Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Certain files attempting to change my regitsry

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 6th, 2014, 11:55 am

Hello,

I've got about 4 files that are attempting to change my registry or are requesting unlimited access to my computer i have tried to delete these files but no luck each time says the file is no longer located there here are the names of these files.

system32\mutex-threads.exe
system32\idle-threads.exe
system32\latch-threads.exe
system32\semaphore-threads.exe
bbcdboots.exe


here is the dds log.

DDS (Ver_11-03-05.01) - NTFSx86
Run by SL!ghtLY St00p!D at 23:48:14.81 on Mon 06/01/2014
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.45.2
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2036.1123 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\semaphore-Threads.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\SL!ghtLY St00p!D\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Comodo\COMODO Internet Security\cis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\idle-Threads.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\SL!ghtLY St00p!D\AppData\Local\Temp\nsyDF78.tmp\ns61A4.tmp
C:\Users\SL!ghtLY St00p!D\AppData\Local\Temp\nss5266.tmp\ns1D64.tmp
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\SL!ghtLY St00p!D\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en& ... bd=1080704
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://search.shareware.pro/?lang=en
mSearch Page = hxxp://search.shareware.pro/?lang=en
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\dodo speed accelerator\components\NOWImaging.dll
BHO: {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\progra~1\dodosp~1\sliplsp.dll
Trusted Zone: dell.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.41\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 scssifilter;scssifilter;c:\windows\system32\drivers\scssifilter32.sys [2012-3-20 19120]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-5 165456]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-4-15 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-4-15 584496]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-4-15 43728]
R2 .Net Main;Microsoft.NET Framework Kernel x2.0c;system32\idle-Threads.exe --> system32\idle-Threads.exe [?]
R2 .Net Semaphore;CNG Key Isolation Service x2.0c;system32\semaphore-Threads.exe --> system32\semaphore-Threads.exe [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2014-1-5 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-5 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2014-1-5 40384]
R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-6 793048]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2014-1-5 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2014-1-5 40384]
S2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;system32\mutex-Threads.exe --> system32\mutex-Threads.exe [?]
S2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;system32\latch-Threads.exe --> system32\latch-Threads.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-22 135664]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\teamviewer_service.exe --> c:\program files\teamviewer\version6\TeamViewer_Service.exe [?]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-4-15 131288]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-4 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-22 135664]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2013-4-26 20080]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-4-14 103552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-06 15:20:14 97072 ---h--r- C:\bcdboots2441A0323.exe
2014-01-06 15:07:34 97072 ---h--r- C:\bcdboots5371A0323.exe
2014-01-06 15:00:09 97072 ---h--r- C:\bcdboots031032A0A.exe
2014-01-05 16:15:17 -------- d-----w- c:\users\sl!ghtly st00p!d\appdata\local\Sony
2014-01-05 14:46:18 -------- d-----w- c:\program files\CCleaner
2014-01-05 13:36:47 97072 ---h--r- C:\bcdboots931062F17.exe
2014-01-05 13:30:52 97072 ---h--r- C:\bcdboots046EB51F1.exe
2014-01-05 13:25:27 97072 ---h--r- C:\bcdboots2451F062E.exe
2014-01-05 13:19:55 97072 ---h--r- C:\bcdboots4331B0222.exe
2014-01-05 13:13:16 97072 ---h--r- C:\bcdboots939183DE5.exe
2014-01-05 13:07:44 97072 ---h--r- C:\bcdbootsB30062F17.exe
2014-01-05 13:00:29 97072 ---h--r- C:\bcdboots039082D15.exe
2014-01-05 12:51:20 97072 ------w- C:\bcdboots6431E072F.exe
2014-01-05 12:21:29 97072 ---h--r- C:\bcdboots5340F361E.exe
2014-01-05 08:34:48 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 08:33:33 38848 ----a-w- c:\windows\avastSS.scr
2014-01-05 08:33:18 -------- d-----w- c:\progra~2\Alwil Software
2014-01-04 10:58:41 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 09:43:06 -------- d-----w- C:\The Legend of Korra
2014-01-04 09:39:41 -------- d-----w- C:\Avatar The Legend of Korra Season 1 - Air 720p [Extremlym]
2014-01-04 08:07:21 -------- d-----w- c:\windows\system32\MRT
2014-01-04 07:54:00 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-01-04 07:53:57 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-04 07:53:57 16896 ----a-w- c:\windows\system32\winusb.dll
2014-01-04 07:53:57 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-04 07:53:56 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-04 07:53:56 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-01-04 07:53:56 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-04 07:53:53 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-04 07:53:53 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-04 07:53:53 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-04 07:36:56 812544 ----a-w- c:\windows\system32\certutil.exe
2014-01-04 07:36:55 41984 ----a-w- c:\windows\system32\certenc.dll
2014-01-04 07:36:11 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-04 07:36:11 37376 ----a-w- c:\windows\system32\cdd.dll
2014-01-04 07:36:09 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-01-04 07:36:04 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-04 07:36:01 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-01-04 07:34:04 992768 ----a-w- c:\windows\system32\crypt32.dll
2014-01-04 07:34:04 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-04 07:34:04 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-01-04 07:34:04 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-04 07:33:21 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-01-04 07:33:16 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-04 07:33:15 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-04 07:23:44 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-01-04 07:23:44 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-01-04 07:23:43 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-01-04 07:23:43 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-01-04 07:21:36 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 06:31:00 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-04 06:30:57 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-04 06:08:58 -------- d-----w- C:\Dracula 2013 S01E07 HDTV x264-LOL[ettv]
2014-01-03 16:08:11 -------- d-----w- C:\Bad.Grandpa.2013 HDRip XViD NO1KNOWS
2013-12-31 04:30:50 -------- d-----w- C:\Lone Survivor 2013 DVDScr x264 NO1KNOWS
2013-12-30 06:35:30 -------- d-----w- C:\American Hustle 2013 DVDScr XViD AC3-FiNGERBLaST
2013-12-29 03:52:05 -------- d-----w- C:\The.Hobbit.The.Desolation.of.Smaug.2013.DVDSCR.AAC.x264-P2P
2013-12-29 02:36:21 -------- d-----w- C:\Voodoo.Possession.2014.DVDRip.XviD juggs
2013-12-27 07:53:26 -------- d-----w- C:\Avatar The Last Airbender Book 1,2,3[Water,Earth,Fire] Complete episods Salman Sk Silver RG
.
==================== Find3M ====================
.
2014-01-05 11:45:52 583472 ---h--r- c:\windows\system32\ProgramlicenseRequired.exe
2014-01-05 04:24:53 8007680 ------r- c:\windows\system32\Microsoft.mshtml.dll
2014-01-05 04:24:53 126976 ------r- c:\windows\system32\Interop.SHDocVw.dll
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-11 02:08:55 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-11 00:35:42 135168 ----a-w- c:\windows\system32\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- c:\windows\system32\wscript.exe
2008-03-22 20:09:42 405504 --sh--r- c:\windows\system32\vshadow.exe
2005-06-08 20:10:04 364032 --sh--r- c:\windows\system32\vshadowamd64.exe
2008-03-22 20:13:22 352256 --sh--r- c:\windows\system32\vshadowXP.exe
.
============= FINISH: 23:49:20.18 ===============
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am
Advertisement
Register to Remove

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 8th, 2014, 7:55 am

Hi HelloEveryone,

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 8th, 2014, 8:01 am

Hi HelloEveryone,

Step 1
Please post the contents of the Attach.txt file, created by DDS.

Step 2 - CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Right-click on the CKScanner.exe icon and select "Run as Administrator", then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 10th, 2014, 12:38 am

Hey thanks for helping me here are those logs you wanted


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/07/2008 11:56:12 PM
System Uptime: 10/01/2014 11:42:18 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 30.042 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 543.189 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP560: 7/01/2014 4:28:00 PM - Scheduled Checkpoint
RP561: 10/01/2014 2:48:06 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================


CKSanner didn't come up with much

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.GSAPH0
----- EOF -----
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 10th, 2014, 8:32 am

Hi Helloeveryone,

Next:
OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 10th, 2014, 5:20 pm

Hey here are the logs

OTL logfile created on: 11/01/2014 4:43:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SL!ghtLY St00p!D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.48% Memory free
4.21 Gb Paging File | 2.47 Gb Available in Paging File | 58.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 28.86 Gb Free Space | 20.77% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: SL!ghtLY St00p!D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 04:41:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SL!ghtLY St00p!D\Desktop\OTL.com
PRC - [2014/01/07 01:27:04 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/07 01:27:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/07 01:26:18 | 000,113,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/01/04 14:17:33 | 000,904,272 | ---- | M] (BitTorrent Inc.) -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/12/04 11:54:12 | 000,866,256 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/09/24 18:53:53 | 004,831,680 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2013/09/24 18:53:26 | 007,022,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cis.exe
PRC - [2013/09/24 18:53:26 | 001,576,152 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
PRC - [2013/09/24 18:53:25 | 001,857,752 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
PRC - [2013/05/10 04:06:55 | 009,295,664 | RH-- | M] () -- C:\Windows\System32\idle-Threads.exe
PRC - [2012/11/22 20:33:56 | 000,488,752 | -HS- | M] () -- C:\Windows\System32\semaphore-Threads.exe
PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/02/03 13:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/07/27 09:37:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/21 10:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007/05/11 21:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/07 01:27:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/04 11:54:10 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.41\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 11:54:07 | 004,054,992 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.41\pdf.dll
MOD - [2013/12/04 11:53:14 | 001,634,256 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.41\ffmpegsumo.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2014/01/07 01:48:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/07 01:27:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/01/07 01:26:18 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/12/12 03:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 18:53:53 | 004,831,680 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/09/24 18:53:27 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/05/10 04:06:55 | 009,295,664 | RH-- | M] () [Auto | Running] -- C:\Windows\System32\idle-Threads.exe -- (.Net Main)
SRV - [2012/11/22 20:33:56 | 009,478,448 | RHS- | M] () [Auto | Stopped] -- C:\Windows\System32\latch-Threads.exe -- (.Net Security)
SRV - [2012/11/22 20:33:56 | 009,473,840 | RHS- | M] () [Auto | Stopped] -- C:\Windows\System32\mutex-Threads.exe -- (.Net Crypt)
SRV - [2012/11/22 20:33:56 | 000,488,752 | -HS- | M] () [Auto | Running] -- C:\Windows\System32\semaphore-Threads.exe -- (.Net Semaphore)
SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/07/27 09:37:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 10:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 10:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnet.sys -- (ZTEusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SL!ghtLY St00p!D\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/01/07 01:27:39 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/07 01:27:39 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/01/07 01:27:39 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/07 01:27:37 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/07 01:27:37 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/07 01:27:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/01/07 01:27:36 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/01/07 01:26:50 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2014/01/07 01:26:19 | 000,252,336 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2014/01/07 01:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/09/24 18:54:03 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/09/24 18:54:03 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 18:54:02 | 000,584,496 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/09/24 18:54:01 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/11/22 20:33:44 | 000,019,632 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\usbvox32.sys -- (usbvox)
DRV - [2012/11/22 20:33:44 | 000,019,120 | R--- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\scssifilter32.sys -- (scssifilter)
DRV - [2012/11/22 20:33:44 | 000,019,120 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\usbmp332.sys -- (usbmp3)
DRV - [2012/11/22 20:33:44 | 000,016,048 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\usbwav32.sys -- (usbwav)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/07/27 09:37:24 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2008/06/27 09:52:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/29 16:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 15:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAAU


IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.au/ig/dell?hl=en& ... bd=1080704
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\SL!ghtLY St00p!D\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2013/05/18 01:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.41\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.41\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.41\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0\
CHR - Extension: Mac OS X Simple Theme = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\cihohekcekjgjdkeljpkbaaecgfoimbj\1.0.1_0\
CHR - Extension: Google Search = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WOT Safe Search = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0\
CHR - Extension: AdBlock = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! Online Security = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\SL!ghtLY St00p!D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (NOW!Imaging) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Dodo Speed Accelerator\components\NOWImaging.dll (SlipStream Data Inc.)
O2 - BHO: (no name) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003..\Run: [uTorrent] C:\Users\SL!ghtLY St00p!D\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Dodo Speed Accelerator\sliplsp.dll (SlipStream Data Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.136.43.205 202.136.42.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D78302D-01E2-45A5-BB1E-23E6796052EB}: DhcpNameServer = 202.136.43.205 202.136.42.205
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/11 04:41:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SL!ghtLY St00p!D\Desktop\OTL.com
[2014/01/10 23:13:31 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2014/01/10 23:11:03 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/01/10 22:59:03 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsC46EE56FE.exe
[2014/01/10 11:56:12 | 000,000,000 | ---D | C] -- C:\The.Wolf.of.Wall.Street.2013.DVDSCR.XviD-BiDA
[2014/01/09 15:53:08 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Skype
[2014/01/09 15:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/01/09 15:52:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/01/09 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/01/09 15:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/01/09 15:41:38 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsA34052808.exe
[2014/01/09 15:34:22 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots646E54FF7.exe
[2014/01/09 15:27:11 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsD331B0222.exe
[2014/01/09 15:19:57 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsB461D0020.exe
[2014/01/09 15:12:46 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsE300A3313.exe
[2014/01/09 15:05:35 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsA461B0222.exe
[2014/01/09 14:58:21 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots1461B0222.exe
[2014/01/09 14:49:48 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots544EB51F1.exe
[2014/01/09 14:42:27 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots9380C3111.exe
[2014/01/09 14:35:16 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsE39082D15.exe
[2014/01/09 14:28:01 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots845173EE6.exe
[2014/01/09 14:20:08 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsC36082D15.exe
[2014/01/09 12:54:04 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsB43EB51F1.exe
[2014/01/09 12:49:08 | 000,097,072 | ---- | C] (Microsoft Corporation) -- C:\bcdbootsA44EA52F2.exe
[2014/01/09 12:26:59 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsB350F361E.exe
[2014/01/09 12:19:10 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots943193CE4.exe
[2014/01/09 12:11:38 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsF36082D15.exe
[2014/01/09 12:04:24 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots643E64EF6.exe
[2014/01/09 11:57:09 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots3360D3010.exe
[2014/01/09 11:49:52 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots430032A0A.exe
[2014/01/09 11:41:52 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsB421B0222.exe
[2014/01/09 11:30:06 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsE310B3212.exe
[2014/01/09 11:22:47 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots032173EE6.exe
[2014/01/08 03:23:38 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots0371B0222.exe
[2014/01/08 03:16:20 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsC360F361E.exe
[2014/01/08 03:09:09 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots833173EE6.exe
[2014/01/08 03:01:56 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots733052808.exe
[2014/01/08 02:54:44 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots230173EE6.exe
[2014/01/08 02:47:33 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsD431E072F.exe
[2014/01/08 02:40:20 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots2390F361E.exe
[2014/01/08 02:33:10 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots831032A0A.exe
[2014/01/08 02:25:57 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots632143919.exe
[2014/01/08 02:18:49 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots834143919.exe
[2014/01/08 02:11:19 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsF35092C14.exe
[2014/01/08 02:04:07 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsE42143919.exe
[2014/01/08 01:56:54 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsF34183DE5.exe
[2014/01/08 01:49:44 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsD42EA52F2.exe
[2014/01/08 01:42:32 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots831072E16.exe
[2014/01/08 01:35:19 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsD461E072F.exe
[2014/01/08 01:27:54 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots941173EE6.exe
[2014/01/08 01:20:36 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots645EB51F1.exe
[2014/01/08 01:13:26 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsC37123B1B.exe
[2014/01/08 01:06:10 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots0441B0222.exe
[2014/01/08 00:58:58 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots435052808.exe
[2014/01/08 00:51:42 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots33101240C.exe
[2014/01/08 00:44:21 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots333052808.exe
[2014/01/08 00:37:09 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsC391C0121.exe
[2014/01/08 00:29:48 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots9390E371F.exe
[2014/01/08 00:22:23 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots535052808.exe
[2014/01/08 00:15:10 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots543143919.exe
[2014/01/08 00:07:56 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsD4211341C.exe
[2014/01/08 00:00:22 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsE340B3212.exe
[2014/01/07 05:48:41 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots442E54FF7.exe
[2014/01/07 05:41:19 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots2351A0323.exe
[2014/01/07 05:33:55 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots7390C3111.exe
[2014/01/07 02:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/07 02:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/07 02:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/07 02:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/07 01:48:15 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/07 01:48:15 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/07 01:32:00 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\AVAST Software
[2014/01/07 01:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/07 01:28:18 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/07 01:28:16 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/07 01:28:13 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/07 01:28:10 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/07 01:28:08 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/07 01:28:05 | 000,252,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2014/01/07 01:28:05 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2014/01/07 01:28:01 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/07 01:27:28 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/07 01:26:19 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2014/01/07 01:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/01/07 01:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/01/07 01:07:28 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\Desktop\Key file
[2014/01/07 01:07:28 | 000,000,000 | ---D | C] -- C:\Avast! Internet Security 2014 9.0.2011.263 Final+Keyfile
[2014/01/06 23:20:14 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots2441A0323.exe
[2014/01/06 23:07:34 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots5371A0323.exe
[2014/01/06 23:00:09 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots031032A0A.exe
[2014/01/06 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Sony
[2014/01/06 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\AppData\Local\Sony
[2014/01/05 22:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/05 22:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/05 21:36:47 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots931062F17.exe
[2014/01/05 21:30:52 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots046EB51F1.exe
[2014/01/05 21:25:27 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots2451F062E.exe
[2014/01/05 21:19:55 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots4331B0222.exe
[2014/01/05 21:13:16 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots939183DE5.exe
[2014/01/05 21:07:44 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdbootsB30062F17.exe
[2014/01/05 21:00:29 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots039082D15.exe
[2014/01/05 20:51:20 | 000,097,072 | ---- | C] (Microsoft Corporation) -- C:\bcdboots6431E072F.exe
[2014/01/05 20:21:29 | 000,097,072 | RH-- | C] (Microsoft Corporation) -- C:\bcdboots5340F361E.exe
[2014/01/05 16:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2014/01/05 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2014/01/04 18:58:41 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/01/04 17:43:06 | 000,000,000 | ---D | C] -- C:\The Legend of Korra
[2014/01/04 17:39:41 | 000,000,000 | ---D | C] -- C:\Avatar The Legend of Korra Season 1 - Air 720p [Extremlym]
[2014/01/04 16:07:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/01/04 15:57:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/01/04 15:57:05 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/01/04 15:57:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/01/04 15:57:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/01/04 15:57:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/01/04 15:57:04 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/01/04 15:57:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/01/04 15:57:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/01/04 15:54:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2014/01/04 15:53:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2014/01/04 15:53:56 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2014/01/04 15:53:56 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2014/01/04 15:53:53 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2014/01/04 15:53:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2014/01/04 15:37:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/01/04 15:37:07 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2014/01/04 15:37:07 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/01/04 15:37:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2014/01/04 15:37:02 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/04 15:37:02 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/04 15:36:56 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2014/01/04 15:36:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2014/01/04 15:36:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/01/04 15:36:01 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2014/01/04 15:35:55 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014/01/04 15:35:54 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014/01/04 15:35:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/01/04 15:35:34 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/01/04 15:35:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2014/01/04 15:33:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2014/01/04 15:33:15 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2014/01/04 15:21:36 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/01/04 15:06:47 | 000,000,000 | ---D | C] -- C:\Users\SL!ghtLY St00p!D\Desktop\mbar
[2014/01/04 14:31:00 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/01/04 14:30:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/01/04 14:08:58 | 000,000,000 | ---D | C] -- C:\Dracula 2013 S01E07 HDTV x264-LOL[ettv]
[2014/01/04 00:08:11 | 000,000,000 | ---D | C] -- C:\Bad.Grandpa.2013 HDRip XViD NO1KNOWS
[2013/12/31 12:30:50 | 000,000,000 | ---D | C] -- C:\Lone Survivor 2013 DVDScr x264 NO1KNOWS
[2013/12/30 14:35:30 | 000,000,000 | ---D | C] -- C:\American Hustle 2013 DVDScr XViD AC3-FiNGERBLaST
[2013/12/29 11:52:05 | 000,000,000 | ---D | C] -- C:\The.Hobbit.The.Desolation.of.Smaug.2013.DVDSCR.AAC.x264-P2P
[2013/12/29 10:36:21 | 000,000,000 | ---D | C] -- C:\Voodoo.Possession.2014.DVDRip.XviD juggs
[2013/12/27 15:53:26 | 000,000,000 | ---D | C] -- C:\Avatar The Last Airbender Book 1,2,3[Water,Earth,Fire] Complete episods Salman Sk Silver RG

========== Files - Modified Within 30 Days ==========

[2014/01/11 04:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{864BB057-AA96-4EE4-98A1-10EB1AD35A6E}.job
[2014/01/11 04:41:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SL!ghtLY St00p!D\Desktop\OTL.com
[2014/01/11 04:40:57 | 000,000,024 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\random.dat
[2014/01/11 04:36:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/11 04:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/11 03:45:06 | 000,000,023 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\jagexappletviewer.preferences
[2014/01/11 02:54:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 02:54:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 23:14:21 | 000,000,055 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\jagex_cl_runescape_LIVE.dat
[2014/01/10 23:11:02 | 000,001,957 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Desktop\RuneScape.lnk
[2014/01/10 22:59:03 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsC46EE56FE.exe
[2014/01/10 22:56:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/10 22:54:33 | 000,040,054 | RHS- | M] () -- C:\Windows\System32\masteraclini.enu
[2014/01/10 22:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 22:54:12 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/10 19:02:25 | 000,199,168 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/10 19:00:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2014/01/10 18:59:31 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/10 18:59:31 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/10 12:24:59 | 000,468,480 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Desktop\CKScanner.exe
[2014/01/09 20:59:37 | 000,480,324 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Desktop\Retards_by_zolosluver.png
[2014/01/09 15:52:44 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/01/09 15:41:38 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsA34052808.exe
[2014/01/09 15:34:22 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots646E54FF7.exe
[2014/01/09 15:27:11 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsD331B0222.exe
[2014/01/09 15:19:57 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsB461D0020.exe
[2014/01/09 15:12:46 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsE300A3313.exe
[2014/01/09 15:05:35 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsA461B0222.exe
[2014/01/09 14:58:21 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots1461B0222.exe
[2014/01/09 14:49:48 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots544EB51F1.exe
[2014/01/09 14:42:27 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots9380C3111.exe
[2014/01/09 14:35:16 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsE39082D15.exe
[2014/01/09 14:28:01 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots845173EE6.exe
[2014/01/09 14:20:08 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsC36082D15.exe
[2014/01/09 12:54:04 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsB43EB51F1.exe
[2014/01/09 12:49:08 | 000,097,072 | ---- | M] (Microsoft Corporation) -- C:\bcdbootsA44EA52F2.exe
[2014/01/09 12:26:59 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsB350F361E.exe
[2014/01/09 12:19:10 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots943193CE4.exe
[2014/01/09 12:11:38 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsF36082D15.exe
[2014/01/09 12:04:24 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots643E64EF6.exe
[2014/01/09 11:57:09 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots3360D3010.exe
[2014/01/09 11:49:52 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots430032A0A.exe
[2014/01/09 11:41:52 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsB421B0222.exe
[2014/01/09 11:30:06 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsE310B3212.exe
[2014/01/09 11:22:47 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots032173EE6.exe
[2014/01/08 03:23:38 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots0371B0222.exe
[2014/01/08 03:16:20 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsC360F361E.exe
[2014/01/08 03:09:09 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots833173EE6.exe
[2014/01/08 03:01:56 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots733052808.exe
[2014/01/08 02:54:44 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots230173EE6.exe
[2014/01/08 02:47:33 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsD431E072F.exe
[2014/01/08 02:40:20 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots2390F361E.exe
[2014/01/08 02:33:10 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots831032A0A.exe
[2014/01/08 02:25:57 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots632143919.exe
[2014/01/08 02:18:49 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots834143919.exe
[2014/01/08 02:11:19 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsF35092C14.exe
[2014/01/08 02:04:07 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsE42143919.exe
[2014/01/08 01:56:54 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsF34183DE5.exe
[2014/01/08 01:49:44 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsD42EA52F2.exe
[2014/01/08 01:42:32 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots831072E16.exe
[2014/01/08 01:35:19 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsD461E072F.exe
[2014/01/08 01:27:54 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots941173EE6.exe
[2014/01/08 01:20:36 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots645EB51F1.exe
[2014/01/08 01:13:26 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsC37123B1B.exe
[2014/01/08 01:06:10 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots0441B0222.exe
[2014/01/08 00:58:58 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots435052808.exe
[2014/01/08 00:51:42 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots33101240C.exe
[2014/01/08 00:44:21 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots333052808.exe
[2014/01/08 00:37:09 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsC391C0121.exe
[2014/01/08 00:29:48 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots9390E371F.exe
[2014/01/08 00:22:23 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots535052808.exe
[2014/01/08 00:15:10 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots543143919.exe
[2014/01/08 00:07:56 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsD4211341C.exe
[2014/01/08 00:00:22 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsE340B3212.exe
[2014/01/07 05:48:41 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots442E54FF7.exe
[2014/01/07 05:41:19 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots2351A0323.exe
[2014/01/07 05:33:55 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots7390C3111.exe
[2014/01/07 02:23:50 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/07 01:48:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/07 01:48:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/01/07 01:30:50 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/07 01:30:50 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/07 01:27:39 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/07 01:27:39 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/07 01:27:39 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/07 01:27:37 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/07 01:27:37 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/07 01:27:37 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/07 01:27:36 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/07 01:27:28 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/07 01:27:28 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/07 01:26:50 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2014/01/07 01:26:19 | 000,252,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2014/01/07 01:26:19 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2014/01/06 23:20:14 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots2441A0323.exe
[2014/01/06 23:07:34 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots5371A0323.exe
[2014/01/06 23:00:09 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots031032A0A.exe
[2014/01/06 00:01:37 | 000,003,836 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Documents\cc_20140106_000112.reg
[2014/01/05 22:56:17 | 000,284,644 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Documents\cc_20140105_225555.reg
[2014/01/05 22:46:20 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/05 21:36:47 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots931062F17.exe
[2014/01/05 21:30:52 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots046EB51F1.exe
[2014/01/05 21:25:27 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots2451F062E.exe
[2014/01/05 21:19:55 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots4331B0222.exe
[2014/01/05 21:13:16 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots939183DE5.exe
[2014/01/05 21:07:44 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdbootsB30062F17.exe
[2014/01/05 21:00:29 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots039082D15.exe
[2014/01/05 20:51:20 | 000,097,072 | ---- | M] (Microsoft Corporation) -- C:\bcdboots6431E072F.exe
[2014/01/05 20:21:29 | 000,097,072 | RH-- | M] (Microsoft Corporation) -- C:\bcdboots5340F361E.exe
[2014/01/05 20:00:41 | 000,002,420 | RHS- | M] () -- C:\Windows\System32\3logfile.ini
[2014/01/05 19:45:52 | 001,887,536 | RH-- | M] () -- C:\Windows\System32\wLins.exe
[2014/01/05 19:45:52 | 001,887,536 | RH-- | M] () -- C:\Windows\System32\wLin.exe
[2014/01/05 19:45:52 | 000,726,016 | RH-- | M] () -- C:\Windows\System32\7z.dll
[2014/01/05 19:45:52 | 000,583,472 | RH-- | M] () -- C:\Windows\System32\ProgramlicenseRequired.exe
[2014/01/05 19:45:52 | 000,200,704 | R--- | M] () -- C:\Windows\System32\ICSharpCode.SharpZipLib.dll
[2014/01/05 19:45:52 | 000,151,040 | RH-- | M] () -- C:\Windows\System32\SevenZipSharp.dll
[2014/01/05 19:45:52 | 000,061,744 | RH-- | M] () -- C:\Windows\System32\msgPop.exe
[2014/01/05 16:34:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2014/01/05 12:25:07 | 000,000,908 | RHS- | M] () -- C:\Windows\System32\2logfile.ini
[2014/01/05 12:24:53 | 008,007,680 | R--- | M] ( ) -- C:\Windows\System32\Microsoft.mshtml.dll
[2014/01/05 12:24:53 | 000,126,976 | R--- | M] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2014/01/05 12:24:53 | 000,097,072 | RHS- | M] () -- C:\Windows\System32\bcdboots.exe
[2014/01/04 19:10:45 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/01/04 19:08:29 | 000,000,908 | RHS- | M] () -- C:\Windows\System32\1logfile.ini
[2014/01/04 14:17:33 | 000,000,770 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Desktop\µTorrent.lnk
[2014/01/04 14:17:33 | 000,000,750 | ---- | M] () -- C:\Users\SL!ghtLY St00p!D\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/03 23:20:21 | 000,000,148 | RH-- | M] () -- C:\Windows\System32\masteraclbini.enu

========== Files Created - No Company Name ==========

[2014/01/10 23:11:49 | 000,000,023 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\jagexappletviewer.preferences
[2014/01/10 23:11:02 | 000,001,987 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/01/10 23:11:02 | 000,001,957 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Desktop\RuneScape.lnk
[2014/01/10 12:24:55 | 000,468,480 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Desktop\CKScanner.exe
[2014/01/09 20:59:37 | 000,480,324 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Desktop\Retards_by_zolosluver.png
[2014/01/09 15:52:44 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/01/07 02:23:50 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/07 01:48:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/07 01:30:50 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/07 01:30:50 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/07 01:28:18 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/07 01:28:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/06 00:01:14 | 000,003,836 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Documents\cc_20140106_000112.reg
[2014/01/05 22:56:02 | 000,284,644 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Documents\cc_20140105_225555.reg
[2014/01/05 22:46:20 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/05 19:44:35 | 000,002,420 | RHS- | C] () -- C:\Windows\System32\3logfile.ini
[2014/01/05 12:24:38 | 000,000,908 | RHS- | C] () -- C:\Windows\System32\2logfile.ini
[2014/01/04 19:07:49 | 000,000,908 | RHS- | C] () -- C:\Windows\System32\1logfile.ini
[2014/01/04 15:54:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/04 15:33:15 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2014/01/04 14:17:33 | 000,000,770 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Desktop\µTorrent.lnk
[2014/01/04 14:17:33 | 000,000,750 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/10/29 02:24:46 | 000,000,034 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\mbam.context.scan
[2013/09/03 17:01:20 | 000,000,982 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\AppData\Roaming\wklnhst.dat
[2013/05/25 15:07:41 | 000,000,671 | -HS- | C] () -- C:\Windows\System32\settings.ini
[2013/05/25 14:20:01 | 000,583,472 | RH-- | C] () -- C:\Windows\System32\ProgramlicenseRequired.exe
[2013/05/25 14:20:01 | 000,061,744 | RH-- | C] () -- C:\Windows\System32\msgPop.exe
[2013/05/21 05:26:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/21 05:26:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/21 05:26:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/21 05:26:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/21 05:26:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/18 20:46:59 | 000,184,924 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/05/18 02:19:05 | 000,000,736 | ---- | C] () -- C:\Windows\DigimaxMaster.INI
[2013/05/04 20:46:28 | 000,000,680 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\AppData\Local\d3d9caps.dat
[2013/04/06 15:30:16 | 000,000,055 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\jagex_cl_runescape_LIVE.dat
[2013/04/06 15:30:16 | 000,000,024 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\random.dat
[2013/04/05 21:38:26 | 000,199,168 | ---- | C] () -- C:\Users\SL!ghtLY St00p!D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/22 20:34:59 | 001,887,536 | RH-- | C] () -- C:\Windows\System32\wLins.exe
[2012/11/22 20:34:59 | 001,887,536 | RH-- | C] () -- C:\Windows\System32\wLin.exe
[2012/03/20 16:36:34 | 000,097,072 | RHS- | C] () -- C:\Windows\System32\bcdboots.exe
[2012/03/20 16:33:06 | 009,295,664 | RH-- | C] () -- C:\Windows\System32\idle-Threads.exe
[2012/03/20 16:33:02 | 000,488,752 | -HS- | C] () -- C:\Windows\System32\semaphore-Threads.exe
[2012/03/20 16:33:01 | 009,478,448 | RHS- | C] () -- C:\Windows\System32\latch-Threads.exe
[2012/03/20 16:33:01 | 009,473,840 | RHS- | C] () -- C:\Windows\System32\mutex-Threads.exe
[2012/03/20 16:32:49 | 000,019,632 | R--- | C] () -- C:\Windows\System32\drivers\usbvox32.sys
[2012/03/20 16:32:49 | 000,019,120 | R--- | C] () -- C:\Windows\System32\drivers\usbmp332.sys
[2012/03/20 16:32:49 | 000,016,048 | R--- | C] () -- C:\Windows\System32\drivers\usbwav32.sys
[2012/03/06 20:37:02 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >








OTL Extras logfile created on: 11/01/2014 4:43:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SL!ghtLY St00p!D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.48% Memory free
4.21 Gb Paging File | 2.47 Gb Available in Paging File | 58.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 28.86 Gb Free Space | 20.77% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: SL!ghtLY St00p!D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A6F915-FBE6-48A2-9FAC-5DB09F095D66}" = rport=445 | protocol=6 | dir=out | app=system |
"{03F8C47F-D3C6-4208-94DA-597C824BFBA2}" = lport=445 | protocol=6 | dir=in | app=system |
"{14F3AF46-753C-4F57-9320-B9693A7BBA23}" = lport=139 | protocol=6 | dir=in | app=system |
"{1DE827B7-0C39-4328-985E-2A285AD9A5B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EE31BBC-4BA0-4931-A514-07C2DC931E22}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7405A459-AF2C-4795-92A9-83A7F986341A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{811FB42F-ACD4-4737-AE2C-1C0A4DDFE607}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B21BE17-C604-4F2F-B1F1-CB386367CBD3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8BD5F0CD-52A7-4889-8FA9-0F092FCD90F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8919D3D-D669-4F36-9A06-79B8CA17B389}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF06F637-7744-40DE-A965-57080BADD354}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B91D3212-DFA9-4646-A1AF-628B911080A3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3659994-F44A-40CB-AC1C-26CA34CCF74E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E46AE0B3-B383-4344-BE1B-2A3B7D3627D1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F80FEC63-EF7F-429E-88A0-627F24111A22}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9733137-DE74-454C-93D2-3EFB980669D2}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE73A4C5-A474-4811-9A46-303511836F8C}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085FEEFA-B143-4019-ADB3-A5627ADC0295}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13D7AE8E-16AA-4A07-9EE6-AD6022B1D3F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{1AE22AF0-1EAC-426D-8024-E4F06900DD4A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4AF6191D-D74A-4AB0-AF07-A1255C4F3A40}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{557019FD-1584-4431-BE01-016572F83F7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6410496E-B1BF-4F3E-9542-D9BC83AB3028}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6602A9A9-FB7D-4AA6-9C38-0FA52F79DBD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{704C594F-EB0C-41DA-92C8-3AEF8304EEDE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{7639E264-8F42-4894-A3A6-017E0B9734D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{86488AD0-4F51-492F-BF84-1C0687D5CF78}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{93CBF219-7D44-4490-8439-8D06ECECEEDF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{95FFD91F-CE50-4351-AD83-3205AF17444C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9BF4B75F-E095-4F88-933D-07D921FC173D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8134CA0-C9C7-426D-A897-CE10989C745E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe |
"{BFE989BC-0E61-4DA0-A831-6DE6A6E71AB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D152225C-BD20-4687-947B-4D2E5E1ECD6E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E507365E-B8E5-4A20-8FD7-41206A7244A3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E6E52944-1584-4474-8138-96601D35BBAA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F811126C-2554-4EBD-A624-CFA0C2F2ECB2}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{3ADEF4D9-ABDE-4D7C-97E8-046E1AF38C6F}C:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{BA18CE72-3629-4B92-BBF2-CEDF7180C394}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{DA44617A-4192-465E-9B04-2D3E2A671614}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F108A79F-1F8F-42C1-A1F9-216F13E29C9A}C:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{258E1237-B344-4531-A9F5-7E9D12FB37A3}C:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{93461748-7004-4A12-B5B6-DB1D409F11E4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A9D43C36-7A1A-4AE3-9471-CFE46D8F2949}C:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\sl!ghtly st00p!d\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{B015CDDF-B1CD-4577-A3BB-999A63FB7BAC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC190334-B52F-41AC-A25C-CB89AC1AA8DE}" = 99 Puzzle & Logic
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Firewall
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avast" = avast! Internet Security
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-03-25
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"LockHunter_is1" = LockHunter 3.0, 32/64 bit
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minecraft1.5.2" = Minecraft1.5.2
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Security Task Manager" = Security Task Manager 1.8g
"Speccy" = Speccy
"Steam App 240" = Counter-Strike: Source
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2874987175-3563903751-1789994896-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/01/2014 3:22:22 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6442

Error - 9/01/2014 3:22:22 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6442

Error - 9/01/2014 3:22:23 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/01/2014 3:22:23 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7441

Error - 9/01/2014 3:22:23 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7441

Error - 9/01/2014 3:22:24 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/01/2014 3:22:24 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8439

Error - 9/01/2014 3:22:24 PM | Computer Name = USER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8439

Error - 9/01/2014 11:44:22 PM | Computer Name = USER-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/01/2014 10:55:58 AM | Computer Name = USER-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/01/2014 5:09:35 PM | Computer Name = USER-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.10
with the system having network hardware address 20-E5-2A-44-48-84. Network operations
on this system may be disrupted as a result.

Error - 9/01/2014 11:44:36 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 9/01/2014 11:44:36 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/01/2014 12:44:07 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 10/01/2014 1:21:18 AM | Computer Name = USER-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 122.151.19.222
on the Network Card with network address 001D099A86E0.

Error - 10/01/2014 5:46:53 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 10/01/2014 10:55:58 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/01/2014 10:55:58 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/01/2014 11:00:42 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 10/01/2014 11:56:53 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 11th, 2014, 4:15 pm

Hi HelloEveryone,

Warning!
You have P2P (Peer to Peer) File Sharing Programs installed on your computer.
uTorrent

As long as you have the P2P program installed, we won't offer you no further assistance. See Forum Policy

If you choose NOT to remove the program, indicate that in your next reply and this topic will be closed.

Else, uninstall the program and proceed to the next steps:
MGADiag
  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select "run as administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 12th, 2014, 10:58 am

Hey Nunped

Utorrent is deleted also tdsskiller didn't give me the report button option so i took a screenshot for you too look @

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {66465D6C-E711-434F-A868-645B22EE4035}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130707-1535
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{66465D6C-E711-434F-A868-645B22EE4035}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2874987175-3563903751-1789994896</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 530s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>1.0.13</Version><SMBIOSVersion major="2" minor="5"/><Date>20080320000000.000000+000</Date></BIOS><HWID>09303507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>FX09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-3081-6001.0000-2392008
Installation ID: 010013911410090063025815945840539010638091303422281341
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAQABAAAAAgABAAEAJJQAb9BJ8nu2WWT+iP1mhexQ8vREJVpxrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL FX09
MCFG DELL FX09
SLIC DELL FX09
DMY2 DELL FX09
SSDT PmRef CpuPm
You do not have the required permissions to view the files attached to this post.
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 12th, 2014, 11:09 am

ahh im an idiot i found the report button here it is

23:02:48.0310 0x146c TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
23:02:52.0364 0x146c ============================================================
23:02:52.0364 0x146c Current date / time: 2014/01/12 23:02:52.0364
23:02:52.0364 0x146c SystemInfo:
23:02:52.0364 0x146c
23:02:52.0364 0x146c OS Version: 6.0.6002 ServicePack: 2.0
23:02:52.0364 0x146c Product type: Workstation
23:02:52.0364 0x146c ComputerName: USER-PC
23:02:52.0365 0x146c UserName: SL!ghtLY St00p!D
23:02:52.0365 0x146c Windows directory: C:\Windows
23:02:52.0365 0x146c System windows directory: C:\Windows
23:02:52.0365 0x146c Processor architecture: Intel x86
23:02:52.0365 0x146c Number of processors: 2
23:02:52.0365 0x146c Page size: 0x1000
23:02:52.0365 0x146c Boot type: Normal boot
23:02:52.0365 0x146c ============================================================
23:02:54.0280 0x146c KLMD registered as C:\Windows\system32\drivers\28490552.sys
23:02:54.0463 0x146c System UUID: {46B112C9-6DD5-62A7-4CC2-2B83075F1757}
23:02:55.0133 0x146c Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:02:55.0137 0x146c ============================================================
23:02:55.0137 0x146c \Device\Harddisk0\DR0:
23:02:55.0137 0x146c MBR partitions:
23:02:55.0137 0x146c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x115ED000
23:02:55.0137 0x146c ============================================================
23:02:55.0217 0x146c C: <-> \Device\Harddisk0\DR0\Partition1
23:02:55.0218 0x146c ============================================================
23:02:55.0218 0x146c Initialize success
23:02:55.0218 0x146c ============================================================
23:03:09.0836 0x0594 ============================================================
23:03:09.0836 0x0594 Scan started
23:03:09.0836 0x0594 Mode: Manual;
23:03:09.0836 0x0594 ============================================================
23:03:09.0836 0x0594 KSN ping started
23:03:12.0997 0x0594 KSN ping finished: true
23:03:13.0557 0x0594 ================ Scan system memory ========================
23:03:13.0557 0x0594 System memory - ok
23:03:13.0558 0x0594 ================ Scan services =============================
23:03:16.0363 0x0594 [ B4577C0A039C844C4DFB3E35506D2B9A, 9D3E963D4CCF6D1600D4695017CC510495EF76338AD79D01106C91B6E505749F ] .Net Crypt C:\Windows\system32\mutex-Threads.exe
23:03:16.0367 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\mutex-Threads.exe. md5: B4577C0A039C844C4DFB3E35506D2B9A, sha256: 9D3E963D4CCF6D1600D4695017CC510495EF76338AD79D01106C91B6E505749F
23:03:16.0397 0x0594 .Net Crypt - detected LockedFile.Multi.Generic ( 1 )
23:03:20.0122 0x0594 .Net Crypt ( LockedFile.Multi.Generic ) - warning
23:03:20.0123 0x0594 Force sending object to P2P due to detect: C:\Windows\system32\mutex-Threads.exe
23:03:35.0073 0x0594 Object send P2P result: true
23:03:39.0846 0x0594 [ 39C9C0596776E727A028FF63C354C7FB, 7A45855765DB5EB10B7D86459F9CE35174B1269CA15C16E12807582FA6B9F4F6 ] .Net Main C:\Windows\system32\idle-Threads.exe
23:03:39.0848 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\idle-Threads.exe. md5: 39C9C0596776E727A028FF63C354C7FB, sha256: 7A45855765DB5EB10B7D86459F9CE35174B1269CA15C16E12807582FA6B9F4F6
23:03:39.0886 0x0594 .Net Main - detected LockedFile.Multi.Generic ( 1 )
23:03:43.0063 0x0594 Detect skipped due to KSN trusted
23:03:43.0064 0x0594 .Net Main - ok
23:03:46.0055 0x0594 [ 58EE01075608E5E1EC23ACE600D2DC2B, C41C20B16D267F2D4B9CD1B72F5904007B8FBD43FB0F76930CFEC908560CF9BC ] .Net Security C:\Windows\system32\latch-Threads.exe
23:03:46.0058 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\latch-Threads.exe. md5: 58EE01075608E5E1EC23ACE600D2DC2B, sha256: C41C20B16D267F2D4B9CD1B72F5904007B8FBD43FB0F76930CFEC908560CF9BC
23:03:46.0088 0x0594 .Net Security - detected LockedFile.Multi.Generic ( 1 )
23:03:49.0249 0x0594 Detect skipped due to KSN trusted
23:03:49.0250 0x0594 .Net Security - ok
23:03:49.0720 0x0594 [ F642D2138112C9AE2D5C4583A1BCCE1D, BB8233B17FB1E95E907F02E860C9353E69F18606A2836C443C7B64CF99CBD584 ] .Net Semaphore C:\Windows\system32\semaphore-Threads.exe
23:03:49.0727 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\semaphore-Threads.exe. md5: F642D2138112C9AE2D5C4583A1BCCE1D, sha256: BB8233B17FB1E95E907F02E860C9353E69F18606A2836C443C7B64CF99CBD584
23:03:49.0729 0x0594 .Net Semaphore - detected LockedFile.Multi.Generic ( 1 )
23:03:52.0899 0x0594 Detect skipped due to KSN trusted
23:03:52.0899 0x0594 .Net Semaphore - ok
23:03:52.0989 0x0594 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:03:52.0999 0x0594 ACPI - ok
23:03:53.0094 0x0594 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:53.0104 0x0594 AdobeFlashPlayerUpdateSvc - ok
23:03:53.0170 0x0594 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:03:53.0186 0x0594 adp94xx - ok
23:03:53.0235 0x0594 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:03:53.0247 0x0594 adpahci - ok
23:03:53.0272 0x0594 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:03:53.0277 0x0594 adpu160m - ok
23:03:53.0299 0x0594 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:03:53.0305 0x0594 adpu320 - ok
23:03:53.0351 0x0594 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:03:53.0353 0x0594 AeLookupSvc - ok
23:03:53.0421 0x0594 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
23:03:53.0431 0x0594 AFD - ok
23:03:53.0499 0x0594 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:03:53.0502 0x0594 agp440 - ok
23:03:53.0540 0x0594 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:03:53.0544 0x0594 aic78xx - ok
23:03:53.0570 0x0594 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
23:03:53.0573 0x0594 ALG - ok
23:03:53.0587 0x0594 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
23:03:53.0589 0x0594 aliide - ok
23:03:53.0605 0x0594 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:03:53.0608 0x0594 amdagp - ok
23:03:53.0627 0x0594 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
23:03:53.0629 0x0594 amdide - ok
23:03:53.0673 0x0594 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:03:53.0675 0x0594 AmdK7 - ok
23:03:53.0691 0x0594 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:03:53.0694 0x0594 AmdK8 - ok
23:03:53.0735 0x0594 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
23:03:53.0738 0x0594 Appinfo - ok
23:03:53.0872 0x0594 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:53.0876 0x0594 Apple Mobile Device - ok
23:03:53.0947 0x0594 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
23:03:53.0951 0x0594 arc - ok
23:03:53.0990 0x0594 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:03:53.0994 0x0594 arcsas - ok
23:03:54.0110 0x0594 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:03:54.0112 0x0594 aspnet_state - ok
23:03:54.0134 0x0594 [ 0EEFB7741B46099FE1AA124F57BEEE41, 2497D2514C81362E92190CAB66ABA1C19AA321BD71FA9C61665F583B6570A81A ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
23:03:54.0136 0x0594 aswKbd - ok
23:03:54.0159 0x0594 [ 6F1505608202BBD179095A6A150D103F, 0102548296B89A7036B55D13BE54A44F11C4C98E9B8F8E02C58138D47AF5951E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:03:54.0163 0x0594 aswMonFlt - ok
23:03:54.0217 0x0594 [ 7B948E3657BEA62E437BC46CA6EF6012, D518FEB29DBCC1406FFFAF7F618A4475B0A469D4C2714313859D7AD402283A5C ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
23:03:54.0219 0x0594 aswNdis - ok
23:03:54.0277 0x0594 [ 764E639C0BFCCFD0F84E2CE3FF5951BE, BA45F226457D75A691A34976FA51C2634F963CBA36A21BBB3B3554CA2266D5AA ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
23:03:54.0287 0x0594 aswNdis2 - ok
23:03:54.0308 0x0594 [ B269C41DF93EFF71DF0986BD982D1C46, 78EBDA9D17B0003694748F2BBDFFD31AA02011E5ECAC781B0E62B3F8EC2A02F7 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
23:03:54.0312 0x0594 aswRdr - ok
23:03:54.0340 0x0594 [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
23:03:54.0343 0x0594 aswRvrt - ok
23:03:54.0424 0x0594 [ 0F639D0526820BA7872C963813E0EB8D, 2F0B04F09531AF34AF9B9C9746494D963EA58DEF96AB9FDDD86CF31EDB9E19CD ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:03:54.0453 0x0594 aswSnx - ok
23:03:54.0518 0x0594 [ 7BA7543EA7936A7ADA615F6DE7C95494, E28EF95A2C05A8303AF8464CCD664821B4B0441D9E30A98BACB53D4C3EE771CE ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:03:54.0533 0x0594 aswSP - ok
23:03:54.0568 0x0594 [ 875D2B1054F2ECD8F575D6CBE78DD7BA, D5F9C1F3A5FB248741AEE3764C44A1261358174D77DD2836917D1A97BFCF0146 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:03:54.0571 0x0594 aswTdi - ok
23:03:54.0601 0x0594 [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
23:03:54.0608 0x0594 aswVmm - ok
23:03:54.0655 0x0594 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:54.0657 0x0594 AsyncMac - ok
23:03:54.0710 0x0594 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
23:03:54.0712 0x0594 atapi - ok
23:03:54.0778 0x0594 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:54.0790 0x0594 AudioEndpointBuilder - ok
23:03:54.0809 0x0594 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:03:54.0822 0x0594 Audiosrv - ok
23:03:54.0977 0x0594 [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:03:54.0980 0x0594 avast! Antivirus - ok
23:03:55.0023 0x0594 [ 1247D6B0F35AA93774CFBFD73203D857, 96C953BC223BB17DDBACB131693920AF53A9BF36155266EDFE61FC060A14D4B7 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
23:03:55.0028 0x0594 avast! Firewall - ok
23:03:55.0081 0x0594 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
23:03:55.0083 0x0594 Beep - ok
23:03:55.0155 0x0594 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
23:03:55.0168 0x0594 BFE - ok
23:03:55.0258 0x0594 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\System32\qmgr.dll
23:03:55.0292 0x0594 BITS - ok
23:03:55.0306 0x0594 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:03:55.0310 0x0594 blbdrive - ok
23:03:55.0399 0x0594 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:55.0414 0x0594 Bonjour Service - ok
23:03:55.0466 0x0594 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:03:55.0470 0x0594 bowser - ok
23:03:55.0515 0x0594 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:03:55.0517 0x0594 BrFiltLo - ok
23:03:55.0530 0x0594 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:03:55.0531 0x0594 BrFiltUp - ok
23:03:55.0556 0x0594 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
23:03:55.0562 0x0594 Browser - ok
23:03:55.0583 0x0594 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:03:55.0587 0x0594 Brserid - ok
23:03:55.0603 0x0594 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:03:55.0607 0x0594 BrSerWdm - ok
23:03:55.0626 0x0594 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:03:55.0628 0x0594 BrUsbMdm - ok
23:03:55.0650 0x0594 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:03:55.0652 0x0594 BrUsbSer - ok
23:03:55.0688 0x0594 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:03:55.0691 0x0594 BTHMODEM - ok
23:03:55.0849 0x0594 catchme - ok
23:03:55.0874 0x0594 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:03:55.0878 0x0594 cdfs - ok
23:03:55.0935 0x0594 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:03:55.0939 0x0594 cdrom - ok
23:03:56.0003 0x0594 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
23:03:56.0006 0x0594 CertPropSvc - ok
23:03:56.0038 0x0594 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
23:03:56.0040 0x0594 circlass - ok
23:03:56.0088 0x0594 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
23:03:56.0099 0x0594 CLFS - ok
23:03:56.0158 0x0594 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:56.0162 0x0594 clr_optimization_v2.0.50727_32 - ok
23:03:56.0247 0x0594 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:56.0253 0x0594 clr_optimization_v4.0.30319_32 - ok
23:03:56.0559 0x0594 [ AF52596644321084B2DAAA3A95D0F6D1, 263782B212A60CAD645E6DD8165ABB147F348A988FBFA5F652FC78D69BF874EA ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
23:03:56.0666 0x0594 cmdAgent - ok
23:03:56.0711 0x0594 [ 50E13C92203B64D60D1DE365856724B6, 493C8F2A881FDDBF18E7BC3783568B96F274C8B646E975886F8EFB834AA71CC4 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
23:03:56.0713 0x0594 cmderd - ok
23:03:56.0763 0x0594 [ 80BF9D0E81BFC855468488270C598255, 7E6852A8029F7548E9BA1757BE90B83375BC2A8AAD543F17D21178CBF245CE65 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
23:03:56.0777 0x0594 cmdGuard - ok
23:03:56.0813 0x0594 [ 482C191477856782549C2EAEFB332B81, 640F9A5F9D6688CD43848462A1592935AD23AC707B9CA56AD0FD4BB730F361FC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
23:03:56.0815 0x0594 cmdHlp - ok
23:03:56.0842 0x0594 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:03:56.0843 0x0594 cmdide - ok
23:03:56.0881 0x0594 [ E6E4CDA093D59D576178BF2BB272C124, 8DEB2739467D904C886483C6B5E3401D697DDCA4895023D5FB7C1E177BE3A760 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
23:03:56.0887 0x0594 cmdvirth - ok
23:03:56.0903 0x0594 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:03:56.0905 0x0594 Compbatt - ok
23:03:56.0913 0x0594 COMSysApp - ok
23:03:56.0928 0x0594 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:03:56.0929 0x0594 crcdisk - ok
23:03:56.0946 0x0594 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:03:56.0948 0x0594 Crusoe - ok
23:03:57.0016 0x0594 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:03:57.0021 0x0594 CryptSvc - ok
23:03:57.0095 0x0594 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:03:57.0116 0x0594 DcomLaunch - ok
23:03:57.0168 0x0594 DeviceManager - ok
23:03:57.0233 0x0594 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:03:57.0236 0x0594 DfsC - ok
23:03:57.0385 0x0594 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
23:03:57.0452 0x0594 DFSR - ok
23:03:57.0512 0x0594 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:03:57.0518 0x0594 Dhcp - ok
23:03:57.0583 0x0594 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
23:03:57.0585 0x0594 disk - ok
23:03:57.0648 0x0594 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:03:57.0651 0x0594 Dnscache - ok
23:03:57.0700 0x0594 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
23:03:57.0706 0x0594 dot3svc - ok
23:03:57.0732 0x0594 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
23:03:57.0737 0x0594 DPS - ok
23:03:57.0778 0x0594 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:03:57.0779 0x0594 drmkaud - ok
23:03:57.0840 0x0594 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:03:57.0859 0x0594 DXGKrnl - ok
23:03:57.0920 0x0594 [ 04944F4FC4F0477185F5D26AE0DDB90E, 2D67A90905871A26FA227AF0B31F7A0026E100E3253BF3B6791F593E56619F9E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
23:03:57.0927 0x0594 e1express - ok
23:03:57.0975 0x0594 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:03:57.0979 0x0594 E1G60 - ok
23:03:58.0017 0x0594 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
23:03:58.0021 0x0594 EapHost - ok
23:03:58.0070 0x0594 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
23:03:58.0075 0x0594 Ecache - ok
23:03:58.0127 0x0594 [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:03:58.0137 0x0594 ehRecvr - ok
23:03:58.0150 0x0594 [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched C:\Windows\ehome\ehsched.exe
23:03:58.0154 0x0594 ehSched - ok
23:03:58.0173 0x0594 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
23:03:58.0175 0x0594 ehstart - ok
23:03:58.0211 0x0594 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:03:58.0220 0x0594 elxstor - ok
23:03:58.0280 0x0594 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:03:58.0295 0x0594 EMDMgmt - ok
23:03:58.0330 0x0594 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:03:58.0331 0x0594 ErrDev - ok
23:03:58.0394 0x0594 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
23:03:58.0402 0x0594 EventSystem - ok
23:03:58.0456 0x0594 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
23:03:58.0460 0x0594 exfat - ok
23:03:58.0504 0x0594 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:03:58.0509 0x0594 fastfat - ok
23:03:58.0537 0x0594 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:03:58.0539 0x0594 fdc - ok
23:03:58.0559 0x0594 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
23:03:58.0562 0x0594 fdPHost - ok
23:03:58.0572 0x0594 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
23:03:58.0576 0x0594 FDResPub - ok
23:03:58.0616 0x0594 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:03:58.0619 0x0594 FileInfo - ok
23:03:58.0634 0x0594 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:03:58.0637 0x0594 Filetrace - ok
23:03:58.0654 0x0594 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:58.0656 0x0594 flpydisk - ok
23:03:58.0706 0x0594 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:03:58.0713 0x0594 FltMgr - ok
23:03:58.0809 0x0594 [ 8CE364388C8ECA59B14B539179276D44, AD37AD512412A1A0955218A3DA0D6FBE1E30F373153CAF5912EFC076D348FED8 ] FontCache C:\Windows\system32\FntCache.dll
23:03:58.0834 0x0594 FontCache - ok
23:03:58.0892 0x0594 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:58.0895 0x0594 FontCache3.0.0.0 - ok
23:03:58.0953 0x0594 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:03:58.0955 0x0594 Fs_Rec - ok
23:03:58.0987 0x0594 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:03:58.0990 0x0594 gagp30kx - ok
23:03:59.0027 0x0594 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:03:59.0029 0x0594 GEARAspiWDM - ok
23:03:59.0123 0x0594 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:03:59.0126 0x0594 GoogleDesktopManager-051210-111108 - ok
23:03:59.0197 0x0594 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
23:03:59.0221 0x0594 gpsvc - ok
23:03:59.0343 0x0594 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:59.0349 0x0594 gupdate - ok
23:03:59.0375 0x0594 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:03:59.0381 0x0594 gupdatem - ok
23:03:59.0430 0x0594 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:03:59.0438 0x0594 gusvc - ok
23:03:59.0512 0x0594 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:59.0534 0x0594 HDAudBus - ok
23:03:59.0571 0x0594 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:03:59.0573 0x0594 HidBth - ok
23:03:59.0591 0x0594 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
23:03:59.0593 0x0594 HidIr - ok
23:03:59.0637 0x0594 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
23:03:59.0642 0x0594 hidserv - ok
23:03:59.0696 0x0594 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:03:59.0698 0x0594 HidUsb - ok
23:03:59.0732 0x0594 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
23:03:59.0739 0x0594 hkmsvc - ok
23:03:59.0766 0x0594 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:03:59.0768 0x0594 HpCISSs - ok
23:03:59.0866 0x0594 [ 53229DCF431D76434816CD29251168A0, F27EF06B23F14C1D041275E8C1F9238151D81CFDBB6D58B2657BA3303CDEB7E1 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:03:59.0903 0x0594 HSF_DPV - ok
23:03:59.0935 0x0594 [ ED98350ECD4A5A9C9F1E641C09872BB2, 6515D4DBCDC7CAAD84CAC4034F69EA389DA192FDD20D870C87822AA4EE19FF2C ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
23:03:59.0942 0x0594 HSXHWBS2 - ok
23:04:00.0004 0x0594 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:04:00.0014 0x0594 HTTP - ok
23:04:00.0047 0x0594 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:04:00.0048 0x0594 i2omp - ok
23:04:00.0091 0x0594 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:00.0093 0x0594 i8042prt - ok
23:04:00.0147 0x0594 [ 997E8F5939F2D12CD9F2E6B395724C16, C22F10BADE29DA6F7EB79D9F5D81D9FBEC17D4D4F8B25E0AF4E5CEAE28E8ABF6 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:04:00.0154 0x0594 iaStor - ok
23:04:00.0176 0x0594 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:04:00.0182 0x0594 iaStorV - ok
23:04:00.0260 0x0594 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:04:00.0282 0x0594 idsvc - ok
23:04:00.0443 0x0594 [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:04:00.0506 0x0594 igfx - ok
23:04:00.0538 0x0594 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:04:00.0541 0x0594 iirsp - ok
23:04:00.0593 0x0594 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
23:04:00.0605 0x0594 IKEEXT - ok
23:04:00.0647 0x0594 [ 3AE4A66B98E9D5F807B91EF22C2A1575, 007ACB66D893E7C6942716116B8FE6F47552097BFE78096FCC10E8FD9FFE000B ] inspect C:\Windows\system32\DRIVERS\inspect.sys
23:04:00.0650 0x0594 inspect - ok
23:04:00.0767 0x0594 [ 4EAE74C8BCBCA309A5D7CBAD7E231427, FA68A5B58FB0DA46946B1BE63E2C70820E3EBB4A2858F17DF8AE4EAA59F042FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:04:00.0808 0x0594 IntcAzAudAddService - ok
23:04:00.0859 0x0594 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:04:00.0860 0x0594 intelide - ok
23:04:00.0896 0x0594 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:04:00.0897 0x0594 intelppm - ok
23:04:00.0925 0x0594 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:04:00.0929 0x0594 IPBusEnum - ok
23:04:00.0941 0x0594 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:00.0943 0x0594 IpFilterDriver - ok
23:04:01.0008 0x0594 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:04:01.0017 0x0594 iphlpsvc - ok
23:04:01.0025 0x0594 IpInIp - ok
23:04:01.0047 0x0594 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:04:01.0049 0x0594 IPMIDRV - ok
23:04:01.0081 0x0594 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:04:01.0085 0x0594 IPNAT - ok
23:04:01.0163 0x0594 [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:04:01.0180 0x0594 iPod Service - ok
23:04:01.0200 0x0594 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:04:01.0202 0x0594 IRENUM - ok
23:04:01.0218 0x0594 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:04:01.0220 0x0594 isapnp - ok
23:04:01.0287 0x0594 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:04:01.0293 0x0594 iScsiPrt - ok
23:04:01.0308 0x0594 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:04:01.0310 0x0594 iteatapi - ok
23:04:01.0347 0x0594 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:04:01.0349 0x0594 iteraid - ok
23:04:01.0368 0x0594 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:01.0370 0x0594 kbdclass - ok
23:04:01.0422 0x0594 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:01.0425 0x0594 kbdhid - ok
23:04:01.0478 0x0594 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
23:04:01.0483 0x0594 KeyIso - ok
23:04:01.0521 0x0594 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:04:01.0538 0x0594 KSecDD - ok
23:04:01.0611 0x0594 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
23:04:01.0629 0x0594 KtmRm - ok
23:04:01.0701 0x0594 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
23:04:01.0714 0x0594 LanmanServer - ok
23:04:01.0771 0x0594 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:04:01.0786 0x0594 LanmanWorkstation - ok
23:04:01.0830 0x0594 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:04:01.0833 0x0594 lltdio - ok
23:04:01.0868 0x0594 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:04:01.0879 0x0594 lltdsvc - ok
23:04:01.0903 0x0594 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:04:01.0909 0x0594 lmhosts - ok
23:04:01.0943 0x0594 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:04:01.0948 0x0594 LSI_FC - ok
23:04:01.0970 0x0594 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:04:01.0976 0x0594 LSI_SAS - ok
23:04:01.0999 0x0594 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:04:02.0003 0x0594 LSI_SCSI - ok
23:04:02.0023 0x0594 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
23:04:02.0028 0x0594 luafv - ok
23:04:02.0058 0x0594 massfilter - ok
23:04:02.0088 0x0594 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:04:02.0096 0x0594 Mcx2Svc - ok
23:04:02.0109 0x0594 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:04:02.0111 0x0594 mdmxsdk - ok
23:04:02.0164 0x0594 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
23:04:02.0167 0x0594 megasas - ok
23:04:02.0224 0x0594 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:04:02.0239 0x0594 MegaSR - ok
23:04:02.0271 0x0594 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
23:04:02.0278 0x0594 MMCSS - ok
23:04:02.0301 0x0594 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
23:04:02.0304 0x0594 Modem - ok
23:04:02.0343 0x0594 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:04:02.0346 0x0594 monitor - ok
23:04:02.0370 0x0594 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:04:02.0374 0x0594 mouclass - ok
23:04:02.0397 0x0594 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:04:02.0400 0x0594 mouhid - ok
23:04:02.0415 0x0594 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:04:02.0420 0x0594 MountMgr - ok
23:04:02.0464 0x0594 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:04:02.0469 0x0594 mpio - ok
23:04:02.0493 0x0594 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:04:02.0497 0x0594 mpsdrv - ok
23:04:02.0559 0x0594 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:04:02.0580 0x0594 MpsSvc - ok
23:04:02.0605 0x0594 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:04:02.0609 0x0594 Mraid35x - ok
23:04:02.0673 0x0594 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:04:02.0678 0x0594 MRxDAV - ok
23:04:02.0753 0x0594 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:04:02.0758 0x0594 mrxsmb - ok
23:04:02.0807 0x0594 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:04:02.0817 0x0594 mrxsmb10 - ok
23:04:02.0833 0x0594 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:04:02.0838 0x0594 mrxsmb20 - ok
23:04:02.0866 0x0594 [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci C:\Windows\system32\drivers\msahci.sys
23:04:02.0868 0x0594 msahci - ok
23:04:02.0894 0x0594 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:04:02.0899 0x0594 msdsm - ok
23:04:02.0920 0x0594 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
23:04:02.0931 0x0594 MSDTC - ok
23:04:02.0969 0x0594 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:04:02.0971 0x0594 Msfs - ok
23:04:03.0012 0x0594 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:04:03.0014 0x0594 msisadrv - ok
23:04:03.0054 0x0594 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:04:03.0062 0x0594 MSiSCSI - ok
23:04:03.0075 0x0594 msiserver - ok
23:04:03.0110 0x0594 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:04:03.0112 0x0594 MSKSSRV - ok
23:04:03.0161 0x0594 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:04:03.0163 0x0594 MSPCLOCK - ok
23:04:03.0179 0x0594 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:04:03.0181 0x0594 MSPQM - ok
23:04:03.0226 0x0594 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:04:03.0233 0x0594 MsRPC - ok
23:04:03.0261 0x0594 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:04:03.0263 0x0594 mssmbios - ok
23:04:03.0288 0x0594 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:04:03.0290 0x0594 MSTEE - ok
23:04:03.0331 0x0594 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
23:04:03.0335 0x0594 Mup - ok
23:04:03.0388 0x0594 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
23:04:03.0407 0x0594 napagent - ok
23:04:03.0462 0x0594 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:04:03.0469 0x0594 NativeWifiP - ok
23:04:03.0534 0x0594 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:04:03.0555 0x0594 NDIS - ok
23:04:03.0589 0x0594 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:04:03.0592 0x0594 NdisTapi - ok
23:04:03.0610 0x0594 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:04:03.0612 0x0594 Ndisuio - ok
23:04:03.0659 0x0594 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:04:03.0665 0x0594 NdisWan - ok
23:04:03.0691 0x0594 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:04:03.0695 0x0594 NDProxy - ok
23:04:03.0716 0x0594 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:04:03.0719 0x0594 NetBIOS - ok
23:04:03.0774 0x0594 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:04:03.0782 0x0594 netbt - ok
23:04:03.0794 0x0594 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
23:04:03.0801 0x0594 Netlogon - ok
23:04:03.0849 0x0594 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
23:04:03.0865 0x0594 Netman - ok
23:04:03.0925 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:04:03.0931 0x0594 NetMsmqActivator - ok
23:04:03.0950 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:04:03.0957 0x0594 NetPipeActivator - ok
23:04:03.0991 0x0594 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
23:04:04.0005 0x0594 netprofm - ok
23:04:04.0022 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:04:04.0028 0x0594 NetTcpActivator - ok
23:04:04.0042 0x0594 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:04:04.0046 0x0594 NetTcpPortSharing - ok
23:04:04.0078 0x0594 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:04:04.0080 0x0594 nfrd960 - ok
23:04:04.0103 0x0594 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
23:04:04.0111 0x0594 NlaSvc - ok
23:04:04.0148 0x0594 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:04:04.0150 0x0594 Npfs - ok
23:04:04.0178 0x0594 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
23:04:04.0182 0x0594 nsi - ok
23:04:04.0194 0x0594 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:04:04.0196 0x0594 nsiproxy - ok
23:04:04.0296 0x0594 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:04:04.0322 0x0594 Ntfs - ok
23:04:04.0352 0x0594 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:04:04.0354 0x0594 ntrigdigi - ok
23:04:04.0371 0x0594 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
23:04:04.0373 0x0594 Null - ok
23:04:04.0394 0x0594 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:04:04.0398 0x0594 nvraid - ok
23:04:04.0420 0x0594 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:04:04.0423 0x0594 nvstor - ok
23:04:04.0442 0x0594 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:04:04.0447 0x0594 nv_agp - ok
23:04:04.0457 0x0594 NwlnkFlt - ok
23:04:04.0468 0x0594 NwlnkFwd - ok
23:04:04.0510 0x0594 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:04:04.0513 0x0594 ohci1394 - ok
23:04:04.0577 0x0594 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:04:04.0600 0x0594 p2pimsvc - ok
23:04:04.0634 0x0594 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
23:04:04.0666 0x0594 p2psvc - ok
23:04:04.0712 0x0594 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
23:04:04.0715 0x0594 Parport - ok
23:04:04.0784 0x0594 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:04:04.0788 0x0594 partmgr - ok
23:04:04.0809 0x0594 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:04:04.0811 0x0594 Parvdm - ok
23:04:04.0904 0x0594 [ 2F6E885C432927A186C2E352C8A1CBF4, BA42A2BA0069EAD47D91B752CDC3945BD0C7E4E42B8D19C83593DDB76A97EE2D ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
23:04:04.0906 0x0594 pbfilter - ok
23:04:04.0959 0x0594 [ 1961590AA191B6B7DCF18A6A693AF7B8, 69DB6D42DB4EB8C77DC927FA946D115C19A936ADBD2F5677CBB5039401D6EFD0 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
23:04:04.0962 0x0594 PCASp50 - ok
23:04:04.0988 0x0594 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
23:04:04.0996 0x0594 PcaSvc - ok
23:04:05.0056 0x0594 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
23:04:05.0063 0x0594 pci - ok
23:04:05.0107 0x0594 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
23:04:05.0109 0x0594 pciide - ok
23:04:05.0151 0x0594 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:04:05.0159 0x0594 pcmcia - ok
23:04:05.0278 0x0594 [ 1171C834C5E6515765684C6938B609A1, 0809F8D4029DA7C4A7B6BF68DC0DFDB9FE88DEA66E3186A7ADF164BA19550967 ] PCToolsSSDMonitorSvc C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
23:04:05.0308 0x0594 PCToolsSSDMonitorSvc - ok
23:04:05.0396 0x0594 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:04:05.0429 0x0594 PEAUTH - ok
23:04:05.0536 0x0594 [ 2CF226173B467AB48F89D77E89936951, 35E48BA65F420E761489469F4F7FB2D922647879E70F0C0350641E3B535EFF97 ] pgfilter C:\Program Files\PeerGuardian2\pgfilter.sys
23:04:05.0538 0x0594 pgfilter - ok
23:04:05.0637 0x0594 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
23:04:05.0699 0x0594 pla - ok
23:04:05.0758 0x0594 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:04:05.0776 0x0594 PlugPlay - ok
23:04:05.0832 0x0594 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:04:05.0863 0x0594 PNRPAutoReg - ok
23:04:05.0903 0x0594 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:04:05.0933 0x0594 PNRPsvc - ok
23:04:05.0960 0x0594 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:04:05.0972 0x0594 PolicyAgent - ok
23:04:06.0011 0x0594 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:04:06.0015 0x0594 PptpMiniport - ok
23:04:06.0032 0x0594 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
23:04:06.0035 0x0594 Processor - ok
23:04:06.0059 0x0594 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
23:04:06.0067 0x0594 ProfSvc - ok
23:04:06.0086 0x0594 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:04:06.0090 0x0594 ProtectedStorage - ok
23:04:06.0127 0x0594 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:04:06.0130 0x0594 PSched - ok
23:04:06.0201 0x0594 [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:04:06.0203 0x0594 PxHelp20 - ok
23:04:06.0259 0x0594 [ 9CCF89372C5A04E97CD89B58AE697796, 4156C2C7726E2DF794E2CEEDD944218D536D445F05C8513D9BD44F575F136971 ] qcusbser C:\Windows\system32\DRIVERS\qcusbser.sys
23:04:06.0264 0x0594 qcusbser - ok
23:04:06.0353 0x0594 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:04:06.0387 0x0594 ql2300 - ok
23:04:06.0417 0x0594 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:04:06.0422 0x0594 ql40xx - ok
23:04:06.0457 0x0594 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
23:04:06.0475 0x0594 QWAVE - ok
23:04:06.0492 0x0594 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:04:06.0495 0x0594 QWAVEdrv - ok
23:04:06.0611 0x0594 [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:04:06.0683 0x0594 R300 - ok
23:04:06.0787 0x0594 [ 70DBDAB246C18B78E2200D6401D038BE, 18395D084AA9BEAF9C20736C90063CE1F862AF3A80F7752DB4FC0D1870D9996D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:04:06.0792 0x0594 RapiMgr - ok
23:04:06.0814 0x0594 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:04:06.0816 0x0594 RasAcd - ok
23:04:06.0848 0x0594 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
23:04:06.0855 0x0594 RasAuto - ok
23:04:06.0879 0x0594 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:04:06.0884 0x0594 Rasl2tp - ok
23:04:06.0935 0x0594 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
23:04:06.0949 0x0594 RasMan - ok
23:04:06.0987 0x0594 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:04:06.0990 0x0594 RasPppoe - ok
23:04:07.0037 0x0594 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:04:07.0041 0x0594 RasSstp - ok
23:04:07.0092 0x0594 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:04:07.0101 0x0594 rdbss - ok
23:04:07.0130 0x0594 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:04:07.0132 0x0594 RDPCDD - ok
23:04:07.0168 0x0594 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:04:07.0178 0x0594 rdpdr - ok
23:04:07.0190 0x0594 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:04:07.0193 0x0594 RDPENCDD - ok
23:04:07.0241 0x0594 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:04:07.0249 0x0594 RDPWD - ok
23:04:07.0297 0x0594 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
23:04:07.0304 0x0594 RemoteAccess - ok
23:04:07.0345 0x0594 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:04:07.0355 0x0594 RemoteRegistry - ok
23:04:07.0381 0x0594 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
23:04:07.0388 0x0594 RpcLocator - ok
23:04:07.0437 0x0594 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\system32\rpcss.dll
23:04:07.0454 0x0594 RpcSs - ok
23:04:07.0483 0x0594 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:04:07.0487 0x0594 rspndr - ok
23:04:07.0496 0x0594 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
23:04:07.0500 0x0594 SamSs - ok
23:04:07.0525 0x0594 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:04:07.0529 0x0594 sbp2port - ok
23:04:07.0580 0x0594 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:04:07.0588 0x0594 SCardSvr - ok
23:04:07.0661 0x0594 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
23:04:07.0683 0x0594 Schedule - ok
23:04:07.0708 0x0594 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
23:04:07.0710 0x0594 SCPolicySvc - ok
23:04:07.0753 0x0594 [ 2BB6360D3C8C3CDE893781CDE8CDCC41, 18322732DC7F0EBDE6A9ABF8DE561F57F930F2E573C05BF63E011DAE9B942C48 ] scssifilter C:\Windows\system32\Drivers\scssifilter32.sys
23:04:07.0756 0x0594 scssifilter - ok
23:04:07.0791 0x0594 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:04:07.0799 0x0594 SDRSVC - ok
23:04:07.0829 0x0594 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:04:07.0831 0x0594 secdrv - ok
23:04:07.0848 0x0594 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
23:04:07.0854 0x0594 seclogon - ok
23:04:07.0876 0x0594 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\System32\sens.dll
23:04:07.0883 0x0594 SENS - ok
23:04:07.0901 0x0594 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:04:07.0905 0x0594 Serenum - ok
23:04:07.0926 0x0594 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
23:04:07.0931 0x0594 Serial - ok
23:04:07.0951 0x0594 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:04:07.0953 0x0594 sermouse - ok
23:04:07.0995 0x0594 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
23:04:08.0002 0x0594 SessionEnv - ok
23:04:08.0019 0x0594 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:04:08.0022 0x0594 sffdisk - ok
23:04:08.0052 0x0594 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:04:08.0054 0x0594 sffp_mmc - ok
23:04:08.0068 0x0594 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:04:08.0071 0x0594 sffp_sd - ok
23:04:08.0081 0x0594 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:04:08.0083 0x0594 sfloppy - ok
23:04:08.0120 0x0594 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:04:08.0131 0x0594 SharedAccess - ok
23:04:08.0189 0x0594 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:04:08.0201 0x0594 ShellHWDetection - ok
23:04:08.0221 0x0594 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:04:08.0224 0x0594 sisagp - ok
23:04:08.0648 0x0594 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:04:08.0653 0x0594 SiSRaid2 - ok
23:04:08.0707 0x0594 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:04:08.0713 0x0594 SiSRaid4 - ok
23:04:08.0767 0x0594 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:04:08.0775 0x0594 SkypeUpdate - ok
23:04:08.0988 0x0594 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
23:04:09.0136 0x0594 slsvc - ok
23:04:09.0201 0x0594 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:04:09.0208 0x0594 SLUINotify - ok
23:04:09.0248 0x0594 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:04:09.0252 0x0594 Smb - ok
23:04:09.0297 0x0594 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:04:09.0303 0x0594 SNMPTRAP - ok
23:04:09.0334 0x0594 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
23:04:09.0337 0x0594 spldr - ok
23:04:09.0392 0x0594 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
23:04:09.0401 0x0594 Spooler - ok
23:04:09.0457 0x0594 sprtsvc_dellsupportcenter - ok
23:04:09.0515 0x0594 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
23:04:09.0527 0x0594 srv - ok
23:04:09.0594 0x0594 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:04:09.0600 0x0594 srv2 - ok
23:04:09.0618 0x0594 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:04:09.0625 0x0594 srvnet - ok
23:04:09.0680 0x0594 [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:04:09.0692 0x0594 SSDPSRV - ok
23:04:09.0743 0x0594 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:04:09.0753 0x0594 SstpSvc - ok
23:04:09.0851 0x0594 [ A87A39F9B42D82F5D60D36BB1D3CC9D3, F609CC721B898B5053FE34B24C94970453BD57441F9A2C93D4F77CB297D56169 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
23:04:09.0873 0x0594 Steam Client Service - ok
23:04:09.0942 0x0594 [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc C:\Windows\System32\wiaservc.dll
23:04:09.0970 0x0594 stisvc - ok
23:04:10.0018 0x0594 [ 7489520E98A119B5A9A00857F4F87D16, 818E070C16A85DD641A865CF439FF862A0D05B1E18B2329C24E8983074E0354E ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:04:10.0022 0x0594 stllssvr - ok
23:04:10.0061 0x0594 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:04:10.0065 0x0594 swenum - ok
23:04:10.0122 0x0594 [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv C:\Windows\System32\swprv.dll
23:04:10.0143 0x0594 swprv - ok
23:04:10.0170 0x0594 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:04:10.0174 0x0594 Symc8xx - ok
23:04:10.0197 0x0594 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:04:10.0201 0x0594 Sym_hi - ok
23:04:10.0222 0x0594 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:04:10.0227 0x0594 Sym_u3 - ok
23:04:10.0300 0x0594 [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain C:\Windows\system32\sysmain.dll
23:04:10.0331 0x0594 SysMain - ok
23:04:10.0370 0x0594 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:04:10.0382 0x0594 TabletInputService - ok
23:04:10.0438 0x0594 [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:04:10.0456 0x0594 TapiSrv - ok
23:04:10.0484 0x0594 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
23:04:10.0495 0x0594 TBS - ok
23:04:10.0594 0x0594 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:04:10.0634 0x0594 Tcpip - ok
23:04:10.0691 0x0594 [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:04:10.0727 0x0594 Tcpip6 - ok
23:04:10.0778 0x0594 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:04:10.0780 0x0594 tcpipreg - ok
23:04:10.0809 0x0594 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:04:10.0811 0x0594 TDPIPE - ok
23:04:10.0831 0x0594 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:04:10.0835 0x0594 TDTCP - ok
23:04:10.0877 0x0594 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:04:10.0881 0x0594 tdx - ok
23:04:10.0949 0x0594 TeamViewer6 - ok
23:04:10.0962 0x0594 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:04:10.0966 0x0594 TermDD - ok
23:04:11.0012 0x0594 [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService C:\Windows\System32\termsrv.dll
23:04:11.0030 0x0594 TermService - ok
23:04:11.0056 0x0594 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes C:\Windows\system32\shsvcs.dll
23:04:11.0066 0x0594 Themes - ok
23:04:11.0085 0x0594 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
23:04:11.0090 0x0594 THREADORDER - ok
23:04:11.0120 0x0594 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
23:04:11.0128 0x0594 TrkWks - ok
23:04:11.0186 0x0594 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:04:11.0188 0x0594 TrustedInstaller - ok
23:04:11.0248 0x0594 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:04:11.0251 0x0594 tssecsrv - ok
23:04:11.0281 0x0594 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:04:11.0284 0x0594 tunmp - ok
23:04:11.0354 0x0594 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:04:11.0357 0x0594 tunnel - ok
23:04:11.0384 0x0594 [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:04:11.0389 0x0594 uagp35 - ok
23:04:11.0443 0x0594 [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:04:11.0453 0x0594 udfs - ok
23:04:11.0505 0x0594 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:04:11.0513 0x0594 UI0Detect - ok
23:04:11.0544 0x0594 [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:04:11.0548 0x0594 uliagpkx - ok
23:04:11.0578 0x0594 [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:04:11.0587 0x0594 uliahci - ok
23:04:11.0627 0x0594 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:04:11.0633 0x0594 UlSata - ok
23:04:11.0686 0x0594 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:04:11.0694 0x0594 ulsata2 - ok
23:04:11.0728 0x0594 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:04:11.0732 0x0594 umbus - ok
23:04:11.0782 0x0594 [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost C:\Windows\System32\upnphost.dll
23:04:11.0801 0x0594 upnphost - ok
23:04:11.0856 0x0594 [ 73B41F4EAD65F355962168D766AF0F2E, AA33CAE55D4766C9F1E9F1B50EEAE1CA4BE968380C89892A46D2D25EAEEDC64D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:04:11.0861 0x0594 USBAAPL - ok
23:04:11.0930 0x0594 [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:04:11.0936 0x0594 usbaudio - ok
23:04:12.0005 0x0594 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:04:12.0010 0x0594 usbccgp - ok
23:04:12.0053 0x0594 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:04:12.0057 0x0594 usbcir - ok
23:04:12.0108 0x0594 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:04:12.0111 0x0594 usbehci - ok
23:04:12.0134 0x0594 [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:04:12.0142 0x0594 usbhub - ok
23:04:12.0197 0x0594 [ CBCDB7865F83DDB6322CB023584C5085, 9E26666D0B0FCBC5B78C54136CB2E55171F5CEB1733F16CE455A4CE26B65603A ] usbmp3 C:\Windows\system32\Drivers\usbmp332.sys
23:04:12.0198 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbmp332.sys. md5: CBCDB7865F83DDB6322CB023584C5085, sha256: 9E26666D0B0FCBC5B78C54136CB2E55171F5CEB1733F16CE455A4CE26B65603A
23:04:12.0199 0x0594 usbmp3 - detected LockedFile.Multi.Generic ( 1 )
23:04:15.0764 0x0594 Detect skipped due to KSN trusted
23:04:15.0764 0x0594 usbmp3 - ok
23:04:15.0884 0x0594 [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:04:15.0896 0x0594 usbohci - ok
23:04:15.0992 0x0594 [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:04:16.0051 0x0594 usbprint - ok
23:04:16.0177 0x0594 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:04:16.0213 0x0594 USBSTOR - ok
23:04:16.0379 0x0594 [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:04:16.0381 0x0594 usbuhci - ok
23:04:16.0436 0x0594 [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:04:16.0466 0x0594 usbvideo - ok
23:04:16.0541 0x0594 [ 81E98E4449793410A60D860E055FFFC4, 3AEBEB99DF504CD5810F172B963EDB9775FEEE1803A19FAD5503C3866297864F ] usbvox C:\Windows\system32\Drivers\usbvox32.sys
23:04:16.0542 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvox32.sys. md5: 81E98E4449793410A60D860E055FFFC4, sha256: 3AEBEB99DF504CD5810F172B963EDB9775FEEE1803A19FAD5503C3866297864F
23:04:16.0543 0x0594 usbvox - detected LockedFile.Multi.Generic ( 1 )
23:04:19.0706 0x0594 Detect skipped due to KSN trusted
23:04:19.0706 0x0594 usbvox - ok
23:04:19.0890 0x0594 [ 40168C558FD8774D49010F326E5C9B9E, F9C8CB8BD5959D9F2EF28B62F6A8000893B1C48E87E88E8D732B63DB712E90DD ] usbwav C:\Windows\system32\Drivers\usbwav32.sys
23:04:19.0892 0x0594 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbwav32.sys. md5: 40168C558FD8774D49010F326E5C9B9E, sha256: F9C8CB8BD5959D9F2EF28B62F6A8000893B1C48E87E88E8D732B63DB712E90DD
23:04:19.0893 0x0594 usbwav - detected LockedFile.Multi.Generic ( 1 )
23:04:23.0069 0x0594 Detect skipped due to KSN trusted
23:04:23.0069 0x0594 usbwav - ok
23:04:23.0207 0x0594 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:04:23.0237 0x0594 usb_rndisx - ok
23:04:23.0300 0x0594 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
23:04:23.0329 0x0594 UxSms - ok
23:04:23.0479 0x0594 [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds C:\Windows\System32\vds.exe
23:04:23.0530 0x0594 vds - ok
23:04:23.0636 0x0594 [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:04:23.0670 0x0594 vga - ok
23:04:23.0731 0x0594 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:04:23.0761 0x0594 VgaSave - ok
23:04:23.0806 0x0594 [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:04:23.0836 0x0594 viaagp - ok
23:04:23.0882 0x0594 [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:04:23.0887 0x0594 ViaC7 - ok
23:04:23.0912 0x0594 [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide C:\Windows\system32\drivers\viaide.sys
23:04:23.0917 0x0594 viaide - ok
23:04:23.0950 0x0594 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:04:23.0955 0x0594 volmgr - ok
23:04:24.0278 0x0594 [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:04:24.0371 0x0594 volmgrx - ok
23:04:24.0545 0x0594 [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:04:24.0579 0x0594 volsnap - ok
23:04:24.0689 0x0594 [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:04:24.0697 0x0594 vsmraid - ok
23:04:25.0226 0x0594 [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS C:\Windows\system32\vssvc.exe
23:04:25.0274 0x0594 VSS - ok
23:04:25.0423 0x0594 [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time C:\Windows\system32\w32time.dll
23:04:25.0445 0x0594 W32Time - ok
23:04:25.0489 0x0594 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:04:25.0508 0x0594 WacomPen - ok
23:04:25.0574 0x0594 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:04:25.0579 0x0594 Wanarp - ok
23:04:25.0598 0x0594 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:04:25.0602 0x0594 Wanarpv6 - ok
23:04:25.0720 0x0594 [ 779F9C90D3FE9C70B6FFD8EF035F3E83, 4E38026BA53139B4A10D5E8F00413FAF442A2A42FE1388FCF2155F07BE826750 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:04:25.0736 0x0594 WcesComm - ok
23:04:25.0990 0x0594 [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:04:26.0034 0x0594 wcncsvc - ok
23:04:26.0094 0x0594 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:04:26.0120 0x0594 WcsPlugInService - ok
23:04:26.0166 0x0594 [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd C:\Windows\system32\drivers\wd.sys
23:04:26.0169 0x0594 Wd - ok
23:04:26.0372 0x0594 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:04:26.0431 0x0594 Wdf01000 - ok
23:04:26.0488 0x0594 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:04:26.0510 0x0594 WdiServiceHost - ok
23:04:26.0527 0x0594 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:04:26.0541 0x0594 WdiSystemHost - ok
23:04:26.0612 0x0594 [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient C:\Windows\System32\webclnt.dll
23:04:26.0634 0x0594 WebClient - ok
23:04:26.0694 0x0594 [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:04:26.0718 0x0594 Wecsvc - ok
23:04:26.0754 0x0594 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:04:26.0770 0x0594 wercplsupport - ok
23:04:26.0822 0x0594 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
23:04:26.0842 0x0594 WerSvc - ok
23:04:26.0900 0x0594 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A, 5C70AA76991B85D4EA52C70A03C932B34B51133CC55B3F4CC25F4A7044574885 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:04:26.0933 0x0594 winachsf - ok
23:04:27.0002 0x0594 [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:04:27.0016 0x0594 WinDefend - ok
23:04:27.0059 0x0594 WinHttpAutoProxySvc - ok
23:04:27.0172 0x0594 [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:04:27.0193 0x0594 Winmgmt - ok
23:04:27.0410 0x0594 [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM C:\Windows\system32\WsmSvc.dll
23:04:27.0504 0x0594 WinRM - ok
23:04:27.0654 0x0594 [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:04:27.0685 0x0594 Wlansvc - ok
23:04:27.0741 0x0594 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:04:27.0748 0x0594 WmiAcpi - ok
23:04:27.0812 0x0594 [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:04:27.0821 0x0594 wmiApSrv - ok
23:04:28.0015 0x0594 [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:04:28.0069 0x0594 WMPNetworkSvc - ok
23:04:28.0130 0x0594 [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:04:28.0147 0x0594 WPCSvc - ok
23:04:28.0213 0x0594 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:04:28.0232 0x0594 WPDBusEnum - ok
23:04:28.0307 0x0594 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:04:28.0312 0x0594 WpdUsb - ok
23:04:28.0525 0x0594 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:04:28.0571 0x0594 WPFFontCache_v0400 - ok
23:04:28.0627 0x0594 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:04:28.0652 0x0594 ws2ifsl - ok
23:04:28.0710 0x0594 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
23:04:28.0725 0x0594 wscsvc - ok
23:04:28.0741 0x0594 WSearch - ok
23:04:29.0179 0x0594 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv C:\Windows\system32\wuaueng.dll
23:04:29.0304 0x0594 wuauserv - ok
23:04:29.0367 0x0594 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:04:29.0378 0x0594 WudfPf - ok
23:04:29.0463 0x0594 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:04:29.0472 0x0594 WUDFRd - ok
23:04:29.0511 0x0594 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:04:29.0535 0x0594 wudfsvc - ok
23:04:29.0578 0x0594 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8, 3660379AADB6DB56E54D9C680929CD3882CDE4E6A8BB888FC892110D6B50C627 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
23:04:29.0582 0x0594 XAudio - ok
23:04:29.0652 0x0594 [ 28DC5D626E036A75A572556F0A6EB1F6, 9AE635C08B87AD85A552ADE0AF8BA10DC258E0DEFE133A2A74EFCD43B7A38A98 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
23:04:29.0670 0x0594 XAudioService - ok
23:04:29.0736 0x0594 ZTEusbmdm6k - ok
23:04:29.0756 0x0594 ZTEusbnet - ok
23:04:29.0785 0x0594 ZTEusbnmea - ok
23:04:29.0804 0x0594 ZTEusbser6k - ok
23:04:29.0880 0x0594 ================ Scan global ===============================
23:04:29.0925 0x0594 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:04:30.0032 0x0594 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:04:30.0079 0x0594 [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:04:30.0164 0x0594 [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
23:04:30.0196 0x0594 [ Global ] - ok
23:04:30.0197 0x0594 ================ Scan MBR ==================================
23:04:30.0216 0x0594 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:04:31.0490 0x0594 \Device\Harddisk0\DR0 - ok
23:04:31.0491 0x0594 ================ Scan VBR ==================================
23:04:31.0516 0x0594 [ B5CAB131F4F2BFB346C80096D0AD2AC2 ] \Device\Harddisk0\DR0\Partition1
23:04:31.0519 0x0594 \Device\Harddisk0\DR0\Partition1 - ok
23:04:31.0521 0x0594 Waiting for KSN requests completion. In queue: 48
23:04:32.0521 0x0594 Waiting for KSN requests completion. In queue: 48
23:04:33.0521 0x0594 Waiting for KSN requests completion. In queue: 48
23:04:34.0521 0x0594 Waiting for KSN requests completion. In queue: 48
23:04:35.0565 0x0594 AV detected via SS2: avast! Internet Security, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2011.263 ), 0x41000 ( enabled : updated )
23:04:35.0592 0x0594 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 6.3.32439.2937 ), 0x61010 ( enabled )
23:04:35.0595 0x0594 FW detected via SS2: avast! Internet Security, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2011.263 ), 0x41010 ( enabled )
23:04:38.0811 0x0594 ============================================================
23:04:38.0811 0x0594 Scan finished
23:04:38.0811 0x0594 ============================================================
23:04:38.0827 0x12f8 Detected object count: 1
23:04:38.0827 0x12f8 Actual detected object count: 1
23:04:44.0900 0x12f8 .Net Crypt ( LockedFile.Multi.Generic ) - skipped by user
23:04:44.0900 0x12f8 .Net Crypt ( LockedFile.Multi.Generic ) - User select action: Skip
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 12th, 2014, 5:03 pm

Hi HelloEveryone,

I'd like to check the files you're complaining about at VirusTotal:
Online Multi Antivirus file scan
Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:
C:\Windows\system32\mutex-Threads.exe
C:\Windows\system32\idle-Threads.exe
C:\Windows\system32\latch-Threads.exe
C:\Windows\system32\semaphore-Threads.exe


  • Press the Browse button and navigate to -one- of the files in the list.
  • Double click the located file name. The file name should now appear in the online scanner's text entry box.
  • Click on Send File button.
  • The file will be queued, uploaded and scanned by various antivirus scanners. This may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  • When all scans have completed the results page is displayed
  • Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  • Please repeat this procedure for each file listed above.
  • Paste the Web address link(s) for the scan results in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 13th, 2014, 8:22 am

Hey Nunped,

I can't seem to find the files in c:\windows\system32
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 13th, 2014, 12:38 pm

Ok,

Try the following first, and then proceed with the instructions to upload the viles to VirusTotal:
Set Your Computer to Show All Files/Folders.

  • Click Start.
  • Click My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • Uncheck Hide protected operating system files (recommended).
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 16th, 2014, 9:34 am

Hi Nunped,

I managed to find the files but it wouldn't let me upload them to the site i got the message

File not found
Check the file name and try again
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 17th, 2014, 2:09 pm

Hi HelloEveryone,

Please try to upload this file to VirusTotal as instructed before:
C:\bcdbootsC46EE56FE.exe

Then...

aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Right click the aswMBR.exe icon and select "run as administrator" to run it.
  2. aswmbr uses Avast's virus definition, if prompted to download definitions, reply Yes.
    It may take some time for these definitions to download, please be patient.
  3. Make sure Quick Scan is set in the options, then click the "Scan" button to start the scan.
    The scan wil take a few minutes, please be patient.
  4. On completion, "Scan finished successfully" will be displayed. Press the "Save log" button.
  5. You'll be prompted to save a file named "aswMBR.txt". Save it to your desktop.
  6. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat
This is a copy of your MBR record, before any changes, to be used to recover MBR to previous condition, if problem exist after changes.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 19th, 2014, 2:42 pm

Hi Nunped,

Here's the log file and url

https://www.virustotal.com/en/file/229d ... 390021361/

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-20 02:30:43
-----------------------------
02:30:43.692 OS Version: Windows 6.0.6002 Service Pack 2
02:30:43.692 Number of processors: 2 586 0xF0D
02:30:43.700 ComputerName: USER-PC UserName:
02:30:44.316 Initialize success
02:30:47.290 AVAST engine defs: 14011900
02:31:11.402 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:31:11.406 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABNA Size: 152587MB BusType: 3
02:31:11.552 Disk 0 MBR read successfully
02:31:11.556 Disk 0 MBR scan
02:31:11.563 Disk 0 Windows VISTA default MBR code
02:31:11.567 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
02:31:11.588 Disk 0 Partition 2 00 32 10240 MB offset 98304
02:31:11.608 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142298 MB offset 21069824
02:31:11.619 Disk 0 scanning sectors +312496128
02:31:11.721 Disk 0 scanning C:\Windows\system32\drivers
02:31:23.546 Service scanning
02:31:53.530 Modules scanning
02:32:02.588 Disk 0 trace - called modules:
02:32:02.632 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
02:32:02.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86643ac8]
02:32:02.646 3 CLASSPNP.SYS[88fa08b3] -> nt!IofCallDriver -> [0x85e02918]
02:32:02.653 5 acpi.sys[806a66bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e19b98]
02:32:03.485 AVAST engine scan C:\Windows
02:32:06.268 AVAST engine scan C:\Windows\system32
02:34:50.745 AVAST engine scan C:\Windows\system32\drivers
02:35:09.193 AVAST engine scan C:\Users\SL!ghtLY St00p!D
02:37:37.951 AVAST engine scan C:\ProgramData
02:39:06.038 Scan finished successfully
02:39:36.287 Disk 0 MBR has been saved successfully to "C:\Users\SL!ghtLY St00p!D\Desktop\MBR.dat"
02:39:36.299 The log file has been saved successfully to "C:\Users\SL!ghtLY St00p!D\Desktop\aswMBR.txt"
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware