF45CF72B7C01E2 . 1162240 . . [6.1.7600.16850] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[7] 2011-07-16 . 06835B46D9676BEDD80AF25ACF6845FD . 1162240 . . [6.1.7600.21010] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[7] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-I..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
.
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[-] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16624] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
[7] 2010-06-29 . 49401892E8305914A9E7F64C7000D6A6 . 2085376 . . [6.1.7600.20744] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[7] 2010-11-02 . 5269A787C24D968D291B22F7ED4955B1 . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll
[7] 2009-07-14 . EC56B171F85C7E855E7B0588AC503EEA . 1104384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll