Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection causes Computer to Freeze/Crash


  • This topic is locked This topic is locked
20 replies to this topic

#1 dg281

dg281

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 07 March 2013 - 06:05 PM

First of all thanks for taking the time to help me with my computer problems. I believe that my computer is infected with something but I don't know what it is or how to remove it. Here is what has been happening to my computer in the past day.

 

 

* The computer will play sound advertisments randomly even when no other programs are open.

 

* The computer takes about twice as long to boot up

 

* Computer programs will freeze randomly and the computer needs to be restarted to fix the program.

 

* The computer will randomly blue screen.

 

* Sometimes programs will not load with the error message: " 'File Path for EXE'

The client of a component requested an operation which is not valid given the state of the componet instance. " A restart fixes this.

 

I have run MBAM twice. The first time it removed two rootkits and the second time nothing was detected. This did not fix the problem. Here are the logs:

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.07.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Drew :: DREW-PC [administrator]

3/6/2013 11:50:54 PM
mbam-log-2013-03-06 (23-50-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268399
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Drew\AppData\Local\Temp\icq.exe (Rootkit.0Access.Gen) -> Quarantined and deleted successfully.
C:\Users\Drew\AppData\Local\Temp\msimg32.dll (Rootkit.0Access.Gen) -> Quarantined and deleted successfully.

(end)
 

 

 

 

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.07.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Drew :: DREW-PC [administrator]

3/7/2013 11:21:03 AM
mbam-log-2013-03-07 (11-21-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269670
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 07 March 2013 - 07:32 PM

Hello dg281, and   :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.
 
I am oneof4, and I am here to help you!
 

  •  


  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

 

  • Please perform all steps in the order received and do not proceed if you need clarification.

 

  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

 

  • At the top right-center  of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

 

  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.

 

  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!

 

  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

 
 
==========
 
We need to see some information about what is happening in your machine.  Please perform the following scans:
 
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 
==========
 

  •  


  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  


 

  • Double click on the DDS icon, allow it to run.


  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running.


  • Notepad will open with the results.


  • Follow the instructions that pop up for posting the results.


  • Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  
 
Information on A/V control HERE
 
==========
 
Please download aswMBR ( 511KB ) to your desktop.

  •  


  • Double click the aswMBR.exe icon to run it


  • Click the Scan button to start the scan


  • On completion of the scan, click the  save log button, save it to your desktop and post it in your next reply.

 
 
Things I need to see in your next reply:
 

  •  


  • checkup.txt


  • DDS.txt


  • Attach.txt


  • aswMBR.txt


Best Regards,
oneof4.


#3 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 08 March 2013 - 12:19 AM

Hello oneof4. Thanks for your help on my computer issues.

 

I followed your directions and have all four log files, but I did have to restart my computer several times because I got the error message: " 'File Path for Security Check.exe or aswMBR.exe' The client of a component requested an operation which is not valid given the state of the componet instance. ". Additionally my computer crashed during the first aswMBR run. I should also mention that before I posted here I ran combofix once, but it did not finish and I restored my system to the restore point created at the begining of the run and I don't think that it had and effect on my computer. Be assured that now I am not running anything without your instruction to do so first. Anyway here are the log files:

 

checkup.txt

 

 Results of screen317's Security Check version 0.99.60  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player 11.6.602.171  
 Adobe Reader XI  
 Mozilla Firefox (19.0)
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.7.2
Run by Drew at 21:20:07 on 2013-03-07
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4095.2787 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyOverride = 127.0.0.1:9421
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Drew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Spotify Web Helper] "C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Drew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Drew\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1}\3536865747475627 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1}\3536865747475627D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1}\35563657275677962756C6563737 : DHCPNameServer = 10.27.3.2 10.25.3.2
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1}\4786567616263747562737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4A7C8485-1F99-48A9-B780-8ED460DBCFD1}\47865676162637475627375376 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5096A0F0-82D0-4D38-AADD-F4A7F687BA4A} : DHCPNameServer = 10.27.3.2 10.25.3.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hwhyuhre.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112477&babsrc=KW_ss&mntrId=a457c4c800000000000000215d0e8146&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Drew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112477
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a457c4c800000000000000215d0e8146
FF - user.js: extensions.BabylonToolbar_i.hardId - a457c4c800000000000000215d0e8146
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:39:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-03-07 16:24:58    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D30EE87-D32F-4376-83F9-577452C3E248}\offreg.dll
2013-03-07 02:29:47    --------    d-s---w-    C:\ComboFix
2013-03-06 16:13:26    9162192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D30EE87-D32F-4376-83F9-577452C3E248}\mpengine.dll
2013-03-05 16:03:53    9162192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-28 18:49:38    --------    d-----w-    C:\MBF_ImageJ
2013-02-28 16:19:07    --------    d-s---w-    C:\Users\Drew\Google Drive
2013-02-21 03:24:33    --------    d-----w-    C:\Program Files (x86)\Visual Leak Detector
2013-02-14 05:41:12    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 05:41:11    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:31:31    5500776    ----a-w-    C:\Windows\System32\ntoskrnl.exe
.
==================== Find3M  ====================
.
2013-03-01 00:50:08    71024    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-01 00:50:08    691568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-20 20:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-05 05:02:17    3957608    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02:17    3902312    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41:01    1893224    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-04 05:40:54    287576    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-01-04 05:37:01    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2013-01-04 05:37:00    243200    ----a-w-    C:\Windows\System32\wow64.dll
2013-01-04 05:37:00    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2013-01-04 05:36:33    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 05:33:49    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-01-04 05:30:34    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-01-04 05:27:03    6144    ---ha-w-    C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27:03    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27:02    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27:02    4096    ---ha-w-    C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27:01    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27:01    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27:00    4608    ---ha-w-    C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27:00    3584    ---ha-w-    C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27:00    3072    ---ha-w-    C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:51:09    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:51:08    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-01-04 03:22:49    3150848    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 03:19:55    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-01-04 02:48:37    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:48:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:48:34    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-04 02:48:33    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:43:35    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43:34    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43:34    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43:34    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-12-16 16:52:02    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2012-12-16 14:40:45    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2012-12-16 14:25:27    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:25:19    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:22:25.50 ===============
 

aswMBR.txt:

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-07 22:31:29
-----------------------------
22:31:29.278    OS Version: Windows x64 6.1.7600
22:31:29.279    Number of processors: 2 586 0xF0D
22:31:29.279    ComputerName: DREW-PC  UserName: Drew
22:32:06.099    Initialize success
22:32:26.743    AVAST engine defs: 13030703
22:32:31.409    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:32:31.415    Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
22:32:31.482    Disk 0 MBR read successfully
22:32:31.487    Disk 0 MBR scan
22:32:31.496    Disk 0 unknown MBR code
22:32:31.524    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10997 MB offset 63
22:32:31.556    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119232 MB offset 22523130
22:32:31.610    Disk 0 Partition - 00     0F Extended LBA            108244 MB offset 266711280
22:32:31.699    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       108243 MB offset 266713088
22:32:31.920    Disk 0 scanning C:\Windows\system32\drivers
22:33:21.599    Service scanning
22:34:33.911    Modules scanning
22:34:33.934    Disk 0 trace - called modules:
22:34:34.333    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:34:34.346    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c46060]
22:34:34.360    3 CLASSPNP.SYS[fffff8800197643f] -> nt!IofCallDriver -> [0xfffffa80046e31e0]
22:34:34.375    5 ACPI.sys[fffff88000ef4781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046f4060]
22:34:35.639    AVAST engine scan C:\Windows
22:34:38.601    AVAST engine scan C:\Windows\system32
22:44:28.462    AVAST engine scan C:\Windows\system32\drivers
22:44:51.013    AVAST engine scan C:\Users\Drew
22:50:19.299    File: C:\Users\Drew\AppData\LocalLow\CA4F.tmp  **INFECTED** Win32:Malware-gen
22:53:17.817    AVAST engine scan C:\ProgramData
22:55:33.048    Scan finished successfully
22:59:31.403    Disk 0 MBR has been saved successfully to "C:\Users\Drew\Desktop\MBR.dat"
22:59:31.482    The log file has been saved successfully to "C:\Users\Drew\Desktop\aswMBR.txt"

 

Attached Files


Edited by dg281, 08 March 2013 - 12:11 PM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 10 March 2013 - 02:12 PM

Hello dg281   :)
 
Going over your logs I noticed that you have uTorrent installed.
 

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs


If you wish to keep it, please do not use it until your computer is cleaned
 
==========
 

On your Desktop, there should be a file titled MBR.DAT.  Right-Click on it , choose Send To, and zip it up, then  please attach that file to your next reply. (The process to Attach files is at the bottom of the reply window).

 

==========

 

I should also mention that before I posted here I ran combofix once, but it did not finish and I restored my system to the restore point created at the begining of the run and I don't think that it had and effect on my computer.


Look in the following location, C:\Qoobox to see if ComboFix created a log from the failed run. If it did, there should be a file named ComboFix.txt in the Qoobox folder. If it's there, open it in Notepad, and copy and paste the contents in your next reply. Stop at this point, until I get a chance to look at the ComboFix.txt.
 
However, if there is no ComboFix.txt, then proceed to the next set of instructions.
 
Delete the version of ComboFix that you currently have by simply right-clicking on the ComboFix.exe icon, and choose "Delete", then proceed to the following:
 
Download Combofix from either of the links below but rename it to Goog.exe before saving it to your desktop.

"http://download.bleepingcomputer.com/sUBs/ComboFix.exe"
"http://www.infospyware.net/antimalware/combofix"


==================================


Double click on the renamed ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.

 

  • Please post the C:\ComboFix.txt so we can continue cleaning the system

Best Regards,
oneof4.


#5 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 10 March 2013 - 11:41 PM

Hello again,

 

I did not find a log file in C:\Qoobox so I ran combofix as per your instructions. The program scanned sucessfully and then restarted but then I started to have problems. Upon restarting dos promts would pop up every second and disappear in a second. I let this go for 2 hours an nothing changed so I restarted the computer. This time combofix came up with preparing log report, but it stalled on that message. I let that sit for a few hours but nothing changed so I restarted once again and this time nothing came up upon logging in. I search for a log file in C:\Qoobox C:\ and C:\ Combofix but I could not find one. The computer is still freezing and ads are still being played.

 

On a side I tried to uninstall utorrent and was unable to do so using the add/remove programs uninstaller. I was thinking about using Revo to uninstall it but I wanted to get your approval to do so first.

Attached Files

  • Attached File  MBR.zip   568bytes   3 downloads


#6 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 11 March 2013 - 05:42 AM

Hang tight for now, and give me a chance to look over your master-boot-record. The answer may be in that.


Best Regards,
oneof4.


#7 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 13 March 2013 - 09:22 PM

Hey dg281, :)

 

Let's see if the following rootkit scanner helps clear things up a bit:

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Best Regards,
oneof4.


#8 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 14 March 2013 - 02:42 PM

Hello oneof4,

 

I scanned with TDSSKiller and it found and cured one malicious object. The computer seems to be doing much better as I am not hearing ads and the computer is not freezing, but I will update this post should anything change. Here is the log file for the run:

 

14:41:41.0506 3584  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:41:42.0103 3584  ============================================================
14:41:42.0103 3584  Current date / time: 2013/03/14 14:41:42.0103
14:41:42.0103 3584  SystemInfo:
14:41:42.0103 3584  
14:41:42.0103 3584  OS Version: 6.1.7600 ServicePack: 0.0
14:41:42.0103 3584  Product type: Workstation
14:41:42.0103 3584  ComputerName: DREW-PC
14:41:42.0103 3584  UserName: Drew
14:41:42.0103 3584  Windows directory: C:\Windows
14:41:42.0103 3584  System windows directory: C:\Windows
14:41:42.0103 3584  Running under WOW64
14:41:42.0103 3584  Processor architecture: Intel x64
14:41:42.0103 3584  Number of processors: 2
14:41:42.0103 3584  Page size: 0x1000
14:41:42.0103 3584  Boot type: Normal boot
14:41:42.0103 3584  ============================================================
14:41:43.0941 3584  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x2A57C7, SectorsPerTrack: 0x2C, TracksPerCylinder: 0x4, Type 'K0', Flags 0x00000040
14:41:44.0019 3584  ============================================================
14:41:44.0019 3584  \Device\Harddisk0\DR0:
14:41:44.0019 3584  MBR partitions:
14:41:44.0019 3584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157ACFA, BlocksNum 0xE8E0360
14:41:44.0042 3584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFE5B800, BlocksNum 0xD369800
14:41:44.0042 3584  ============================================================
14:41:44.0086 3584  C: <-> \Device\Harddisk0\DR0\Partition1
14:41:44.0141 3584  D: <-> \Device\Harddisk0\DR0\Partition2
14:41:44.0141 3584  ============================================================
14:41:44.0141 3584  Initialize success
14:41:44.0141 3584  ============================================================
14:41:47.0930 3304  ============================================================
14:41:47.0930 3304  Scan started
14:41:47.0930 3304  Mode: Manual;
14:41:47.0931 3304  ============================================================
14:41:49.0212 3304  ================ Scan system memory ========================
14:41:49.0212 3304  System memory - ok
14:41:49.0212 3304  ================ Scan services =============================
14:41:49.0410 3304  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
14:41:49.0413 3304  1394ohci - ok
14:41:49.0452 3304  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
14:41:49.0457 3304  ACPI - ok
14:41:49.0487 3304  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
14:41:49.0488 3304  AcpiPmi - ok
14:41:49.0613 3304  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:41:50.0282 3304  AdobeARMservice - ok
14:41:50.0424 3304  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:41:50.0429 3304  AdobeFlashPlayerUpdateSvc - ok
14:41:50.0488 3304  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:41:50.0496 3304  adp94xx - ok
14:41:50.0551 3304  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:41:50.0557 3304  adpahci - ok
14:41:50.0602 3304  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:41:50.0605 3304  adpu320 - ok
14:41:50.0645 3304  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:41:50.0646 3304  AeLookupSvc - ok
14:41:50.0697 3304  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
14:41:50.0702 3304  AFD - ok
14:41:50.0742 3304  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
14:41:50.0744 3304  agp440 - ok
14:41:50.0922 3304  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
14:41:50.0922 3304  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
14:41:50.0933 3304  Akamai ( HiddenFile.Multi.Generic ) - warning
14:41:50.0933 3304  Akamai - detected HiddenFile.Multi.Generic (1)
14:41:50.0972 3304  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:41:50.0974 3304  ALG - ok
14:41:51.0005 3304  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
14:41:51.0007 3304  aliide - ok
14:41:51.0012 3304  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
14:41:51.0014 3304  amdide - ok
14:41:51.0050 3304  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:41:51.0052 3304  AmdK8 - ok
14:41:51.0064 3304  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:41:51.0065 3304  AmdPPM - ok
14:41:51.0117 3304  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:41:51.0120 3304  amdsata - ok
14:41:51.0148 3304  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:41:51.0151 3304  amdsbs - ok
14:41:51.0162 3304  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:41:51.0163 3304  amdxata - ok
14:41:51.0215 3304  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
14:41:51.0217 3304  AppID - ok
14:41:51.0239 3304  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:41:51.0241 3304  AppIDSvc - ok
14:41:51.0267 3304  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
14:41:51.0269 3304  Appinfo - ok
14:41:51.0324 3304  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:41:51.0328 3304  AppMgmt - ok
14:41:51.0373 3304  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:41:51.0375 3304  arc - ok
14:41:51.0396 3304  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:41:51.0398 3304  arcsas - ok
14:41:51.0531 3304  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:41:51.0567 3304  aspnet_state - ok
14:41:51.0614 3304  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:41:51.0615 3304  AsyncMac - ok
14:41:51.0631 3304  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
14:41:51.0632 3304  atapi - ok
14:41:51.0684 3304  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:41:51.0707 3304  AudioEndpointBuilder - ok
14:41:51.0729 3304  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:41:51.0733 3304  AudioSrv - ok
14:41:51.0774 3304  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:41:51.0777 3304  AxInstSV - ok
14:41:51.0817 3304  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:41:51.0839 3304  b06bdrv - ok
14:41:51.0879 3304  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:41:51.0884 3304  b57nd60a - ok
14:41:51.0914 3304  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:41:51.0917 3304  BDESVC - ok
14:41:51.0952 3304  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:41:51.0953 3304  Beep - ok
14:41:52.0005 3304  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
14:41:52.0039 3304  BFE - ok
14:41:52.0083 3304  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
14:41:52.0128 3304  BITS - ok
14:41:52.0150 3304  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:41:52.0151 3304  blbdrive - ok
14:41:52.0193 3304  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:41:52.0194 3304  bowser - ok
14:41:52.0206 3304  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:41:52.0207 3304  BrFiltLo - ok
14:41:52.0225 3304  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:41:52.0226 3304  BrFiltUp - ok
14:41:52.0275 3304  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:41:52.0278 3304  BridgeMP - ok
14:41:52.0310 3304  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
14:41:52.0311 3304  Browser - ok
14:41:52.0336 3304  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:41:52.0341 3304  Brserid - ok
14:41:52.0357 3304  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:41:52.0358 3304  BrSerWdm - ok
14:41:52.0364 3304  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:41:52.0365 3304  BrUsbMdm - ok
14:41:52.0371 3304  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:41:52.0374 3304  BrUsbSer - ok
14:41:52.0381 3304  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:41:52.0385 3304  BTHMODEM - ok
14:41:52.0416 3304  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:41:52.0418 3304  bthserv - ok
14:41:52.0603 3304  catchme - ok
14:41:52.0638 3304  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:41:52.0641 3304  cdfs - ok
14:41:52.0686 3304  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:41:52.0688 3304  cdrom - ok
14:41:52.0743 3304  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:41:52.0745 3304  CertPropSvc - ok
14:41:52.0775 3304  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:41:52.0776 3304  circlass - ok
14:41:52.0800 3304  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:41:52.0811 3304  CLFS - ok
14:41:52.0873 3304  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:41:52.0877 3304  clr_optimization_v2.0.50727_32 - ok
14:41:52.0926 3304  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:41:52.0930 3304  clr_optimization_v2.0.50727_64 - ok
14:41:52.0995 3304  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:41:53.0191 3304  clr_optimization_v4.0.30319_32 - ok
14:41:53.0211 3304  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:41:53.0224 3304  clr_optimization_v4.0.30319_64 - ok
14:41:53.0263 3304  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:41:53.0264 3304  CmBatt - ok
14:41:53.0277 3304  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
14:41:53.0278 3304  cmdide - ok
14:41:53.0325 3304  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:41:53.0348 3304  CNG - ok
14:41:53.0362 3304  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:41:53.0363 3304  Compbatt - ok
14:41:53.0400 3304  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:41:53.0406 3304  CompositeBus - ok
14:41:53.0421 3304  COMSysApp - ok
14:41:53.0437 3304  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:41:53.0438 3304  crcdisk - ok
14:41:53.0484 3304  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:41:53.0487 3304  CryptSvc - ok
14:41:53.0534 3304  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
14:41:53.0539 3304  CSC - ok
14:41:53.0571 3304  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
14:41:53.0581 3304  CscService - ok
14:41:53.0643 3304  [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA    C:\Windows\system32\DRIVERS\emDevice64.sys
14:41:53.0647 3304  DCamUSBEMPIA - ok
14:41:53.0705 3304  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:41:53.0728 3304  DcomLaunch - ok
14:41:53.0761 3304  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:41:53.0766 3304  defragsvc - ok
14:41:53.0808 3304  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:41:53.0809 3304  DfsC - ok
14:41:53.0856 3304  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:41:53.0861 3304  Dhcp - ok
14:41:53.0909 3304  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:41:53.0910 3304  discache - ok
14:41:53.0951 3304  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:41:53.0952 3304  Disk - ok
14:41:53.0998 3304  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:41:54.0002 3304  Dnscache - ok
14:41:54.0038 3304  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
14:41:54.0043 3304  dot3svc - ok
14:41:54.0068 3304  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
14:41:54.0071 3304  DPS - ok
14:41:54.0125 3304  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:41:54.0126 3304  drmkaud - ok
14:41:54.0175 3304  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:41:54.0177 3304  dtsoftbus01 - ok
14:41:54.0229 3304  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:41:54.0235 3304  DXGKrnl - ok
14:41:54.0287 3304  EagleX64 - ok
14:41:54.0341 3304  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:41:54.0343 3304  EapHost - ok
14:41:54.0451 3304  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:41:54.0541 3304  ebdrv - ok
14:41:54.0593 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
14:41:54.0595 3304  EFS - ok
14:41:54.0654 3304  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:41:54.0664 3304  ehRecvr - ok
14:41:54.0692 3304  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:41:54.0694 3304  ehSched - ok
14:41:54.0749 3304  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:41:54.0794 3304  elxstor - ok
14:41:54.0858 3304  [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio         C:\Windows\system32\drivers\emAudio64.sys
14:41:54.0860 3304  emAudio - ok
14:41:54.0875 3304  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
14:41:54.0876 3304  ErrDev - ok
14:41:54.0955 3304  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:41:54.0966 3304  EventSystem - ok
14:41:54.0991 3304  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:41:54.0995 3304  exfat - ok
14:41:55.0026 3304  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:41:55.0028 3304  fastfat - ok
14:41:55.0083 3304  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
14:41:55.0106 3304  Fax - ok
14:41:55.0122 3304  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:41:55.0124 3304  fdc - ok
14:41:55.0159 3304  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:41:55.0160 3304  fdPHost - ok
14:41:55.0171 3304  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:41:55.0172 3304  FDResPub - ok
14:41:55.0203 3304  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:41:55.0204 3304  FileInfo - ok
14:41:55.0223 3304  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:41:55.0224 3304  Filetrace - ok
14:41:55.0267 3304  [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA    C:\Windows\system32\DRIVERS\emFilter64.sys
14:41:55.0268 3304  FiltUSBEMPIA - ok
14:41:55.0281 3304  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:41:55.0282 3304  flpydisk - ok
14:41:55.0321 3304  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:41:55.0325 3304  FltMgr - ok
14:41:55.0378 3304  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
14:41:55.0413 3304  FontCache - ok
14:41:55.0454 3304  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:41:55.0456 3304  FontCache3.0.0.0 - ok
14:41:55.0479 3304  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:41:55.0480 3304  FsDepends - ok
14:41:55.0509 3304  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:41:55.0509 3304  Fs_Rec - ok
14:41:55.0551 3304  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:41:55.0555 3304  fvevol - ok
14:41:55.0599 3304  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:41:55.0601 3304  gagp30kx - ok
14:41:55.0645 3304  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
14:41:55.0657 3304  gpsvc - ok
14:41:55.0743 3304  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:41:55.0746 3304  gupdate - ok
14:41:55.0751 3304  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:41:55.0753 3304  gupdatem - ok
14:41:55.0782 3304  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:41:55.0784 3304  hcw85cir - ok
14:41:55.0834 3304  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:41:55.0837 3304  HdAudAddService - ok
14:41:55.0866 3304  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:41:55.0867 3304  HDAudBus - ok
14:41:55.0880 3304  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:41:55.0883 3304  HidBatt - ok
14:41:55.0896 3304  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:41:55.0899 3304  HidBth - ok
14:41:55.0926 3304  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:41:55.0927 3304  HidIr - ok
14:41:55.0956 3304  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:41:55.0957 3304  hidserv - ok
14:41:56.0005 3304  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:41:56.0006 3304  HidUsb - ok
14:41:56.0025 3304  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:41:56.0028 3304  hkmsvc - ok
14:41:56.0060 3304  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:41:56.0065 3304  HomeGroupListener - ok
14:41:56.0108 3304  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:41:56.0112 3304  HomeGroupProvider - ok
14:41:56.0160 3304  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
14:41:56.0161 3304  HpSAMD - ok
14:41:56.0206 3304  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:41:56.0213 3304  HTTP - ok
14:41:56.0241 3304  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:41:56.0241 3304  hwpolicy - ok
14:41:56.0281 3304  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:41:56.0282 3304  i8042prt - ok
14:41:56.0309 3304  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:41:56.0316 3304  iaStorV - ok
14:41:56.0395 3304  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:41:56.0399 3304  IDriverT - ok
14:41:56.0449 3304  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:41:56.0483 3304  idsvc - ok
14:41:56.0536 3304  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:41:56.0538 3304  iirsp - ok
14:41:56.0580 3304  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
14:41:56.0603 3304  IKEEXT - ok
14:41:56.0622 3304  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
14:41:56.0623 3304  intelide - ok
14:41:56.0653 3304  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:41:56.0654 3304  intelppm - ok
14:41:56.0673 3304  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:41:56.0676 3304  IPBusEnum - ok
14:41:56.0692 3304  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:41:56.0694 3304  IpFilterDriver - ok
14:41:56.0720 3304  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:41:56.0741 3304  iphlpsvc - ok
14:41:56.0774 3304  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:41:56.0776 3304  IPMIDRV - ok
14:41:56.0788 3304  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:41:56.0791 3304  IPNAT - ok
14:41:56.0822 3304  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:41:56.0823 3304  IRENUM - ok
14:41:56.0841 3304  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
14:41:56.0842 3304  isapnp - ok
14:41:56.0877 3304  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:41:56.0881 3304  iScsiPrt - ok
14:41:56.0929 3304  [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
14:41:56.0930 3304  itecir - ok
14:41:56.0961 3304  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:41:56.0961 3304  kbdclass - ok
14:41:56.0997 3304  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:41:56.0998 3304  kbdhid - ok
14:41:57.0010 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
14:41:57.0011 3304  KeyIso - ok
14:41:57.0056 3304  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:41:57.0058 3304  KSecDD - ok
14:41:57.0074 3304  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:41:57.0076 3304  KSecPkg - ok
14:41:57.0095 3304  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:41:57.0096 3304  ksthunk - ok
14:41:57.0133 3304  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:41:57.0140 3304  KtmRm - ok
14:41:57.0193 3304  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:41:57.0196 3304  LanmanServer - ok
14:41:57.0225 3304  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:41:57.0229 3304  LanmanWorkstation - ok
14:41:57.0232 3304  Lavasoft Kernexplorer - ok
14:41:57.0280 3304  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:41:57.0281 3304  lltdio - ok
14:41:57.0312 3304  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:41:57.0323 3304  lltdsvc - ok
14:41:57.0333 3304  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:41:57.0335 3304  lmhosts - ok
14:41:57.0388 3304  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:41:57.0391 3304  LSI_FC - ok
14:41:57.0405 3304  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:41:57.0407 3304  LSI_SAS - ok
14:41:57.0434 3304  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:41:57.0436 3304  LSI_SAS2 - ok
14:41:57.0461 3304  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:41:57.0463 3304  LSI_SCSI - ok
14:41:57.0500 3304  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:41:57.0502 3304  luafv - ok
14:41:57.0558 3304  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
14:41:57.0560 3304  MarvinBus - ok
14:41:57.0589 3304  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:41:57.0592 3304  Mcx2Svc - ok
14:41:57.0612 3304  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:41:57.0614 3304  megasas - ok
14:41:57.0643 3304  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:41:57.0648 3304  MegaSR - ok
14:41:57.0737 3304  Microsoft SharePoint Workspace Audit Service - ok
14:41:57.0774 3304  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:41:57.0776 3304  MMCSS - ok
14:41:57.0791 3304  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:41:57.0792 3304  Modem - ok
14:41:57.0821 3304  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:41:57.0822 3304  monitor - ok
14:41:57.0854 3304  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:41:57.0855 3304  mouclass - ok
14:41:57.0896 3304  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:41:57.0897 3304  mouhid - ok
14:41:57.0911 3304  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:41:57.0912 3304  mountmgr - ok
14:41:57.0977 3304  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:41:57.0980 3304  MozillaMaintenance - ok
14:41:58.0052 3304  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:41:58.0055 3304  MpFilter - ok
14:41:58.0085 3304  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
14:41:58.0088 3304  mpio - ok
14:41:58.0105 3304  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:41:58.0107 3304  mpsdrv - ok
14:41:58.0155 3304  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:41:58.0178 3304  MpsSvc - ok
14:41:58.0196 3304  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:41:58.0199 3304  MRxDAV - ok
14:41:58.0241 3304  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:41:58.0243 3304  mrxsmb - ok
14:41:58.0291 3304  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:41:58.0294 3304  mrxsmb10 - ok
14:41:58.0305 3304  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:41:58.0306 3304  mrxsmb20 - ok
14:41:58.0323 3304  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
14:41:58.0324 3304  msahci - ok
14:41:58.0333 3304  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
14:41:58.0336 3304  msdsm - ok
14:41:58.0363 3304  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:41:58.0381 3304  MSDTC - ok
14:41:58.0427 3304  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:41:58.0428 3304  Msfs - ok
14:41:58.0439 3304  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:41:58.0440 3304  mshidkmdf - ok
14:41:58.0449 3304  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
14:41:58.0450 3304  msisadrv - ok
14:41:58.0494 3304  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:41:58.0509 3304  MSiSCSI - ok
14:41:58.0514 3304  msiserver - ok
14:41:58.0551 3304  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:41:58.0552 3304  MSKSSRV - ok
14:41:58.0651 3304  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:41:58.0652 3304  MsMpSvc - ok
14:41:58.0679 3304  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:41:58.0680 3304  MSPCLOCK - ok
14:41:58.0689 3304  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:41:58.0690 3304  MSPQM - ok
14:41:58.0713 3304  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:41:58.0719 3304  MsRPC - ok
14:41:58.0742 3304  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:41:58.0743 3304  mssmbios - ok
14:41:58.0824 3304  MSSQL$SQLEXPRESS - ok
14:41:58.0937 3304  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:41:58.0939 3304  MSSQLServerADHelper100 - ok
14:41:59.0002 3304  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:41:59.0019 3304  MSTEE - ok
14:41:59.0032 3304  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:41:59.0033 3304  MTConfig - ok
14:41:59.0079 3304  [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor        C:\Windows\system32\DRIVERS\ATK64AMD.sys
14:41:59.0080 3304  MTsensor - ok
14:41:59.0120 3304  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:41:59.0121 3304  Mup - ok
14:41:59.0153 3304  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
14:41:59.0174 3304  napagent - ok
14:41:59.0294 3304  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:41:59.0297 3304  NativeWifiP - ok
14:41:59.0340 3304  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:41:59.0362 3304  NDIS - ok
14:41:59.0383 3304  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:41:59.0385 3304  NdisCap - ok
14:41:59.0410 3304  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:41:59.0411 3304  NdisTapi - ok
14:41:59.0422 3304  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:41:59.0423 3304  Ndisuio - ok
14:41:59.0452 3304  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:41:59.0454 3304  NdisWan - ok
14:41:59.0482 3304  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:41:59.0484 3304  NDProxy - ok
14:41:59.0517 3304  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:41:59.0518 3304  NetBIOS - ok
14:41:59.0534 3304  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:41:59.0537 3304  NetBT - ok
14:41:59.0549 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
14:41:59.0550 3304  Netlogon - ok
14:41:59.0637 3304  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:41:59.0652 3304  Netman - ok
14:41:59.0685 3304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:41:59.0729 3304  NetMsmqActivator - ok
14:41:59.0736 3304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:41:59.0737 3304  NetPipeActivator - ok
14:41:59.0772 3304  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:41:59.0780 3304  netprofm - ok
14:41:59.0798 3304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:41:59.0800 3304  NetTcpActivator - ok
14:41:59.0807 3304  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:41:59.0808 3304  NetTcpPortSharing - ok
14:42:00.0690 3304  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
14:42:00.0910 3304  NETw5s64 - ok
14:42:01.0087 3304  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
14:42:01.0223 3304  netw5v64 - ok
14:42:01.0323 3304  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:01.0325 3304  nfrd960 - ok
14:42:01.0367 3304  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:42:01.0369 3304  NisDrv - ok
14:42:01.0415 3304  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:42:01.0421 3304  NisSrv - ok
14:42:01.0523 3304  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:42:01.0529 3304  NlaSvc - ok
14:42:01.0551 3304  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:42:01.0552 3304  Npfs - ok
14:42:01.0586 3304  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:42:01.0598 3304  nsi - ok
14:42:01.0609 3304  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:42:01.0610 3304  nsiproxy - ok
14:42:01.0695 3304  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:42:01.0741 3304  Ntfs - ok
14:42:01.0757 3304  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:42:01.0758 3304  Null - ok
14:42:01.0830 3304  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
14:42:01.0832 3304  NVHDA - ok
14:42:02.0180 3304  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:42:02.0267 3304  nvlddmkm - ok
14:42:02.0326 3304  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:42:02.0329 3304  nvraid - ok
14:42:02.0343 3304  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:42:02.0346 3304  nvstor - ok
14:42:02.0411 3304  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:42:02.0425 3304  nvsvc - ok
14:42:02.0505 3304  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:42:02.0539 3304  nvUpdatusService - ok
14:42:02.0559 3304  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
14:42:02.0562 3304  nv_agp - ok
14:42:02.0579 3304  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:42:02.0581 3304  ohci1394 - ok
14:42:02.0638 3304  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:42:02.0642 3304  ose64 - ok
14:42:02.0799 3304  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:42:02.0940 3304  osppsvc - ok
14:42:02.0993 3304  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:42:02.0998 3304  p2pimsvc - ok
14:42:03.0025 3304  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:42:03.0047 3304  p2psvc - ok
14:42:03.0068 3304  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:42:03.0071 3304  Parport - ok
14:42:03.0109 3304  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:42:03.0112 3304  partmgr - ok
14:42:03.0134 3304  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:42:03.0144 3304  PcaSvc - ok
14:42:03.0167 3304  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
14:42:03.0170 3304  pci - ok
14:42:03.0186 3304  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
14:42:03.0187 3304  pciide - ok
14:42:03.0210 3304  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:03.0214 3304  pcmcia - ok
14:42:03.0231 3304  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:42:03.0232 3304  pcw - ok
14:42:03.0262 3304  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:42:03.0285 3304  PEAUTH - ok
14:42:03.0341 3304  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:42:03.0391 3304  PeerDistSvc - ok
14:42:03.0481 3304  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:42:03.0504 3304  PerfHost - ok
14:42:03.0587 3304  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
14:42:03.0627 3304  pla - ok
14:42:03.0692 3304  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:42:03.0715 3304  PlugPlay - ok
14:42:03.0734 3304  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:42:03.0738 3304  PNRPAutoReg - ok
14:42:03.0758 3304  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:42:03.0762 3304  PNRPsvc - ok
14:42:03.0795 3304  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:42:03.0819 3304  PolicyAgent - ok
14:42:03.0860 3304  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:42:03.0867 3304  Power - ok
14:42:03.0914 3304  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:42:03.0916 3304  PptpMiniport - ok
14:42:03.0942 3304  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:42:03.0944 3304  Processor - ok
14:42:03.0989 3304  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
14:42:03.0996 3304  ProfSvc - ok
14:42:04.0017 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:42:04.0019 3304  ProtectedStorage - ok
14:42:04.0055 3304  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:42:04.0057 3304  Psched - ok
14:42:04.0131 3304  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:42:04.0188 3304  ql2300 - ok
14:42:04.0213 3304  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:42:04.0216 3304  ql40xx - ok
14:42:04.0246 3304  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:42:04.0252 3304  QWAVE - ok
14:42:04.0261 3304  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:42:04.0263 3304  QWAVEdrv - ok
14:42:04.0270 3304  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:42:04.0271 3304  RasAcd - ok
14:42:04.0310 3304  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:42:04.0312 3304  RasAgileVpn - ok
14:42:04.0337 3304  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:42:04.0341 3304  RasAuto - ok
14:42:04.0365 3304  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:42:04.0367 3304  Rasl2tp - ok
14:42:04.0387 3304  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
14:42:04.0398 3304  RasMan - ok
14:42:04.0415 3304  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:42:04.0417 3304  RasPppoe - ok
14:42:04.0456 3304  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:42:04.0458 3304  RasSstp - ok
14:42:04.0478 3304  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:42:04.0481 3304  rdbss - ok
14:42:04.0492 3304  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:42:04.0493 3304  rdpbus - ok
14:42:04.0506 3304  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:42:04.0507 3304  RDPCDD - ok
14:42:04.0538 3304  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:42:04.0541 3304  RDPDR - ok
14:42:04.0579 3304  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:42:04.0581 3304  RDPENCDD - ok
14:42:04.0605 3304  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:42:04.0606 3304  RDPREFMP - ok
14:42:04.0639 3304  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:42:04.0643 3304  RDPWD - ok
14:42:04.0679 3304  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:42:04.0682 3304  rdyboost - ok
14:42:04.0718 3304  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:42:04.0721 3304  RemoteAccess - ok
14:42:04.0741 3304  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:42:04.0746 3304  RemoteRegistry - ok
14:42:04.0790 3304  [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
14:42:04.0793 3304  rismxdp - ok
14:42:04.0833 3304  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:42:04.0836 3304  RpcEptMapper - ok
14:42:04.0865 3304  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:42:04.0867 3304  RpcLocator - ok
14:42:04.0917 3304  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
14:42:04.0928 3304  RpcSs - ok
14:42:04.0981 3304  [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
14:42:04.0987 3304  RsFx0103 - ok
14:42:05.0022 3304  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:42:05.0024 3304  rspndr - ok
14:42:05.0065 3304  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:42:05.0067 3304  RTL8167 - ok
14:42:05.0101 3304  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
14:42:05.0103 3304  s3cap - ok
14:42:05.0174 3304  [ BE1D7D7BA1DBFF394F7513A83CD55A9D ] SaiH0461        C:\Windows\system32\DRIVERS\SaiH0461.sys
14:42:05.0180 3304  SaiH0461 - ok
14:42:05.0203 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
14:42:05.0207 3304  SamSs - ok
14:42:05.0232 3304  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
14:42:05.0236 3304  sbp2port - ok
14:42:05.0303 3304  [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA    C:\Windows\system32\DRIVERS\emScan64.sys
14:42:05.0305 3304  ScanUSBEMPIA - ok
14:42:05.0340 3304  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:42:05.0345 3304  SCardSvr - ok
14:42:05.0355 3304  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:42:05.0357 3304  scfilter - ok
14:42:05.0411 3304  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
14:42:05.0446 3304  Schedule - ok
14:42:05.0473 3304  SCManager - ok
14:42:05.0504 3304  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:42:05.0505 3304  SCPolicySvc - ok
14:42:05.0553 3304  [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:42:05.0554 3304  sdbus - ok
14:42:05.0586 3304  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:42:05.0590 3304  SDRSVC - ok
14:42:05.0630 3304  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:42:05.0632 3304  secdrv - ok
14:42:05.0648 3304  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
14:42:05.0653 3304  seclogon - ok
14:42:05.0666 3304  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:42:05.0669 3304  SENS - ok
14:42:05.0692 3304  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:42:05.0694 3304  SensrSvc - ok
14:42:05.0709 3304  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:42:05.0712 3304  Serenum - ok
14:42:05.0728 3304  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:42:05.0732 3304  Serial - ok
14:42:05.0755 3304  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:42:05.0756 3304  sermouse - ok
14:42:05.0825 3304  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
14:42:05.0830 3304  SessionEnv - ok
14:42:05.0841 3304  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
14:42:05.0842 3304  sffdisk - ok
14:42:05.0848 3304  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:42:05.0850 3304  sffp_mmc - ok
14:42:05.0868 3304  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
14:42:05.0869 3304  sffp_sd - ok
14:42:05.0893 3304  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:42:05.0895 3304  sfloppy - ok
14:42:05.0947 3304  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:42:05.0954 3304  SharedAccess - ok
14:42:06.0001 3304  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:42:06.0027 3304  ShellHWDetection - ok
14:42:06.0069 3304  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:42:06.0071 3304  SiSRaid2 - ok
14:42:06.0095 3304  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:42:06.0097 3304  SiSRaid4 - ok
14:42:06.0128 3304  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:42:06.0130 3304  Smb - ok
14:42:06.0192 3304  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:42:06.0194 3304  SNMPTRAP - ok
14:42:06.0249 3304  [ 7455ED832A33FEF453407F5411C3342D ] speedfan        C:\Windows\syswow64\speedfan.sys
14:42:06.0278 3304  speedfan - ok
14:42:06.0312 3304  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:42:06.0313 3304  spldr - ok
14:42:06.0358 3304  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
14:42:06.0382 3304  Spooler - ok
14:42:06.0509 3304  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:42:06.0612 3304  sppsvc - ok
14:42:06.0634 3304  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:42:06.0637 3304  sppuinotify - ok
14:42:06.0706 3304  [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:42:06.0729 3304  SQLAgent$SQLEXPRESS - ok
14:42:06.0793 3304  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:42:06.0801 3304  SQLBrowser - ok
14:42:06.0876 3304  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:42:06.0880 3304  SQLWriter - ok
14:42:06.0940 3304  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:42:06.0950 3304  srv - ok
14:42:06.0977 3304  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:42:06.0982 3304  srv2 - ok
14:42:06.0998 3304  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:42:07.0001 3304  srvnet - ok
14:42:07.0044 3304  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:42:07.0048 3304  SSDPSRV - ok
14:42:07.0101 3304  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
14:42:07.0102 3304  SSPORT - ok
14:42:07.0119 3304  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:42:07.0125 3304  SstpSvc - ok
14:42:07.0204 3304  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:42:07.0227 3304  Stereo Service - ok
14:42:07.0265 3304  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:42:07.0268 3304  stexstor - ok
14:42:07.0327 3304  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
14:42:07.0349 3304  stisvc - ok
14:42:07.0403 3304  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
14:42:07.0405 3304  storflt - ok
14:42:07.0419 3304  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
14:42:07.0421 3304  storvsc - ok
14:42:07.0432 3304  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:42:07.0433 3304  swenum - ok
14:42:07.0462 3304  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:42:07.0485 3304  swprv - ok
14:42:07.0597 3304  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
14:42:07.0681 3304  SysMain - ok
14:42:07.0705 3304  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:42:07.0715 3304  TabletInputService - ok
14:42:07.0739 3304  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:42:07.0746 3304  TapiSrv - ok
14:42:07.0775 3304  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:42:07.0777 3304  TBS - ok
14:42:08.0022 3304  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:42:08.0099 3304  Tcpip - ok
14:42:08.0833 3304  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:42:08.0845 3304  TCPIP6 - ok
14:42:08.0894 3304  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:42:08.0931 3304  tcpipreg - ok
14:42:09.0039 3304  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:42:09.0056 3304  TDPIPE - ok
14:42:09.0166 3304  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:42:09.0202 3304  TDTCP - ok
14:42:09.0269 3304  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:42:09.0274 3304  tdx - ok
14:42:09.0302 3304  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:42:09.0303 3304  TermDD - ok
14:42:09.0340 3304  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
14:42:09.0360 3304  TermService - ok
14:42:09.0381 3304  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:42:09.0384 3304  Themes - ok
14:42:09.0416 3304  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:42:09.0417 3304  THREADORDER - ok
14:42:09.0471 3304  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:42:09.0476 3304  TrkWks - ok
14:42:09.0536 3304  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
14:42:09.0539 3304  truecrypt - ok
14:42:09.0632 3304  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:42:09.0646 3304  TrustedInstaller - ok
14:42:09.0672 3304  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:42:09.0674 3304  tssecsrv - ok
14:42:09.0728 3304  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:42:09.0730 3304  tunnel - ok
14:42:09.0768 3304  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:42:09.0772 3304  uagp35 - ok
14:42:09.0801 3304  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:42:09.0807 3304  udfs - ok
14:42:09.0843 3304  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:42:09.0845 3304  UI0Detect - ok
14:42:09.0863 3304  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
14:42:09.0865 3304  uliagpkx - ok
14:42:09.0900 3304  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:42:09.0902 3304  umbus - ok
14:42:09.0918 3304  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:42:09.0920 3304  UmPass - ok
14:42:09.0949 3304  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:42:09.0954 3304  UmRdpService - ok
14:42:10.0043 3304  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:42:10.0059 3304  upnphost - ok
14:42:10.0100 3304  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:42:10.0104 3304  usbccgp - ok
14:42:10.0159 3304  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
14:42:10.0163 3304  usbcir - ok
14:42:10.0205 3304  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:42:10.0207 3304  usbehci - ok
14:42:10.0269 3304  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:42:10.0277 3304  usbhub - ok
14:42:10.0313 3304  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:42:10.0315 3304  usbohci - ok
14:42:10.0362 3304  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:42:10.0378 3304  usbprint - ok
14:42:10.0420 3304  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:42:10.0422 3304  usbscan - ok
14:42:10.0443 3304  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:42:10.0446 3304  USBSTOR - ok
14:42:10.0472 3304  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:42:10.0474 3304  usbuhci - ok
14:42:10.0519 3304  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:42:10.0524 3304  usbvideo - ok
14:42:10.0554 3304  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:42:10.0577 3304  UxSms - ok
14:42:10.0602 3304  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
14:42:10.0605 3304  VaultSvc - ok
14:42:10.0660 3304  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
14:42:10.0662 3304  vdrvroot - ok
14:42:10.0751 3304  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
14:42:10.0787 3304  vds - ok
14:42:10.0811 3304  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:42:10.0814 3304  vga - ok
14:42:10.0835 3304  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:42:10.0837 3304  VgaSave - ok
14:42:10.0863 3304  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
14:42:10.0867 3304  vhdmp - ok
14:42:10.0878 3304  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
14:42:10.0880 3304  viaide - ok
14:42:10.0908 3304  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
14:42:10.0928 3304  vmbus - ok
14:42:10.0951 3304  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
14:42:10.0953 3304  VMBusHID - ok
14:42:10.0969 3304  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
14:42:10.0971 3304  volmgr - ok
14:42:10.0990 3304  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:42:10.0996 3304  volmgrx - ok
14:42:11.0036 3304  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:42:11.0040 3304  volsnap - ok
14:42:11.0080 3304  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:42:11.0083 3304  vsmraid - ok
14:42:11.0155 3304  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
14:42:11.0232 3304  VSS - ok
14:42:11.0253 3304  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:42:11.0254 3304  vwifibus - ok
14:42:11.0297 3304  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:42:11.0298 3304  vwififlt - ok
14:42:11.0337 3304  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:42:11.0360 3304  W32Time - ok
14:42:11.0383 3304  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:42:11.0384 3304  WacomPen - ok
14:42:11.0421 3304  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:42:11.0423 3304  WANARP - ok
14:42:11.0441 3304  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:42:11.0443 3304  Wanarpv6 - ok
14:42:11.0543 3304  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:42:11.0575 3304  WatAdminSvc - ok
14:42:11.0768 3304  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
14:42:11.0843 3304  wbengine - ok
14:42:11.0864 3304  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:42:11.0871 3304  WbioSrvc - ok
14:42:11.0910 3304  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:42:11.0917 3304  wcncsvc - ok
14:42:11.0952 3304  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:42:11.0955 3304  WcsPlugInService - ok
14:42:12.0000 3304  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:42:12.0003 3304  Wd - ok
14:42:12.0082 3304  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:42:12.0140 3304  Wdf01000 - ok
14:42:12.0158 3304  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:42:12.0162 3304  WdiServiceHost - ok
14:42:12.0168 3304  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:42:12.0171 3304  WdiSystemHost - ok
14:42:12.0211 3304  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
14:42:12.0218 3304  WebClient - ok
14:42:12.0241 3304  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:42:12.0248 3304  Wecsvc - ok
14:42:12.0261 3304  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:42:12.0265 3304  wercplsupport - ok
14:42:12.0291 3304  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:42:12.0295 3304  WerSvc - ok
14:42:12.0342 3304  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:42:12.0343 3304  WfpLwf - ok
14:42:12.0362 3304  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:42:12.0363 3304  WIMMount - ok
14:42:12.0377 3304  WinDefend - ok
14:42:12.0404 3304  WinHttpAutoProxySvc - ok
14:42:12.0555 3304  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:42:12.0574 3304  Winmgmt - ok
14:42:12.0672 3304  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:42:12.0764 3304  WinRM - ok
14:42:12.0842 3304  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:42:12.0844 3304  WinUsb - ok
14:42:12.0900 3304  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:42:12.0957 3304  Wlansvc - ok
14:42:12.0975 3304  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:42:12.0978 3304  WmiAcpi - ok
14:42:13.0022 3304  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:42:13.0026 3304  wmiApSrv - ok
14:42:13.0080 3304  WMPNetworkSvc - ok
14:42:13.0097 3304  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:42:13.0113 3304  WPCSvc - ok
14:42:13.0141 3304  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:42:13.0145 3304  WPDBusEnum - ok
14:42:13.0177 3304  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:42:13.0178 3304  ws2ifsl - ok
14:42:13.0203 3304  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:42:13.0206 3304  wscsvc - ok
14:42:13.0211 3304  WSearch - ok
14:42:13.0369 3304  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:42:13.0460 3304  wuauserv - ok
14:42:13.0500 3304  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:42:13.0503 3304  WudfPf - ok
14:42:13.0546 3304  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:42:13.0552 3304  WUDFRd - ok
14:42:13.0588 3304  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:42:13.0611 3304  wudfsvc - ok
14:42:13.0654 3304  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:42:13.0664 3304  WwanSvc - ok
14:42:13.0697 3304  ================ Scan global ===============================
14:42:13.0726 3304  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:42:13.0764 3304  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
14:42:13.0787 3304  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
14:42:13.0820 3304  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:42:13.0868 3304  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:42:13.0879 3304  [Global] - ok
14:42:13.0883 3304  ================ Scan MBR ==================================
14:42:13.0899 3304  [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0
14:42:13.0955 3304  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
14:42:13.0955 3304  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
14:42:13.0956 3304  ================ Scan VBR ==================================
14:42:13.0976 3304  [ A8C978CEC3796E179948B5395AB6C883 ] \Device\Harddisk0\DR0\Partition1
14:42:13.0978 3304  \Device\Harddisk0\DR0\Partition1 - ok
14:42:13.0996 3304  [ 534A9426B15F23F00835F59FBBE7B32B ] \Device\Harddisk0\DR0\Partition2
14:42:14.0009 3304  \Device\Harddisk0\DR0\Partition2 - ok
14:42:14.0010 3304  ============================================================
14:42:14.0010 3304  Scan finished
14:42:14.0010 3304  ============================================================
14:42:14.0079 4088  Detected object count: 2
14:42:14.0079 4088  Actual detected object count: 2
14:42:51.0801 4088  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
14:42:51.0802 4088  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
14:42:53.0096 4088  \Device\Harddisk0\DR0\# - copied to quarantine
14:42:53.0401 4088  \Device\Harddisk0\DR0 - copied to quarantine
14:42:55.0121 4088  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
14:42:55.0124 4088  \Device\Harddisk0\DR0 - ok
14:42:55.0130 4088  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
14:43:03.0484 3576  Deinitialize success
 



#9 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 15 March 2013 - 05:49 AM

Hi  :)

 

The computer seems to be doing much better as I am not hearing ads and the computer is not freezing...

GREAT!!!   :thumbsup:

 

Let's take care of some other issues:

 

Please download AdwCleaner by Xplode onto your desktop.

 

 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

Also, let me know how things are running after the scan.


Edited by oneof4, 15 March 2013 - 05:50 AM.

Best Regards,
oneof4.


#10 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 15 March 2013 - 03:14 PM

Hello,

 

I ran adwCleaner and the log is pasted below. My computer is still running much better, it has not crashed since I ran TDSSKiller yesterday and the boot time is back to normal.

 

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 10:13:08
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Drew - DREW-PC
# Boot Mode : Normal
# Running from : C:\Users\Drew\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Drew\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Drew\AppData\LocalLow\Codecv

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKU\S-1-5-21-3908779728-1213952583-4091270658-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hwhyuhre.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.4f96c26a3114e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "a457c4c800000000000000215d0e8146");
Found : user_pref("extensions.BabylonToolbar_i.id", "a457c4c800000000000000215d0e8146");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15455");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112477&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:39:42");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112477&babsrc=KW_ss&mntrId=a457c4c8000000[...]

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mxb1movp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1847] : homepage = "hxxp://search.babylon.com/?affID=112477&babsrc=HP_ss&mntrId=a457c4c800000000000000215d0e8146",
Found [l.2192] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112477&babsrc=HP_ss&mntrId=a457c4c800000000000000215d0e8146" ]

*************************

AdwCleaner[R1].txt - [3822 octets] - [15/03/2013 10:13:08]

########## EOF - C:\AdwCleaner[R1].txt - [3882 octets] ##########
 



#11 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 15 March 2013 - 10:07 PM

Hi dg281  :)

 

Let's now get rid of what AdwCleaner found:


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========

 

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel,
    double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u17-windows-i586.exe (or jre-7u17-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus
    tool is installed by default unless you uncheck the McAfee installation box when updating Java.
  • -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.

 

==========

 

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware. 

You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here.

 

==========

 

Reply back after performing the AdwCleaner delete process, and also the updates, to let me know how it went.


Best Regards,
oneof4.


#12 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 17 March 2013 - 11:12 PM

I ran AdwCleaner and updated windows and java. My computer is still running well except for when I try to put it into sleep mode which sometimes causes it to crash. I get the following information when the computer reboots:

 

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7600.2.0.0.256.1
  Locale ID:    1033

Additional information about the problem:
  BCCode:    9f
  BCP1:    0000000000000003
  BCP2:    FFFFFA8003CB9A20
  BCP3:    FFFFF80000B9C518
  BCP4:    FFFFFA8003FFC380
  OS Version:    6_1_7600
  Service Pack:    0_0
  Product:    256_1

 

 

adwCleaner log:

 

# AdwCleaner v2.115 - Logfile created 03/17/2013 at 19:30:04
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : Drew - DREW-PC
# Boot Mode : Normal
# Running from : C:\Users\Drew\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Drew\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Drew\AppData\LocalLow\Codecv

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hwhyuhre.default\prefs.js

C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\hwhyuhre.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.4f96c26a3114e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "a457c4c800000000000000215d0e8146");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "a457c4c800000000000000215d0e8146");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15455");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112477&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:39:42");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112477&babsrc=KW_ss&mntrId=a457c4c8000000[...]

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mxb1movp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1847] : homepage = "hxxp://search.babylon.com/?affID=112477&babsrc=HP_ss&mntrId=a457c4c80000000000000021[...]
Deleted [l.2192] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112477&babsrc=HP_ss&mntrId=a[...]

*************************

AdwCleaner[R1].txt - [3947 octets] - [15/03/2013 10:13:08]
AdwCleaner[S1].txt - [3866 octets] - [17/03/2013 19:30:04]

########## EOF - C:\AdwCleaner[S1].txt - [3926 octets] ##########
 

 

 



#13 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 19 March 2013 - 05:56 AM

Hi dg281
 
Let's try performing a "HotFix" and see if your BSOD goes away:
 
Please click the following link to Microsoft's HotFix for your situation: http://support.microsoft.com/kb/977186
 
  • Click the GREEN box titled "Hotfix Download Available"
  • Check the Select box in step 1
  • Enter your email address, and verify that you're a real person by entering the characters into the box in step 2.
  • Click "Request hotfix"
 
MS will email you a link to the actual Hotfix. Follow the instructions for installing it, and reply back to let me know if it cured the BSOD, after going into sleep or hibernation.

Best Regards,
oneof4.


#14 dg281

dg281
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 21 March 2013 - 09:29 PM

Hey oneof4,

 

Sorry it took me so long to reply. I decided that I am going to hold off on doing the hotfix because updrading windows 7 to sp1 seems to have fixed the problem. Let me know what else you need me to do.



#15 oneof4

oneof4

  • Malware Response Team
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:27 AM

Posted 23 March 2013 - 08:31 AM

Hello  :)

 

Quote

windows 7 to sp1 seems to have fixed the problem

Good deal!   :clapping:

 

Let's check for leftovers:

 

Open Malwarebytes Antimalware, update it, then run a Quick Scan. Post the results log in your next reply.

 

Next,

 

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Quote

    Quote

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users