Solved Some spyware

I

islam

Posts: 23   +0
my pc is infected with smartwebsearch spyware and I tried to do every possible thing to get rid of it and nothing worked with me , also some websites like facebook doesn't work in my pc most of times and sometimes it takes so long time to load and I do not know why
I am using bitdeffeneder internet security 2012 and no infections at the moment in my pc so any 1 suggest what should I do
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
ok I did a scan with Malwarebytes Anti-Malware
scan log
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229763
Time elapsed: 10 minute(s), 53 second(s)

[FONT=mceinline]Memory Processes Detected: 1[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\Trojan.exe (Trojan.Agent) -> 5700 -> No action taken.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Memory Modules Detected: 0[/FONT]
[FONT=mceinline](No malicious items detected)[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Registry Keys Detected: 2[/FONT]
[FONT=mceinline]HKCU\Software\SkyMedia (Adware.SkyMedia) -> No action taken.[/FONT]
[FONT=mceinline]HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Registry Values Detected: 2[/FONT]
[FONT=mceinline]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Trojan.Agent) -> Data: "C:\Users\islam\AppData\Local\Temp\Trojan.exe" .. -> No action taken.[/FONT]
[FONT=mceinline]HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5cd8f17f4086744065eb0992a09e05a2 (Trojan.Agent) -> Data: "C:\Users\islam\AppData\Local\Temp\Trojan.exe" .. -> No action taken.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Registry Data Items Detected: 0[/FONT]
[FONT=mceinline](No malicious items detected)[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Folders Detected: 0[/FONT]
[FONT=mceinline](No malicious items detected)[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]Files Detected: 8[/FONT]
[FONT=mceinline]C:\Users\islam\Local Settings\Temporary Internet Files\Content.IE5\Z4IJ28K0\Anytube_5315[1].exe (PUP.Adware.Agent) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\pi.exe (Trojan.Agent) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\pws_cdk.bss (Stolen.Data) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\pws_mail.bss (Stolen.Data) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\pws_mess.bss (Stolen.Data) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Roaming\Keylogger (Stolen.Data) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\Trojan.exe (Trojan.Agent) -> No action taken.[/FONT]
[FONT=mceinline]C:\Users\islam\AppData\Local\Temp\Trojan.exe.tmp (Malware.Trace) -> No action taken.[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline](end)[/FONT]
 
Please do NOT format your logs with some other colors.

Your MBAM log says "[FONT=mceinline]No action taken[/FONT]".
Re=run it, fix all issues and post new log.

Then continue with other steps.[FONT=mceinline][/FONT]
 
Protection: Enabled

30/07/2012 04:43:24 ص
mbam-log-2012-07-30 (04-43-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228281
Time elapsed: 14 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\islam\Local Settings\Temporary Internet Files\Content.IE5\Z4IJ28K0\Anytube_5315[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)
now every time I search in the browser I see notification that the program blocked malicious website
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-30 22:39:39
Windows 6.1.7600
Running: 4f9m8wc2.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Companion\@hotmail.com@a92b82ed2e997136a802cb75192af1e7\r\n 0x14 0xC4 0xC9 0x64 ...

---- EOF - GMER 1.0.15 ----
 
ok thanks
now I downloaded dds and everytime I click on it weird notepad opens with something like that 1¸„:uظêiuظêiuظêI¶ضµiwظêiuظëIîظêI¶ض·idظêI!ْعIظêI²كىitظêiRichuظêI PE L ئمK à   P   0َ °  @        ي €      `    ` UPX0    € àUPX1 P ° F  @ à.rsrc    J @ ہ 3.07 UPX!
•»$ذک…‚غ 'C „ & "ے÷ےU‹ىƒى\ƒ} t+F‹Eu
ƒH‹
¨>Bے؟lے ‰HPےu ےHr@ é uSفŒ}÷V‹5°چE¤WPLƒeôيوl»1E نP‹}ً؟‎±·ًDp; ï¶FRVV¯Uuے؟‎è‹د+Mèءآ‰M™÷ے3زٹًQ‌ùغحNUMèء‹ت1T»vé>ٹبPE3ءل×m··ہ بsôPBّ¢p‡™هىrEًPˆ Tكق¾½ےسè9}qŒwے ƒ~Xے؛‌ûteےv4½5…ہ3tnغ¶/jWا:« èî"فح¹*ت )XWKpغg›غےXضًh -P¹gWّjےh 6%Xr ؟9Yˆw¤\_^3ہ[ةغكً·آ_‹L$،بF‹رSiزAVûفےےW‹TِآtOچq3ے;5جsB‹خIة¼}Y‏چD‹ءGëtغےِ/BO…ةt ë
u ‹ظ3عƒم9ظ´غ³÷‰F1Arتt[آ…wأ7îQQ‹U؟ٍIِک{أآ€3ةَW?üB‹F¨^~ىِ 9M t$¾B‰;„D‹آIہ°ً‎G|چB‹‡
,Rغثِ÷#
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 23:04:28
-----------------------------
23:04:28.962 OS Version: Windows x64 6.1.7600
23:04:28.962 Number of processors: 6 586 0xA00
23:04:28.962 ComputerName: ISLAM-PC UserName: islam
23:04:29.810 Initialize success
23:36:25.981 AVAST engine defs: 12080100
23:40:31.661 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
23:40:31.663 Disk 0 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
23:40:31.665 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
23:40:31.666 Disk 1 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
23:40:31.669 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-7
23:40:31.671 Disk 2 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
23:40:31.685 Disk 2 MBR read successfully
23:40:31.688 Disk 2 MBR scan
23:40:31.755 Disk 2 Windows 7 default MBR code
23:40:31.774 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476934 MB offset 2048
23:40:31.823 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 476932 MB offset 976762880
23:40:31.918 Disk 2 scanning C:\Windows\system32\drivers
23:40:38.339 Service scanning
23:40:55.386 Modules scanning
23:40:55.393 Disk 2 trace - called modules:
23:40:55.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:40:55.405 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa8004ac5060]
23:40:55.409 3 CLASSPNP.SYS[fffff880013af43f] -> nt!IofCallDriver -> [0xfffffa80049889b0]
23:40:55.412 5 ACPI.sys[fffff88000f68781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-7[0xfffffa8004a4e060]
23:40:56.381 AVAST engine scan C:\Windows
23:40:58.959 AVAST engine scan C:\Windows\system32
23:43:22.453 AVAST engine scan C:\Windows\system32\drivers
23:43:30.415 AVAST engine scan C:\Users\islam
23:48:51.475 File: C:\Users\islam\AppData\Local\Temp\fhbnxqxklt.exe **INFECTED** Win32:Agent-APAI [Spy]
23:54:01.983 Disk 2 MBR has been saved successfully to "C:\Users\islam\Documents\MBR.dat"
23:54:01.989 The log file has been saved successfully to "C:\Users\islam\Documents\aswMBR.txt"
00:16:00.550 File: C:\Users\islam\SvcHost.exe **INFECTED** Win32:Agent-APAI [Spy]
00:16:54.406 AVAST engine scan C:\ProgramData
00:27:46.962 Scan finished successfully
00:31:15.372 Disk 2 MBR has been saved successfully to "C:\Users\islam\Documents\MBR.dat"
00:31:15.388 The log file has been saved successfully to "C:\Users\islam\Documents\aswMBR.txt"
00:32:14.478 Disk 2 MBR has been saved successfully to "C:\Users\islam\Pictures\MBR.dat"
00:32:14.482 The log file has been saved successfully to "C:\Users\islam\Pictures\aswMBR.txt"
 
You have to tell me though (??)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
02:33:31.0295 6836TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:33:33.0296 6836============================================================
02:33:33.0296 6836Current date / time: 2012/08/02 02:33:33.0296
02:33:33.0296 6836SystemInfo:
02:33:33.0296 6836
02:33:33.0296 6836OS Version: 6.1.7600 ServicePack: 0.0
02:33:33.0296 6836Product type: Workstation
02:33:33.0296 6836ComputerName: ISLAM-PC
02:33:33.0296 6836UserName: islam
02:33:33.0296 6836Windows directory: C:\Windows
02:33:33.0296 6836System windows directory: C:\Windows
02:33:33.0296 6836Running under WOW64
02:33:33.0296 6836Processor architecture: Intel x64
02:33:33.0296 6836Number of processors: 6
02:33:33.0296 6836Page size: 0x1000
02:33:33.0296 6836Boot type: Normal boot
02:33:33.0296 6836============================================================
02:33:34.0947 6836Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:33:34.0957 6836Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:33:35.0364 6836Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:33:35.0368 6836============================================================
02:33:35.0368 6836\Device\Harddisk1\DR1:
02:33:35.0368 6836MBR partitions:
02:33:35.0368 6836\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x186B1F1E
02:33:35.0387 6836\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x186B1F9C, BlocksNum 0x19B02ACC
02:33:35.0407 6836\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x321B4AA7, BlocksNum 0x186A241A
02:33:35.0407 6836\Device\Harddisk2\DR2:
02:33:35.0407 6836MBR partitions:
02:33:35.0407 6836\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A383000
02:33:35.0407 6836\Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3A383800, BlocksNum 0x3A382000
02:33:35.0407 6836\Device\Harddisk0\DR0:
02:33:35.0407 6836MBR partitions:
02:33:35.0407 6836\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A382800
02:33:35.0407 6836\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A383000, BlocksNum 0x3A382800
02:33:35.0407 6836============================================================
02:33:35.0413 6836C: <-> \Device\Harddisk2\DR2\Partition0
02:33:35.0434 6836E: <-> \Device\Harddisk1\DR1\Partition0
02:33:35.0456 6836F: <-> \Device\Harddisk1\DR1\Partition1
02:33:35.0476 6836G: <-> \Device\Harddisk1\DR1\Partition2
02:33:35.0498 6836J: <-> \Device\Harddisk2\DR2\Partition1
02:33:35.0538 6836K: <-> \Device\Harddisk0\DR0\Partition1
02:33:35.0562 6836I: <-> \Device\Harddisk0\DR0\Partition0
02:33:35.0562 6836============================================================
02:33:35.0562 6836Initialize success
02:33:35.0562 6836============================================================
02:33:50.0510 5580============================================================
02:33:50.0510 5580Scan started
02:33:50.0510 5580Mode: Manual;
02:33:50.0510 5580============================================================
02:33:52.0336 55801394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
02:33:52.0343 55801394ohci - ok
02:33:52.0373 5580ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
02:33:52.0376 5580ACPI - ok
02:33:52.0385 5580AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
02:33:52.0388 5580AcpiPmi - ok
02:33:52.0477 5580AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:33:52.0478 5580AdobeARMservice - ok
02:33:52.0586 5580AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:33:52.0587 5580AdobeFlashPlayerUpdateSvc - ok
02:33:52.0629 5580adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:33:52.0640 5580adp94xx - ok
02:33:52.0665 5580adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:33:52.0670 5580adpahci - ok
02:33:52.0684 5580adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:33:52.0687 5580adpu320 - ok
02:33:52.0704 5580AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:33:52.0705 5580AeLookupSvc - ok
02:33:52.0729 5580AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
02:33:52.0740 5580AFD - ok
02:33:52.0777 5580agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
02:33:52.0780 5580agp440 - ok
02:33:52.0790 5580ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:33:52.0792 5580ALG - ok
02:33:52.0805 5580aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
02:33:52.0807 5580aliide - ok
02:33:52.0932 5580ALSysIO - ok
02:33:53.0015 5580AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
02:33:53.0017 5580AMD External Events Utility - ok
02:33:53.0050 5580AMD FUEL Service - ok
02:33:53.0075 5580amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
02:33:53.0076 5580amdide - ok
02:33:53.0092 5580amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
02:33:53.0096 5580amdiox64 - ok
02:33:53.0117 5580AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:33:53.0120 5580AmdK8 - ok
02:33:53.0407 5580amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
02:33:53.0575 5580amdkmdag - ok
02:33:53.0662 5580amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
02:33:53.0668 5580amdkmdap - ok
02:33:53.0696 5580AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:33:53.0697 5580AmdPPM - ok
02:33:53.0711 5580amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
02:33:53.0716 5580amdsata - ok
02:33:53.0729 5580amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:33:53.0732 5580amdsbs - ok
02:33:53.0741 5580amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
02:33:53.0742 5580amdxata - ok
02:33:53.0794 5580AODDriver (b934322c68c30dceca96c0274a51f7b0) C:\Program Files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys
02:33:53.0798 5580AODDriver - ok
02:33:53.0826 5580AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
02:33:53.0827 5580AODDriver4.01 - ok
02:33:53.0829 5580AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
02:33:53.0830 5580AODDriver4.1 - ok
02:33:53.0897 5580AODDriver4.2.0 (cca0610205bfe4ea3a7b7319ae7ef2a2) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
02:33:53.0898 5580AODDriver4.2.0 - ok
02:33:53.0925 5580AODService (01cb9ee6adaed004e86f9870a14f86eb) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
02:33:53.0927 5580AODService - ok
02:33:53.0952 5580AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
02:33:53.0956 5580AppID - ok
02:33:53.0974 5580AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:33:53.0976 5580AppIDSvc - ok
02:33:53.0986 5580Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
02:33:53.0987 5580Appinfo - ok
02:33:54.0019 5580AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
02:33:54.0023 5580AppMgmt - ok
02:33:54.0032 5580arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:33:54.0037 5580arc - ok
02:33:54.0049 5580arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:33:54.0052 5580arcsas - ok
02:33:54.0102 5580AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
02:33:54.0105 5580AsIO - ok
02:33:54.0121 5580asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
02:33:54.0126 5580asmthub3 - ok
02:33:54.0152 5580asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
02:33:54.0168 5580asmtxhci - ok
02:33:54.0251 5580aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:33:54.0267 5580aspnet_state - ok
02:33:54.0313 5580AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
02:33:54.0316 5580AsUpIO - ok
02:33:54.0335 5580AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:33:54.0337 5580AsyncMac - ok
02:33:54.0349 5580atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
02:33:54.0349 5580atapi - ok
02:33:54.0381 5580AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
02:33:54.0386 5580AtiHDAudioService - ok
02:33:54.0475 5580AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
02:33:54.0479 5580AtiHdmiService - ok
02:33:54.0512 5580AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
02:33:54.0512 5580AtiPcie - ok
02:33:54.0554 5580AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:33:54.0568 5580AudioEndpointBuilder - ok
02:33:54.0573 5580AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:33:54.0576 5580AudioSrv - ok
02:33:54.0645 5580Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
02:33:54.0646 5580Autodesk Content Service - ok
02:33:54.0702 5580avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
02:33:54.0742 5580avc3 - ok
02:33:54.0779 5580avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
02:33:54.0785 5580avchv - ok
02:33:54.0828 5580avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
02:33:54.0840 5580avckf - ok
02:33:54.0873 5580AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
02:33:54.0878 5580AxInstSV - ok
02:33:54.0913 5580b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:33:54.0924 5580b06bdrv - ok
02:33:54.0959 5580b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:33:54.0963 5580b57nd60a - ok
02:33:55.0009 5580BCUService (328e794278cc30ca7c06e346a18b1abc) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
02:33:55.0011 5580BCUService - ok
02:33:55.0027 5580BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:33:55.0030 5580BDESVC - ok
02:33:55.0073 5580BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
02:33:55.0077 5580BdfNdisf - ok
02:33:55.0128 5580bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
02:33:55.0140 5580bdfsfltr - ok
02:33:55.0153 5580bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
02:33:55.0157 5580bdfwfpf - ok
02:33:55.0184 5580bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
02:33:55.0188 5580bdsandbox - ok
02:33:55.0207 5580BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
02:33:55.0211 5580BDVEDISK - ok
02:33:55.0220 5580Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:33:55.0221 5580Beep - ok
02:33:55.0269 5580BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
02:33:55.0283 5580BFE - ok
02:33:55.0325 5580BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
02:33:55.0345 5580BITS - ok
02:33:55.0385 5580blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:33:55.0387 5580blbdrive - ok
02:33:55.0404 5580bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
02:33:55.0405 5580bowser - ok
02:33:55.0415 5580BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:33:55.0417 5580BrFiltLo - ok
02:33:55.0427 5580BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:33:55.0428 5580BrFiltUp - ok
02:33:55.0444 5580Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
02:33:55.0446 5580Browser - ok
02:33:55.0463 5580Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:33:55.0468 5580Brserid - ok
02:33:55.0479 5580BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:33:55.0482 5580BrSerWdm - ok
02:33:55.0496 5580BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:33:55.0497 5580BrUsbMdm - ok
02:33:55.0511 5580BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:33:55.0513 5580BrUsbSer - ok
02:33:55.0525 5580BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:33:55.0527 5580BTHMODEM - ok
02:33:55.0553 5580bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:33:55.0555 5580bthserv - ok
02:33:55.0565 5580cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:33:55.0569 5580cdfs - ok
02:33:55.0579 5580cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
02:33:55.0588 5580cdrom - ok
02:33:55.0605 5580CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:33:55.0607 5580CertPropSvc - ok
02:33:55.0614 5580circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:33:55.0616 5580circlass - ok
02:33:55.0637 5580CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:33:55.0640 5580CLFS - ok
02:33:55.0688 5580clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:33:55.0691 5580clr_optimization_v2.0.50727_32 - ok
02:33:55.0828 5580clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:33:55.0831 5580clr_optimization_v2.0.50727_64 - ok
02:33:55.0871 5580clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:33:55.0934 5580clr_optimization_v4.0.30319_32 - ok
02:33:55.0963 5580clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:33:55.0965 5580clr_optimization_v4.0.30319_64 - ok
02:33:55.0976 5580CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:33:55.0978 5580CmBatt - ok
02:33:55.0988 5580cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
02:33:55.0990 5580cmdide - ok
02:33:56.0021 5580CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
02:33:56.0033 5580CNG - ok
02:33:56.0050 5580Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:33:56.0051 5580Compbatt - ok
02:33:56.0073 5580CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:33:56.0076 5580CompositeBus - ok
02:33:56.0083 5580COMSysApp - ok
02:33:56.0193 5580CoordinatorServiceHost (ab82a8885ab9687d82aa51a4b4f62e2d) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
02:33:56.0201 5580CoordinatorServiceHost - ok
02:33:56.0248 5580cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
02:33:56.0248 5580cpuz135 - ok
02:33:56.0259 5580crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:33:56.0261 5580crcdisk - ok
02:33:56.0298 5580CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
02:33:56.0300 5580CryptSvc - ok
02:33:56.0327 5580CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
02:33:56.0340 5580CSC - ok
02:33:56.0375 5580CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
02:33:56.0389 5580CscService - ok
02:33:56.0426 5580DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:33:56.0431 5580DcomLaunch - ok
02:33:56.0454 5580defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:33:56.0458 5580defragsvc - ok
02:33:56.0491 5580DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
02:33:56.0496 5580DfsC - ok
02:33:56.0531 5580Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
02:33:56.0535 5580Dhcp - ok
02:33:56.0547 5580discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:33:56.0548 5580discache - ok
02:33:56.0574 5580Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:33:56.0575 5580Disk - ok
02:33:56.0596 5580Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
02:33:56.0598 5580Dnscache - ok
02:33:56.0615 5580dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
02:33:56.0621 5580dot3svc - ok
02:33:56.0647 5580Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
02:33:56.0649 5580Dot4 - ok
02:33:56.0674 5580Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:33:56.0676 5580Dot4Print - ok
02:33:56.0685 5580dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
02:33:56.0686 5580dot4usb - ok
02:33:56.0702 5580DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
02:33:56.0704 5580DPS - ok
02:33:56.0726 5580drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:33:56.0727 5580drmkaud - ok
02:33:56.0771 5580dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:33:56.0774 5580dtsoftbus01 - ok
02:33:56.0820 5580DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
02:33:56.0863 5580DXGKrnl - ok
02:33:56.0870 5580E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
02:33:56.0873 5580E1G60 - ok
02:33:56.0887 5580EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:33:56.0888 5580EapHost - ok
02:33:56.0990 5580ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:33:57.0055 5580ebdrv - ok
02:33:57.0135 5580EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
02:33:57.0137 5580EFS - ok
02:33:57.0188 5580ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
02:33:57.0198 5580ehRecvr - ok
02:33:57.0216 5580ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:33:57.0219 5580ehSched - ok
02:33:57.0263 5580elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:33:57.0268 5580elxstor - ok
02:33:57.0275 5580ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
02:33:57.0276 5580ErrDev - ok
02:33:57.0317 5580EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:33:57.0321 5580EventSystem - ok
02:33:57.0329 5580exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:33:57.0332 5580exfat - ok
02:33:57.0340 5580fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:33:57.0343 5580fastfat - ok
02:33:57.0390 5580Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
02:33:57.0413 5580Fax - ok
02:33:57.0428 5580fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:33:57.0430 5580fdc - ok
02:33:57.0437 5580fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:33:57.0438 5580fdPHost - ok
02:33:57.0447 5580FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:33:57.0448 5580FDResPub - ok
02:33:57.0457 5580FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:33:57.0459 5580FileInfo - ok
02:33:57.0473 5580Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:33:57.0475 5580Filetrace - ok
02:33:57.0547 5580FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:33:57.0800 5580FLEXnet Licensing Service - ok
02:33:57.0895 5580FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:33:57.0913 5580FLEXnet Licensing Service 64 - ok
02:33:57.0993 5580flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:33:57.0995 5580flpydisk - ok
02:33:58.0015 5580FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
02:33:58.0018 5580FltMgr - ok
02:33:58.0060 5580FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
02:33:58.0073 5580FontCache - ok
02:33:58.0119 5580FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:33:58.0120 5580FontCache3.0.0.0 - ok
02:33:58.0130 5580FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:33:58.0133 5580FsDepends - ok
02:33:58.0139 5580Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:33:58.0140 5580Fs_Rec - ok
02:33:58.0163 5580fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:33:58.0165 5580fvevol - ok
02:33:58.0182 5580gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:33:58.0185 5580gagp30kx - ok
02:33:58.0226 5580GGSAFERDriver - ok
02:33:58.0259 5580gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
02:33:58.0271 5580gpsvc - ok
02:33:58.0338 5580GSService (c4d6a1ef698ec3d641713b550b9b33d1) C:\Windows\SysWOW64\GSService.exe
02:33:58.0367 5580GSService - ok
02:33:58.0414 5580gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:33:58.0436 5580gusvc - ok
02:33:58.0533 5580hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
02:33:58.0536 5580hamachi - ok
02:33:58.0546 5580hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:33:58.0548 5580hcw85cir - ok
02:33:58.0598 5580HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
02:33:58.0612 5580HdAudAddService - ok
02:33:58.0662 5580HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:33:58.0664 5580HDAudBus - ok
02:33:58.0677 5580HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:33:58.0678 5580HidBatt - ok
02:33:58.0690 5580HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:33:58.0693 5580HidBth - ok
02:33:58.0712 5580HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:33:58.0715 5580HidIr - ok
02:33:58.0735 5580hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:33:58.0736 5580hidserv - ok
02:33:58.0749 5580HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
02:33:58.0752 5580HidUsb - ok
02:33:58.0763 5580hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
02:33:58.0765 5580hkmsvc - ok
02:33:58.0781 5580HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
02:33:58.0783 5580HomeGroupListener - ok
02:33:58.0803 5580HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
02:33:58.0806 5580HomeGroupProvider - ok
02:33:58.0897 5580hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:33:58.0900 5580hpqcxs08 - ok
02:33:58.0926 5580hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:33:58.0928 5580hpqddsvc - ok
02:33:58.0932 5580HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:33:58.0937 5580HpSAMD - ok
02:33:58.0976 5580HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
02:33:58.0989 5580HTTP - ok
02:33:58.0995 5580hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
02:33:58.0995 5580hwpolicy - ok
02:33:59.0011 5580i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:33:59.0014 5580i8042prt - ok
02:33:59.0029 5580iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
02:33:59.0035 5580iaStorV - ok
02:33:59.0079 5580IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
02:33:59.0081 5580IDMWFP - ok
02:33:59.0137 5580idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:33:59.0150 5580idsvc - ok
02:33:59.0172 5580iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:33:59.0174 5580iirsp - ok
02:33:59.0216 5580IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
02:33:59.0226 5580IKEEXT - ok
02:33:59.0341 5580IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
02:33:59.0378 5580IntcAzAudAddService - ok
02:33:59.0504 5580intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
02:33:59.0523 5580intelide - ok
02:33:59.0704 5580intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:33:59.0707 5580intelppm - ok
02:33:59.0720 5580IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:33:59.0723 5580IPBusEnum - ok
02:33:59.0735 5580IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:33:59.0748 5580IpFilterDriver - ok
02:33:59.0776 5580iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
02:33:59.0785 5580iphlpsvc - ok
02:33:59.0797 5580IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:33:59.0802 5580IPMIDRV - ok
02:33:59.0808 5580IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:33:59.0811 5580IPNAT - ok
02:33:59.0823 5580IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:33:59.0825 5580IRENUM - ok
02:33:59.0831 5580isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
02:33:59.0833 5580isapnp - ok
02:33:59.0852 5580iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
02:33:59.0857 5580iScsiPrt - ok
02:33:59.0877 5580kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:33:59.0880 5580kbdclass - ok
02:33:59.0891 5580kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
02:33:59.0895 5580kbdhid - ok
02:33:59.0910 5580KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:33:59.0911 5580KeyIso - ok
02:33:59.0919 5580KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
02:33:59.0921 5580KSecDD - ok
02:33:59.0933 5580KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
02:33:59.0935 5580KSecPkg - ok
02:33:59.0944 5580ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:33:59.0946 5580ksthunk - ok
02:33:59.0967 5580KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:33:59.0977 5580KtmRm - ok
02:33:59.0999 5580LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
02:34:00.0002 5580LanmanServer - ok
02:34:00.0023 5580LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
02:34:00.0026 5580LanmanWorkstation - ok
02:34:00.0043 5580lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:34:00.0044 5580lltdio - ok
02:34:00.0065 5580lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:34:00.0070 5580lltdsvc - ok
02:34:00.0083 5580lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:34:00.0085 5580lmhosts - ok
02:34:00.0108 5580LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:34:00.0113 5580LSI_FC - ok
02:34:00.0132 5580LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:34:00.0134 5580LSI_SAS - ok
02:34:00.0144 5580LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:34:00.0146 5580LSI_SAS2 - ok
02:34:00.0161 5580LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:34:00.0165 5580LSI_SCSI - ok
02:34:00.0185 5580luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:34:00.0186 5580luafv - ok
02:34:00.0243 5580MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
02:34:00.0244 5580MBAMProtector - ok
02:34:00.0349 5580MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:34:00.0352 5580MBAMService - ok
02:34:00.0382 5580mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
02:34:00.0388 5580mcdbus - ok
02:34:00.0404 5580Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
02:34:00.0408 5580Mcx2Svc - ok
02:34:00.0422 5580megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:34:00.0425 5580megasas - ok
02:34:00.0437 5580MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:34:00.0440 5580MegaSR - ok
02:34:00.0496 5580Microsoft SharePoint Workspace Audit Service - ok
02:34:00.0516 5580MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:34:00.0518 5580MMCSS - ok
02:34:00.0529 5580Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:34:00.0531 5580Modem - ok
02:34:00.0549 5580monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:34:00.0550 5580monitor - ok
02:34:00.0560 5580mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:34:00.0562 5580mouclass - ok
02:34:00.0586 5580mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:34:00.0588 5580mouhid - ok
02:34:00.0604 5580mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
02:34:00.0605 5580mountmgr - ok
02:34:00.0677 5580MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:34:00.0690 5580MozillaMaintenance - ok
02:34:00.0705 5580mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
02:34:00.0710 5580mpio - ok
02:34:00.0717 5580mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:34:00.0719 5580mpsdrv - ok
02:34:00.0754 5580MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
02:34:00.0765 5580MpsSvc - ok
02:34:00.0802 5580MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
02:34:00.0806 5580MRxDAV - ok
02:34:00.0822 5580mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:34:00.0824 5580mrxsmb - ok
02:34:00.0837 5580mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:34:00.0839 5580mrxsmb10 - ok
02:34:00.0851 5580mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:34:00.0853 5580mrxsmb20 - ok
02:34:00.0864 5580msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
02:34:00.0867 5580msahci - ok
02:34:00.0881 5580msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
02:34:00.0886 5580msdsm - ok
02:34:00.0899 5580MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:34:00.0902 5580MSDTC - ok
02:34:00.0914 5580Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:34:00.0915 5580Msfs - ok
02:34:00.0926 5580mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:34:00.0927 5580mshidkmdf - ok
02:34:00.0934 5580msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
02:34:00.0935 5580msisadrv - ok
02:34:00.0967 5580MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:34:00.0971 5580MSiSCSI - ok
02:34:00.0974 5580msiserver - ok
02:34:00.0991 5580MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:34:00.0993 5580MSKSSRV - ok
02:34:01.0004 5580MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:34:01.0005 5580MSPCLOCK - ok
02:34:01.0019 5580MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:34:01.0020 5580MSPQM - ok
02:34:01.0043 5580MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
02:34:01.0049 5580MsRPC - ok
02:34:01.0060 5580mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:34:01.0061 5580mssmbios - ok
02:34:01.0063 5580MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:34:01.0064 5580MSTEE - ok
02:34:01.0075 5580MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:34:01.0076 5580MTConfig - ok
02:34:01.0103 5580MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
02:34:01.0106 5580MTsensor - ok
02:34:01.0123 5580Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:34:01.0124 5580Mup - ok
02:34:01.0157 5580napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
02:34:01.0168 5580napagent - ok
02:34:01.0194 5580NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:34:01.0199 5580NativeWifiP - ok
02:34:01.0244 5580NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
02:34:01.0254 5580NDIS - ok
02:34:01.0269 5580NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:34:01.0271 5580NdisCap - ok
02:34:01.0290 5580NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:34:01.0292 5580NdisTapi - ok
02:34:01.0308 5580Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
02:34:01.0312 5580Ndisuio - ok
02:34:01.0326 5580NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:34:01.0330 5580NdisWan - ok
02:34:01.0338 5580NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
02:34:01.0342 5580NDProxy - ok
02:34:01.0379 5580Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
02:34:01.0380 5580Net Driver HPZ12 - ok
02:34:01.0391 5580NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:34:01.0393 5580NetBIOS - ok
02:34:01.0408 5580NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
02:34:01.0410 5580NetBT - ok
02:34:01.0427 5580Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:34:01.0428 5580Netlogon - ok
02:34:01.0457 5580Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:34:01.0461 5580Netman - ok
02:34:01.0529 5580NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:34:01.0544 5580NetMsmqActivator - ok
02:34:01.0546 5580NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:34:01.0547 5580NetPipeActivator - ok
02:34:01.0572 5580netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:34:01.0587 5580netprofm - ok
02:34:01.0590 5580NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:34:01.0591 5580NetTcpActivator - ok
02:34:01.0594 5580NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:34:01.0595 5580NetTcpPortSharing - ok
02:34:01.0627 5580nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:34:01.0629 5580nfrd960 - ok
02:34:01.0652 5580NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
02:34:01.0655 5580NlaSvc - ok
02:34:01.0657 5580NLNdisMP - ok
02:34:01.0672 5580NLNdisPT - ok
02:34:01.0681 5580Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:34:01.0684 5580Npfs - ok
02:34:01.0687 5580nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:34:01.0689 5580nsi - ok
02:34:01.0697 5580nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:34:01.0698 5580nsiproxy - ok
02:34:01.0765 5580Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
02:34:01.0792 5580Ntfs - ok
02:34:01.0857 5580Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:34:01.0858 5580Null - ok
02:34:01.0876 5580nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
02:34:01.0883 5580nvraid - ok
02:34:01.0890 5580nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
02:34:01.0895 5580nvstor - ok
02:34:01.0902 5580nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
02:34:01.0905 5580nv_agp - ok
02:34:01.0923 5580ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
02:34:01.0925 5580ohci1394 - ok
02:34:01.0987 5580ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:34:01.0990 5580ose64 - ok
02:34:02.0163 5580osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:34:02.0237 5580osppsvc - ok
02:34:02.0330 5580p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:34:02.0334 5580p2pimsvc - ok
02:34:02.0357 5580p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:34:02.0369 5580p2psvc - ok
02:34:02.0397 5580Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:34:02.0399 5580Parport - ok
02:34:02.0410 5580partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
02:34:02.0411 5580partmgr - ok
02:34:02.0431 5580PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:34:02.0433 5580PcaSvc - ok
02:34:02.0449 5580pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
02:34:02.0451 5580pci - ok
02:34:02.0458 5580pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
02:34:02.0459 5580pciide - ok
02:34:02.0468 5580pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:34:02.0472 5580pcmcia - ok
02:34:02.0495 5580pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
02:34:02.0500 5580pcouffin - ok
02:34:02.0515 5580pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:34:02.0516 5580pcw - ok
02:34:02.0539 5580PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:34:02.0544 5580PEAUTH - ok
02:34:02.0599 5580PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
02:34:02.0628 5580PeerDistSvc - ok
02:34:02.0710 5580PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:34:02.0717 5580PerfHost - ok
02:34:02.0809 5580pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
02:34:02.0828 5580pla - ok
02:34:02.0859 5580PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
02:34:02.0863 5580PlugPlay - ok
02:34:02.0914 5580Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
02:34:02.0915 5580Pml Driver HPZ12 - ok
02:34:02.0929 5580PnkBstrA - ok
02:34:02.0940 5580PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:34:02.0943 5580PNRPAutoReg - ok
02:34:02.0963 5580PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:34:02.0966 5580PNRPsvc - ok
02:34:02.0998 5580PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
02:34:03.0008 5580PolicyAgent - ok
 
02:34:03.0028 5580Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:34:03.0031 5580Power - ok
02:34:03.0072 5580PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
02:34:03.0077 5580PptpMiniport - ok
02:34:03.0098 5580Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:34:03.0101 5580Processor - ok
02:34:03.0126 5580ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
02:34:03.0128 5580ProfSvc - ok
02:34:03.0143 5580ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:34:03.0144 5580ProtectedStorage - ok
02:34:03.0160 5580Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
02:34:03.0161 5580Psched - ok
02:34:03.0220 5580ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:34:03.0234 5580ql2300 - ok
02:34:03.0295 5580ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:34:03.0298 5580ql40xx - ok
02:34:03.0315 5580QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:34:03.0319 5580QWAVE - ok
02:34:03.0329 5580QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:34:03.0333 5580QWAVEdrv - ok
02:34:03.0344 5580RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:34:03.0345 5580RasAcd - ok
02:34:03.0361 5580RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:34:03.0364 5580RasAgileVpn - ok
02:34:03.0378 5580RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:34:03.0381 5580RasAuto - ok
02:34:03.0399 5580Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:34:03.0404 5580Rasl2tp - ok
02:34:03.0424 5580RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
02:34:03.0433 5580RasMan - ok
02:34:03.0438 5580RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:34:03.0441 5580RasPppoe - ok
02:34:03.0455 5580RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:34:03.0457 5580RasSstp - ok
02:34:03.0482 5580rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
02:34:03.0498 5580rdbss - ok
02:34:03.0512 5580rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:34:03.0514 5580rdpbus - ok
02:34:03.0523 5580RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:34:03.0524 5580RDPCDD - ok
02:34:03.0533 5580RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
02:34:03.0538 5580RDPDR - ok
02:34:03.0545 5580RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:34:03.0546 5580RDPENCDD - ok
02:34:03.0556 5580RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:34:03.0557 5580RDPREFMP - ok
02:34:03.0565 5580RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
02:34:03.0570 5580RDPWD - ok
02:34:03.0595 5580rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
02:34:03.0597 5580rdyboost - ok
02:34:03.0610 5580RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:34:03.0613 5580RemoteAccess - ok
02:34:03.0631 5580RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:34:03.0635 5580RemoteRegistry - ok
02:34:03.0655 5580RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:34:03.0657 5580RpcEptMapper - ok
02:34:03.0674 5580RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:34:03.0676 5580RpcLocator - ok
02:34:03.0701 5580RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:34:03.0704 5580RpcSs - ok
02:34:03.0710 5580rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:34:03.0711 5580rspndr - ok
02:34:03.0751 5580RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:34:03.0765 5580RTL8167 - ok
02:34:03.0816 5580s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
02:34:03.0819 5580s3cap - ok
02:34:03.0827 5580SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:34:03.0828 5580SamSs - ok
02:34:03.0834 5580sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
02:34:03.0839 5580sbp2port - ok
02:34:03.0860 5580SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
02:34:03.0864 5580SBRE - ok
02:34:03.0882 5580SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:34:03.0886 5580SCardSvr - ok
02:34:03.0895 5580scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
02:34:03.0899 5580scfilter - ok
02:34:03.0947 5580Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
02:34:03.0961 5580Schedule - ok
02:34:03.0980 5580SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:34:03.0981 5580SCPolicySvc - ok
02:34:03.0999 5580SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
02:34:04.0005 5580SDRSVC - ok
02:34:04.0039 5580secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:34:04.0040 5580secdrv - ok
02:34:04.0050 5580seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
02:34:04.0051 5580seclogon - ok
02:34:04.0059 5580SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:34:04.0061 5580SENS - ok
02:34:04.0070 5580SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:34:04.0073 5580SensrSvc - ok
02:34:04.0079 5580Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:34:04.0081 5580Serenum - ok
02:34:04.0089 5580Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:34:04.0091 5580Serial - ok
02:34:04.0104 5580sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:34:04.0106 5580sermouse - ok
02:34:04.0131 5580SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
02:34:04.0133 5580SessionEnv - ok
02:34:04.0148 5580sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
02:34:04.0149 5580sffdisk - ok
02:34:04.0159 5580sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:34:04.0161 5580sffp_mmc - ok
02:34:04.0175 5580sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:34:04.0178 5580sffp_sd - ok
02:34:04.0188 5580sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:34:04.0190 5580sfloppy - ok
02:34:04.0222 5580SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:34:04.0231 5580SharedAccess - ok
02:34:04.0256 5580ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
02:34:04.0260 5580ShellHWDetection - ok
02:34:04.0281 5580SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:34:04.0283 5580SiSRaid2 - ok
02:34:04.0288 5580SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:34:04.0290 5580SiSRaid4 - ok
02:34:04.0353 5580SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
02:34:04.0354 5580SkypeUpdate - ok
02:34:04.0360 5580Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:34:04.0362 5580Smb - ok
02:34:04.0389 5580SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:34:04.0391 5580SNMPTRAP - ok
02:34:04.0461 5580SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
02:34:04.0474 5580SolidWorks Licensing Service - ok
02:34:04.0528 5580speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
02:34:04.0530 5580speedfan - ok
02:34:04.0537 5580spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:34:04.0538 5580spldr - ok
02:34:04.0567 5580Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
02:34:04.0575 5580Spooler - ok
02:34:04.0713 5580sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
02:34:04.0791 5580sppsvc - ok
02:34:04.0844 5580sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:34:04.0846 5580sppuinotify - ok
02:34:04.0883 5580srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
02:34:04.0894 5580srv - ok
02:34:04.0920 5580srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
02:34:04.0932 5580srv2 - ok
02:34:04.0947 5580srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
02:34:04.0949 5580srvnet - ok
02:34:04.0966 5580SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:34:04.0969 5580SSDPSRV - ok
02:34:04.0983 5580SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:34:04.0985 5580SstpSvc - ok
02:34:05.0041 5580Steam Client Service - ok
02:34:05.0057 5580stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:34:05.0059 5580stexstor - ok
02:34:05.0102 5580stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
02:34:05.0111 5580stisvc - ok
02:34:05.0141 5580storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
02:34:05.0142 5580storflt - ok
02:34:05.0153 5580StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
02:34:05.0157 5580StorSvc - ok
02:34:05.0173 5580storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
02:34:05.0177 5580storvsc - ok
02:34:05.0191 5580swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:34:05.0193 5580swenum - ok
02:34:05.0246 5580SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:34:05.0248 5580SwitchBoard - ok
02:34:05.0276 5580swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:34:05.0286 5580swprv - ok
02:34:05.0356 5580SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
02:34:05.0378 5580SysMain - ok
02:34:05.0435 5580TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
02:34:05.0440 5580TabletInputService - ok
02:34:05.0463 5580TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
02:34:05.0470 5580TapiSrv - ok
02:34:05.0482 5580TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:34:05.0484 5580TBS - ok
02:34:05.0572 5580Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
02:34:05.0591 5580Tcpip - ok
02:34:05.0694 5580TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
02:34:05.0702 5580TCPIP6 - ok
02:34:05.0743 5580tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
02:34:05.0744 5580tcpipreg - ok
02:34:05.0752 5580TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:34:05.0754 5580TDPIPE - ok
02:34:05.0761 5580TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:34:05.0763 5580TDTCP - ok
02:34:05.0785 5580tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
02:34:05.0789 5580tdx - ok
02:34:05.0806 5580TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
02:34:05.0810 5580TermDD - ok
02:34:05.0845 5580TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
02:34:05.0857 5580TermService - ok
02:34:05.0868 5580Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:34:05.0870 5580Themes - ok
02:34:05.0891 5580THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:34:05.0892 5580THREADORDER - ok
02:34:05.0907 5580TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:34:05.0909 5580TrkWks - ok
02:34:05.0943 5580trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
02:34:05.0946 5580trufos - ok
02:34:05.0981 5580TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
02:34:05.0982 5580TrustedInstaller - ok
02:34:05.0991 5580tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:34:05.0994 5580tssecsrv - ok
02:34:06.0011 5580tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
02:34:06.0015 5580tunnel - ok
02:34:06.0026 5580uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:34:06.0028 5580uagp35 - ok
02:34:06.0046 5580udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
02:34:06.0062 5580udfs - ok
02:34:06.0081 5580UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:34:06.0084 5580UI0Detect - ok
02:34:06.0092 5580uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:34:06.0095 5580uliagpkx - ok
02:34:06.0116 5580umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
02:34:06.0120 5580umbus - ok
02:34:06.0131 5580UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:34:06.0132 5580UmPass - ok
02:34:06.0153 5580UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
02:34:06.0156 5580UmRdpService - ok
02:34:06.0236 5580Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
02:34:06.0251 5580Update Server - ok
02:34:06.0299 5580UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
02:34:06.0325 5580UPDATESRV - ok
02:34:06.0346 5580upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:34:06.0350 5580upnphost - ok
02:34:06.0394 5580usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
02:34:06.0398 5580usbaudio - ok
02:34:06.0412 5580usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
02:34:06.0416 5580usbccgp - ok
02:34:06.0443 5580usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
02:34:06.0446 5580usbcir - ok
02:34:06.0465 5580usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
02:34:06.0468 5580usbehci - ok
02:34:06.0492 5580usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
02:34:06.0499 5580usbhub - ok
02:34:06.0505 5580usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:34:06.0507 5580usbohci - ok
02:34:06.0523 5580usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:34:06.0525 5580usbprint - ok
02:34:06.0545 5580usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:34:06.0547 5580usbscan - ok
02:34:06.0552 5580USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:34:06.0555 5580USBSTOR - ok
02:34:06.0565 5580usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:34:06.0567 5580usbuhci - ok
02:34:06.0574 5580UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:34:06.0576 5580UxSms - ok
02:34:06.0593 5580VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:34:06.0594 5580VaultSvc - ok
02:34:06.0613 5580vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:34:06.0614 5580vdrvroot - ok
02:34:06.0645 5580vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
02:34:06.0659 5580vds - ok
02:34:06.0713 5580VF0470Vid (8731905e73670b4a0c2fd4c774d3099d) C:\Windows\system32\DRIVERS\V0470Vid.sys
02:34:06.0718 5580VF0470Vid - ok
02:34:06.0730 5580vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:34:06.0732 5580vga - ok
02:34:06.0742 5580VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:34:06.0744 5580VgaSave - ok
02:34:06.0758 5580vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
02:34:06.0764 5580vhdmp - ok
02:34:06.0777 5580viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
02:34:06.0779 5580viaide - ok
02:34:06.0787 5580vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
02:34:06.0793 5580vmbus - ok
02:34:06.0807 5580VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
02:34:06.0810 5580VMBusHID - ok
02:34:06.0823 5580volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
02:34:06.0824 5580volmgr - ok
02:34:06.0846 5580volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
02:34:06.0849 5580volmgrx - ok
02:34:06.0864 5580volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
02:34:06.0867 5580volsnap - ok
02:34:06.0885 5580vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:34:06.0888 5580vsmraid - ok
02:34:06.0951 5580VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
02:34:06.0973 5580VSS - ok
02:34:07.0004 5580VSSERV - ok
02:34:07.0075 5580vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:34:07.0077 5580vwifibus - ok
02:34:07.0101 5580W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:34:07.0105 5580W32Time - ok
02:34:07.0110 5580WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:34:07.0112 5580WacomPen - ok
02:34:07.0127 5580WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:07.0132 5580WANARP - ok
02:34:07.0134 5580Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:07.0135 5580Wanarpv6 - ok
02:34:07.0197 5580wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
02:34:07.0219 5580wbengine - ok
02:34:07.0257 5580WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:34:07.0262 5580WbioSrvc - ok
02:34:07.0285 5580wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
02:34:07.0291 5580wcncsvc - ok
02:34:07.0294 5580WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:34:07.0297 5580WcsPlugInService - ok
02:34:07.0302 5580Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:34:07.0303 5580Wd - ok
02:34:07.0337 5580WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
02:34:07.0339 5580WDC_SAM - ok
02:34:07.0374 5580Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:34:07.0381 5580Wdf01000 - ok
02:34:07.0389 5580WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:34:07.0392 5580WdiServiceHost - ok
02:34:07.0394 5580WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:34:07.0396 5580WdiSystemHost - ok
02:34:07.0411 5580WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
02:34:07.0418 5580WebClient - ok
02:34:07.0435 5580Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:34:07.0439 5580Wecsvc - ok
02:34:07.0457 5580wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:34:07.0459 5580wercplsupport - ok
02:34:07.0481 5580WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:34:07.0483 5580WerSvc - ok
02:34:07.0503 5580WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:34:07.0504 5580WfpLwf - ok
02:34:07.0508 5580WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:34:07.0510 5580WIMMount - ok
02:34:07.0527 5580WinDefend - ok
02:34:07.0533 5580WinHttpAutoProxySvc - ok
02:34:07.0586 5580Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:34:07.0588 5580Winmgmt - ok
02:34:07.0664 5580WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
02:34:07.0726 5580WinRM - ok
02:34:07.0810 5580WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
02:34:07.0814 5580WinUsb - ok
02:34:07.0859 5580Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:34:07.0895 5580Wlansvc - ok
02:34:08.0010 5580wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:34:08.0021 5580wlidsvc - ok
02:34:08.0054 5580WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:34:08.0055 5580WmiAcpi - ok
02:34:08.0083 5580wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:34:08.0087 5580wmiApSrv - ok
02:34:08.0099 5580WMPNetworkSvc - ok
02:34:08.0109 5580WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:34:08.0111 5580WPCSvc - ok
02:34:08.0126 5580WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
02:34:08.0128 5580WPDBusEnum - ok
02:34:08.0139 5580ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:34:08.0141 5580ws2ifsl - ok
02:34:08.0157 5580wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
02:34:08.0160 5580wscsvc - ok
02:34:08.0162 5580WSearch - ok
02:34:08.0248 5580wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
02:34:08.0281 5580wuauserv - ok
02:34:08.0357 5580WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
02:34:08.0358 5580WudfPf - ok
02:34:08.0374 5580WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:34:08.0378 5580WUDFRd - ok
02:34:08.0393 5580wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
02:34:08.0395 5580wudfsvc - ok

02:34:08.0412 5580WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:34:08.0417 5580WwanSvc - ok
02:34:08.0478 5580xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
02:34:08.0494 5580xnacc - ok
02:34:08.0513 5580xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
02:34:08.0515 5580xusb21 - ok
02:34:08.0595 5580YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:34:08.0608 5580YahooAUService - ok
02:34:09.0081 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
02:34:09.0152 5580\Device\Harddisk1\DR1 - ok
02:34:09.0166 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
02:34:09.0307 5580\Device\Harddisk2\DR2 - ok
02:34:09.0309 5580MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:34:09.0753 5580\Device\Harddisk0\DR0 - ok
02:34:09.0755 5580Boot (0x1200) (071e47c0c9537506f747c9f62bb3289f) \Device\Harddisk1\DR1\Partition0
02:34:09.0756 5580\Device\Harddisk1\DR1\Partition0 - ok
02:34:09.0777 5580Boot (0x1200) (e9c06738d51cfe052e2e058c8e1970d6) \Device\Harddisk1\DR1\Partition1
02:34:09.0778 5580\Device\Harddisk1\DR1\Partition1 - ok
02:34:09.0797 5580Boot (0x1200) (61095db5edbbdd43df74c5567a69609c) \Device\Harddisk1\DR1\Partition2
02:34:09.0798 5580\Device\Harddisk1\DR1\Partition2 - ok
02:34:09.0825 5580Boot (0x1200) (48508b5483c9d6cbb8c7ff377c6e1d43) \Device\Harddisk2\DR2\Partition0
02:34:09.0826 5580\Device\Harddisk2\DR2\Partition0 - ok
02:34:09.0878 5580Boot (0x1200) (d1fe21b4c5eea8726e490a3c12855147) \Device\Harddisk2\DR2\Partition1
02:34:09.0879 5580\Device\Harddisk2\DR2\Partition1 - ok
02:34:09.0882 5580Boot (0x1200) (4bf38942b330383672c4f7079c19893a) \Device\Harddisk0\DR0\Partition0
02:34:09.0883 5580\Device\Harddisk0\DR0\Partition0 - ok
02:34:09.0885 5580Boot (0x1200) (e5ee91362aa38e430f8b689dbde3dac8) \Device\Harddisk0\DR0\Partition1
02:34:09.0886 5580\Device\Harddisk0\DR0\Partition1 - ok
02:34:09.0887 5580============================================================
02:34:09.0887 5580Scan finished
02:34:09.0887 5580============================================================
02:34:09.0894 6528Detected object count: 0
02:34:09.0894 6528Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I downloaded like u told me and disabled antivirus and closed every running program and after I clicked run blue screen of death :)
 
ok I will later but can you please tell me why all these steps needed and I even have one of the strongest antiviruses software updated regularly
 
We're checking for possible infections.
We don't have to.
You asked for help.
 
:) do not misunderstand me I just wanted to know why all these programs and I already know the name of the hjacking site
.ComboFix 12-07-31.03 - islam 08/02/2012 4:19.1.6 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7600.0.1256.20.1033.18.4095.2882 [GMT 3:00]
Running from: c:\users\islam\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Enabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1009839559.bdinstall.bin
c:\users\islam\AppData\Roaming\logs
c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.cfg
c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.dat
c:\users\islam\AppData\Roaming\Microsoft\Windows\pL0oyP5.xtr
c:\users\islam\AppData\Roaming\system32
c:\users\islam\SvcHost.exe
c:\users\islam\SvcHost.exe.tmp
c:\windows\SysWow64\tmpC45B.tmp
c:\windows\SysWow64\tmpC4BA.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 01:32 . 2012-08-02 01:32--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\users\islam\AppData\Roaming\Malwarebytes
2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\programdata\Malwarebytes
2012-07-29 23:40 . 2012-07-29 23:40--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 23:40 . 2012-07-03 10:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-29 18:06 . 2012-07-29 18:06--------d-----w-c:\program files (x86)\Common Files\Skype
2012-07-29 18:06 . 2012-07-29 18:06--------d-----r-c:\program files (x86)\Skype
2012-07-28 19:00 . 2012-07-31 22:05--------d-----w-c:\program files\SUPERAntiSpyware
2012-07-28 18:59 . 2012-07-28 18:59--------d-----w-c:\users\islam\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 00:44 . 2012-01-12 06:2857976----a-r-c:\windows\system32\drivers\SBREDrv.sys
2012-07-28 00:21 . 2012-07-28 19:18--------d-----w-c:\program files (x86)\Common Files\PC Tools
2012-07-28 00:21 . 2012-06-22 12:35251560----a-w-c:\windows\system32\drivers\PCTSD64.sys
2012-07-28 00:17 . 2012-07-28 00:17--------d-----w-c:\users\islam\AppData\Roaming\TestApp
2012-07-28 00:17 . 2012-07-28 00:17--------d-----w-c:\programdata\PC Tools
2012-07-23 01:13 . 2001-12-31 21:01--------d-----w-c:\program files (x86)\hpmonitor
2012-07-23 01:12 . 2012-07-23 01:12--------d-----w-C:\Downloads
2012-07-23 01:08 . 2012-07-23 01:12--------d-----w-c:\program files (x86)\AnyTube Downloader
2012-07-23 00:50 . 2012-07-23 00:50--------d-----w-C:\YouTubeVideos
2012-07-23 00:26 . 2012-07-23 00:26--------d-----w-C:\myyoutube
2012-07-23 00:25 . 2012-07-23 01:14--------d-----w-c:\program files (x86)\1-Click YouTube Downloader
2012-07-23 00:19 . 2012-07-23 00:19--------d-----w-c:\program files\YoutubeDownloader.org
2012-07-23 00:19 . 2012-07-23 00:19--------d-----w-c:\program files (x86)\YoutubeDownloader.org
2012-07-23 00:16 . 2012-07-23 00:16--------d-----w-c:\windows\Sun
2012-07-20 14:06 . 2012-07-20 14:06--------d-----w-c:\users\islam\AppData\Roaming\2K Sports
2012-07-19 19:41 . 2012-07-19 19:41--------d-----w-c:\users\islam\AppData\Roaming\Yahoo!
2012-07-18 13:31 . 2012-07-18 13:32--------d-----w-c:\program files\Core Temp
2012-07-18 13:26 . 2012-07-20 22:03--------d-----w-c:\program files (x86)\SpeedFan
2012-07-13 00:51 . 2012-03-08 16:5065912----a-w-c:\program files (x86)\Windows Media Player\msgrapp.dll
2012-07-08 14:25 . 2012-07-08 14:25--------d-----w-c:\program files (x86)\AMD
2012-07-08 14:24 . 2012-07-08 14:24--------d-----w-c:\users\islam\AppData\Local\Downloaded Installations
2012-07-07 20:08 . 2012-07-07 20:08--------d-----w-c:\users\islam\AppData\Local\BigHugeEngine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 23:09 . 2012-04-09 10:10426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 23:09 . 2002-01-01 00:5170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 06:20 . 2011-11-06 00:3148648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-10 05:52 . 2011-12-28 09:4748648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-30 08:52 . 2012-06-23 00:354329472----a-w-c:\windows\system32\x264vfw.dll
2012-05-30 06:17 . 2012-05-30 06:1771680----a-w-c:\windows\system32\frapsv64.dll
2012-05-30 06:17 . 2012-05-30 06:1765536----a-w-c:\windows\SysWow64\frapsvid.dll
2012-05-26 10:45 . 2012-06-23 00:35137216----a-w-c:\windows\system32\mlc.dll
2012-05-20 20:55 . 2012-05-20 20:55189248----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-05-20 20:55 . 2012-05-20 20:5575136----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-05-19 22:24 . 2012-05-19 22:24119808----a-r-c:\users\islam\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-05-04 16:29 . 2012-06-21 16:21772504----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 16:29 . 2012-06-21 16:21687504----a-w-c:\windows\SysWow64\deployJava1.dll
2011-12-29 04:2027136--shatr-c:\windows\System32\bddel.exe
2010-05-26 09:41276832--shatr-c:\windows\System32\d3dx11_43.dll
2009-07-14 01:41479232--shatr-c:\windows\System32\spool\drivers\x64\3\unidrv.dll
2009-07-14 01:41884224--shatr-c:\windows\System32\spool\drivers\x64\3\unidrvui.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-10-06 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\OSCAR Editor\OscarEditor.exe" [2009-11-24 2642432]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Creative Live! Cam Manager"="c:\program files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552]
"CTRegRun"="c:\windows\CTRegRun.EXE" [2006-10-06 53248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-10-25 3437976]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]
"Facebook Update"="c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"NTServiceManager"="c:\program files (x86)\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2011-04-11 5402752]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-04-11 32768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\islam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
99a7400c6ad316c96473810799a4e904.exe [2012-7-31 26624]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-8 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-05-10 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 ALSysIO;ALSysIO;c:\users\islam\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU Boost Driver\amd64\AODDriver.sys [2010-03-12 52280]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-03-01 545064]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2012-02-03 79952]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-19 1431888]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-01-23 249856]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-11-04 466736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-30 691896]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-12-25 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-12-25 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2001-12-31 270912]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-05-10 57472]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-30 66096]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-12-25 258736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-07 82048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-04-20 182464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:09]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000Core.job
- c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 21:26]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000UA.job
- c:\users\islam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 21:26]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000Core.job
- c:\users\islam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 11:53]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931541716-2785394565-3246238758-1000UA.job
- c:\users\islam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-28 11:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:5022408----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-30 1067256]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.smartwebsearch.net/index.php?from=3
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\islam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\islam\AppData\Roaming\Mozilla\Firefox\Profiles\2bdzyozy.default\
FF - prefs.js: browser.search.selectedEngine - google-feed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.smartwebsearch.net/index.php?from=3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Wow6432Node-HKCU-Run-TrackerChecker2 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
Wow6432Node-HKCU-Run-99a7400c6ad316c96473810799a4e904 - c:\users\islam\SvcHost.exe
Wow6432Node-HKLM-Run-99a7400c6ad316c96473810799a4e904 - c:\users\islam\SvcHost.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vrfIyq7KygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1f,99,68,7d,eb,8d,23,6d,37,a5,79,41,3e,6a,bc,a4,9a,c8,de,ed,c0,
bc,11,49,db,12,dc,62,45,52,6e,c4,9e,b1,5c,de,73,8e,4e,17,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3a,e4,de,37,3e,e9,ea,6e,7f,5b,1e,8c,7d,cc,d0,55,96,01,92,8a,a3,
7f,ec,11,7f,0a,74,a5,af,70,27,ad,c1,e1,87,c9,98,26,b2,0d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7baa0223-9ad0-4d46-be58-31dc4b05c40f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000016c
"Therad"=dword:00000029
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,1e,03,5a,a8,93,02,ec,74,d4,ef,60,92,54,e4,7e,8f,99,c0,8c,58,9a,8a,\
.
[HKEY_USERS\S-1-5-21-1931541716-2785394565-3246238758-1000_Classes\Wow6432Node\CLSID\{7da38cca-6412-4ee9-9fda-1e0a491f812a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000132
"Therad"=dword:00000017
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-08-02 04:39:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 01:39
.
Pre-Run: 256,579,829,760 bytes free
Post-Run: 264,310,153,216 bytes free
.
- - End Of File - - 81E2E74F366D21FBAC7F51203B86FF3B
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
475
eriksnyman1
E
M
Virus warning popup
Replies
1
Views
539
Mark Fuller
M
D
Apple warns users in 92 countries of mercenary spyware attacks
Replies
1
Views
89
erickmendes
erickmendes

Latest posts

Back