Google redirect, Programs like malware bytes removed and unable to run any antivirus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Google redirect, Programs like malware bytes removed and unable to run any antivirus

#1 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 29 November 2011 - 08:01 PM

I m always getting redirected from websites, some programs were deleted without any trace like malware bytes, and the format of widows 7 is changed whenever I dont start the computer in safe mode. If I try to run malware bytes when I'm not in safe mode the computer shuts off. Please help me!

GMER log.log (4.1K)
Number of downloads: 1

DDS.txt (22.4K)
Number of downloads: 4

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 03 December 2011 - 09:45 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 04 December 2011 - 08:36 AM

Thank you so much for replying! I used SUPER Antispyware to remove AV Protection 2011 a few days ago, but my windows firewall,defender and security essentials will not start up.
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rishav Bose at 8:32:46 on 2011-12-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2731 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = g.msn.com/USCON/1
mDefault_Page_URL = g.msn.com/USCON/1
mStart Page = g.msn.com/USCON/1
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Spotify] "C:\Users\Rishav Bose\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [hpOQBlGcuNj.exe] C:\ProgramData\hpOQBlGcuNj.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Orbit.lnk - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{16DADF6B-C514-46B7-B609-027934119FB7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{16DADF6B-C514-46B7-B609-027934119FB7}\2414C4F657E6765675966496 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{16DADF6B-C514-46B7-B609-027934119FB7}\6575649573 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{16DADF6B-C514-46B7-B609-027934119FB7}\74E23556E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A071FE8-EDC2-4B9D-991D-A31B2DC59BD9} : DhcpNameServer = 13.35.0.1 13.35.0.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [hpOQBlGcuNj.exe] C:\ProgramData\hpOQBlGcuNj.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rishav Bose\AppData\Roaming\Mozilla\Firefox\Profiles\8ioio6md.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rishav Bose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-20 98208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-1-14 1294848]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-20 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2533400]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-04 13:30:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEF01FA1-B1D5-4ADB-9435-3DC16031CF5A}\offreg.dll
2011-12-04 07:07:15 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{362C2FAC-A010-45CF-9970-F973A9AF06DA}\gapaengine.dll
2011-12-04 07:07:06 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEF01FA1-B1D5-4ADB-9435-3DC16031CF5A}\mpengine.dll
2011-12-04 07:05:48 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-04 07:05:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-04 00:32:02 -------- d-----w- C:\ProgramData\!SASCORE
2011-12-04 00:31:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-04 00:29:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-01 19:41:25 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-11-28 22:11:27 -------- dc----w- C:\FRST
2011-11-27 18:48:48 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-11-27 18:48:07 -------- d-----w- C:\ProgramData\Hitman Pro
2011-11-27 15:36:58 -------- d-----we C:\Windows\system64
2011-11-27 13:23:01 200008 ----a-w- C:\ProgramData\SPL258B.tmp
2011-11-26 21:00:23 200008 ----a-w- C:\ProgramData\SPLCE73.tmp
2011-11-23 17:18:04 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\gSS22obF3pmG5Q
2011-11-23 17:18:03 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\qeellIBBrzPyx1u
2011-11-23 17:17:57 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\zammHH5sWJ7dL
2011-11-23 17:17:53 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\EyyccA11iv2on
2011-11-23 17:17:52 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\iL88ggRZqhYXkUe
2011-11-23 17:17:46 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\HuuucSS2ibDpn4a
2011-11-23 17:17:42 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\E999gTTZqjYCkIr
2011-11-21 20:18:46 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\wsQQJJ7dEK8gZ9Y
2011-11-21 20:18:46 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\SAA11ivDDonF4m5
2011-11-21 20:18:40 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\s00uucS1ibD
2011-11-21 20:18:40 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\p777fEEL9gTZ
2011-11-21 20:18:40 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\ACCCwwkUVrlOtx0
2011-11-21 20:18:34 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\UYYYCeekIVrzNtA
2011-11-21 20:18:32 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\wttzzPNycA
2011-11-20 16:04:16 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\Q111ivvD3onFam5
2011-11-20 16:04:16 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\HWWWJ77dEL8
2011-11-20 16:04:10 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\wCCeekIIVrzNt
2011-11-20 16:04:06 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\dPP00uccS1iD
2011-11-20 16:04:05 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\vLLL9ggTZqjYwkV
2011-11-20 16:03:59 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\w22iibFF3p
2011-11-20 16:03:55 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\pibbDD3pnG4aH6W
2011-11-19 23:11:16 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\e777fEEL8gTqhY
2011-11-19 23:11:16 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\bibbDD3onG4aH6W
2011-11-19 23:11:10 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\uTXXqqjUCekI
2011-11-19 23:11:09 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\w11uuvDD2oF4pG5
2011-11-19 23:11:09 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\JK88ffRZ9hTX
2011-11-19 23:11:02 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\sYYYCwwkUVr
2011-11-19 23:11:02 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\hIIVVrlOONxP0c1
2011-11-18 23:06:20 -------- d-----w- C:\Program Files (x86)\799A8
2011-11-18 23:06:12 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\z3ooonF4amH5sJd
2011-11-18 23:06:09 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\BYYYXwwjUVelt
2011-11-18 23:06:05 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\rdEEEK8fRZ9hTwU
2011-11-18 23:06:05 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\CSSS2oobF3pm5aJ
2011-11-18 23:06:05 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\B4B79
2011-11-18 23:06:05 -------- d-----w- C:\Program Files (x86)\LP
2011-11-18 23:06:01 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\L00uuvSS2iF3pG5
2011-11-18 23:05:58 -------- d-----w- C:\Users\Rishav Bose\AppData\Roaming\q777dEEL8
2011-11-18 20:42:36 -------- d-----w- C:\Users\Rishav Bose\AppData\Local\{FF52CD08-32C1-455A-8B57-F8EE2DC13D61}
2011-11-18 20:42:36 -------- d-----w- C:\Users\Rishav Bose\AppData\Local\{DDF6AD35-BD18-4ACC-A5E5-D8AEB3F4E94B}
2011-11-15 00:06:25 -------- d-----w- C:\Program Files\iTunes
2011-11-15 00:06:25 -------- d-----w- C:\Program Files\iPod
2011-11-14 20:34:06 -------- d-----w- C:\Program Files (x86)\RSDownloader 2.3
2011-11-14 20:32:07 -------- d-sh--w- C:\Users\Rishav Bose\AppData\Local\7f725c16
2011-11-14 19:46:09 -------- d-----w- C:\Users\Rishav Bose\AppData\Local\Ilivid Player
2011-11-11 16:47:17 -------- d-----w- C:\Users\Rishav Bose\jagexcache
2011-11-09 21:21:05 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:21:05 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:21:02 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:21:01 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-06 18:31:50 -------- d-----w- C:\Program Files (x86)\Lexmark 3300 Series
2011-11-06 18:23:23 -------- d-----w- C:\Program Files (x86)\Lexmark_3300 Series
.
==================== Find3M ====================
.
2011-11-26 22:38:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 8:34:13.90 ===============

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 04 December 2011 - 12:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#5 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 05 December 2011 - 04:09 PM

ComboFix log:
ComboFix 11-12-05.02 - Rishav Bose 12/05/2011 14:42:32.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2242 [GMT -5:00]
Running from: c:\users\Rishav Bose\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\977B\1099.tmp
c:\program files (x86)\LP\977B\19AD.tmp
c:\program files (x86)\LP\977B\22ED.tmp
c:\program files (x86)\LP\977B\24C7.tmp
c:\program files (x86)\LP\977B\43F8.tmp
c:\program files (x86)\LP\977B\54BA.tmp
c:\program files (x86)\LP\977B\6603.tmp
c:\program files (x86)\LP\977B\8FE2.tmp
c:\program files (x86)\LP\977B\9C56.tmp
c:\program files (x86)\LP\977B\A095.tmp
c:\program files (x86)\LP\977B\BFB7.tmp
c:\program files (x86)\LP\977B\CC1.tmp
c:\program files (x86)\LP\977B\CC5C.tmp
c:\program files (x86)\LP\977B\DEE8.tmp
c:\program files (x86)\LP\977B\F26D.tmp
c:\programdata\PCDr\5907\Downloads\6d278070-bed8-4e41-ae7b-4a6338a2173c.dll
c:\programdata\SPL258B.tmp
c:\programdata\SPLCE73.tmp
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 19:49 . 2011-12-05 19:49 -------- d-----w- c:\users\Suparna\AppData\Local\temp
2011-12-05 19:49 . 2011-12-05 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-04 07:07 . 2011-12-04 07:07 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{362C2FAC-A010-45CF-9970-F973A9AF06DA}\gapaengine.dll
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-04 00:32 . 2011-12-04 00:32 -------- d-----w- c:\programdata\!SASCORE
2011-12-04 00:31 . 2011-12-04 00:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 00:29 . 2011-12-04 00:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-01 19:41 . 2011-12-04 01:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 22:11 . 2011-11-28 22:11 -------- dc----w- C:\FRST
2011-11-27 18:48 . 2011-12-01 19:28 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-27 18:48 . 2011-12-04 01:19 -------- d-----w- c:\programdata\Hitman Pro
2011-11-27 15:36 . 2011-11-27 15:36 -------- d-----we c:\windows\system64
2011-11-26 22:38 . 2011-12-04 01:19 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 17:18 . 2011-11-23 17:39 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\gSS22obF3pmG5Q
2011-11-23 17:18 . 2011-11-23 17:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\qeellIBBrzPyx1u
2011-11-23 17:17 . 2011-11-23 17:17 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\zammHH5sWJ7dL
2011-11-23 17:17 . 2011-11-23 17:39 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\EyyccA11iv2on
2011-11-23 17:17 . 2011-11-23 17:17 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\iL88ggRZqhYXkUe
2011-11-23 17:17 . 2011-11-23 17:17 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\HuuucSS2ibDpn4a
2011-11-23 17:17 . 2011-11-23 17:17 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\E999gTTZqjYCkIr
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\wsQQJJ7dEK8gZ9Y
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\SAA11ivDDonF4m5
2011-11-21 20:18 . 2011-11-21 20:40 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\s00uucS1ibD
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\p777fEEL9gTZ
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\ACCCwwkUVrlOtx0
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\UYYYCeekIVrzNtA
2011-11-21 20:18 . 2011-11-21 20:18 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\wttzzPNycA
2011-11-20 16:04 . 2011-11-20 16:04 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\Q111ivvD3onFam5
2011-11-20 16:04 . 2011-11-20 16:04 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\HWWWJ77dEL8
2011-11-20 16:04 . 2011-11-20 16:04 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\wCCeekIIVrzNt
2011-11-20 16:04 . 2011-11-20 16:20 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\dPP00uccS1iD
2011-11-20 16:04 . 2011-11-20 16:04 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\vLLL9ggTZqjYwkV
2011-11-20 16:03 . 2011-11-20 16:03 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\w22iibFF3p
2011-11-20 16:03 . 2011-11-20 16:03 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\pibbDD3pnG4aH6W
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\e777fEEL8gTqhY
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\bibbDD3onG4aH6W
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\uTXXqqjUCekI
2011-11-19 23:11 . 2011-11-19 23:23 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\JK88ffRZ9hTX
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\w11uuvDD2oF4pG5
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\sYYYCwwkUVr
2011-11-19 23:11 . 2011-11-19 23:11 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\hIIVVrlOONxP0c1
2011-11-18 23:06 . 2011-11-23 22:00 -------- d-----w- c:\program files (x86)\799A8
2011-11-18 23:06 . 2011-11-18 23:06 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\z3ooonF4amH5sJd
2011-11-18 23:06 . 2011-11-18 23:06 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\BYYYXwwjUVelt
2011-11-18 23:06 . 2011-11-23 22:00 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\B4B79
2011-11-18 23:06 . 2011-11-18 23:39 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\CSSS2oobF3pm5aJ
2011-11-18 23:06 . 2011-11-18 23:06 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\rdEEEK8fRZ9hTwU
2011-11-18 23:06 . 2011-11-18 23:06 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\L00uuvSS2iF3pG5
2011-11-18 23:05 . 2011-11-18 23:05 -------- d-----w- c:\users\Rishav Bose\AppData\Roaming\q777dEEL8
2011-11-15 00:06 . 2011-11-15 00:07 -------- d-----w- c:\program files\iTunes
2011-11-15 00:06 . 2011-11-15 00:06 -------- d-----w- c:\program files\iPod
2011-11-14 20:34 . 2011-12-04 01:19 -------- d-----w- c:\program files (x86)\RSDownloader 2.3
2011-11-14 20:32 . 2011-11-14 20:32 -------- d-sh--w- c:\users\Rishav Bose\AppData\Local\7f725c16
2011-11-14 19:46 . 2011-11-14 19:46 -------- d-----w- c:\users\Rishav Bose\AppData\Local\Ilivid Player
2011-11-11 16:47 . 2011-11-11 16:47 -------- d-----w- c:\users\Rishav Bose\jagexcache
2011-11-09 21:21 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:21 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:21 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:21 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 19:40 . 2011-11-08 19:40 -------- d-----w- c:\users\Suparna\AppData\Roaming\SUPERAntiSpyware.com
2011-11-06 18:31 . 2011-11-06 18:31 -------- d-----w- c:\program files (x86)\Lexmark 3300 Series
2011-11-06 18:23 . 2011-11-06 18:23 -------- d-----w- c:\program files (x86)\Lexmark_3300 Series
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 22:38 . 2011-06-07 18:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-04 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-04 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"lxcjmon.exe"="c:\program files (x86)\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 205744]
"EzPrint"="c:\program files (x86)\Lexmark 8300 Series\ezprint.exe" [2007-01-30 103344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rishav Bose\AppData\Roaming\Mozilla\Firefox\Profiles\8ioio6md.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Spotify - c:\users\Rishav Bose\AppData\Roaming\Spotify\Spotify.exe
Wow6432Node-HKLM-Run-hpOQBlGcuNj.exe - c:\programdata\hpOQBlGcuNj.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-05 14:53:49
ComboFix-quarantined-files.txt 2011-12-05 19:53
.
Pre-Run: 360,948,154,368 bytes free
Post-Run: 360,719,794,176 bytes free
.
- - End Of File - - 2ACE1117504802541F4D31703EA0827B

The redirect virus is gone.
Problems:
Windows Firewall and security service do not work
When i try to turn the firewall on it says "Windows Firewall can't change some of your settings. Error code 0x80070424"
Whenever I choose to have my computer show me any notifications (like if a program is trying to access my hard drive)internet explorer and Firefox cannot be found and none of my background wallpapers show up. It is not a problem if the computer is set at never notify, but that may not be safe for the computer.
Whenever I start Firefox it asks me if I want it to be my default browser, when it is.

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 December 2011 - 02:07 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\users\Rishav Bose\AppData\Roaming\gSS22obF3pmG5Q
c:\users\Rishav Bose\AppData\Roaming\qeellIBBrzPyx1u
c:\users\Rishav Bose\AppData\Roaming\zammHH5sWJ7dL
c:\users\Rishav Bose\AppData\Roaming\EyyccA11iv2on
c:\users\Rishav Bose\AppData\Roaming\iL88ggRZqhYXkUe
c:\users\Rishav Bose\AppData\Roaming\HuuucSS2ibDpn4a
c:\users\Rishav Bose\AppData\Roaming\E999gTTZqjYCkIr
c:\users\Rishav Bose\AppData\Roaming\wsQQJJ7dEK8gZ9Y
c:\users\Rishav Bose\AppData\Roaming\SAA11ivDDonF4m5
c:\users\Rishav Bose\AppData\Roaming\s00uucS1ibD
c:\users\Rishav Bose\AppData\Roaming\p777fEEL9gTZ
c:\users\Rishav Bose\AppData\Roaming\ACCCwwkUVrlOtx0
c:\users\Rishav Bose\AppData\Roaming\UYYYCeekIVrzNtA
c:\users\Rishav Bose\AppData\Roaming\wttzzPNycA
c:\users\Rishav Bose\AppData\Roaming\Q111ivvD3onFam5
c:\users\Rishav Bose\AppData\Roaming\HWWWJ77dEL8
c:\users\Rishav Bose\AppData\Roaming\wCCeekIIVrzNt
c:\users\Rishav Bose\AppData\Roaming\dPP00uccS1iD
c:\users\Rishav Bose\AppData\Roaming\vLLL9ggTZqjYwkV
c:\users\Rishav Bose\AppData\Roaming\w22iibFF3p
c:\users\Rishav Bose\AppData\Roaming\pibbDD3pnG4aH6W
c:\users\Rishav Bose\AppData\Roaming\e777fEEL8gTqhY
c:\users\Rishav Bose\AppData\Roaming\bibbDD3onG4aH6W
c:\users\Rishav Bose\AppData\Roaming\uTXXqqjUCekI
c:\users\Rishav Bose\AppData\Roaming\JK88ffRZ9hTX
c:\users\Rishav Bose\AppData\Roaming\w11uuvDD2oF4pG5
c:\users\Rishav Bose\AppData\Roaming\sYYYCwwkUVr
c:\users\Rishav Bose\AppData\Roaming\hIIVVrlOONxP0c1
c:\program files (x86)\799A8
c:\users\Rishav Bose\AppData\Roaming\z3ooonF4amH5sJd
c:\users\Rishav Bose\AppData\Roaming\BYYYXwwjUVelt
c:\users\Rishav Bose\AppData\Roaming\B4B79
c:\users\Rishav Bose\AppData\Roaming\CSSS2oobF3pm5aJ
c:\users\Rishav Bose\AppData\Roaming\rdEEEK8fRZ9hTwU
c:\users\Rishav Bose\AppData\Roaming\L00uuvSS2iF3pG5
c:\users\Rishav Bose\AppData\Roaming\q777dEEL8
c:\users\Rishav Bose\AppData\Local\7f725c16
c:\users\Rishav Bose\AppData\Local\Ilivid Player
c:\users\Rishav Bose\jagexcache

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#7 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 06 December 2011 - 04:39 PM

ComboFix 11-12-05.02 - Rishav Bose 12/06/2011 14:44:34.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2442 [GMT -5:00]
Running from: c:\users\Rishav Bose\Downloads\ComboFix.exe
Command switches used :: c:\users\Rishav Bose\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\799A8
c:\users\Rishav Bose\AppData\Local\7f725c16
c:\users\Rishav Bose\AppData\Local\7f725c16\@
c:\users\Rishav Bose\AppData\Local\Ilivid Player
c:\users\Rishav Bose\AppData\Local\Ilivid Player\script.qscript
c:\users\Rishav Bose\AppData\Roaming\ACCCwwkUVrlOtx0
c:\users\Rishav Bose\AppData\Roaming\B4B79
c:\users\Rishav Bose\AppData\Roaming\B4B79\99A8.4B7
c:\users\Rishav Bose\AppData\Roaming\bibbDD3onG4aH6W
c:\users\Rishav Bose\AppData\Roaming\BYYYXwwjUVelt
c:\users\Rishav Bose\AppData\Roaming\CSSS2oobF3pm5aJ
c:\users\Rishav Bose\AppData\Roaming\dPP00uccS1iD
c:\users\Rishav Bose\AppData\Roaming\e777fEEL8gTqhY
c:\users\Rishav Bose\AppData\Roaming\e777fEEL8gTqhY\AV Protection 2011.ico
c:\users\Rishav Bose\AppData\Roaming\E999gTTZqjYCkIr
c:\users\Rishav Bose\AppData\Roaming\EyyccA11iv2on
c:\users\Rishav Bose\AppData\Roaming\gSS22obF3pmG5Q
c:\users\Rishav Bose\AppData\Roaming\hIIVVrlOONxP0c1
c:\users\Rishav Bose\AppData\Roaming\HuuucSS2ibDpn4a
c:\users\Rishav Bose\AppData\Roaming\HWWWJ77dEL8
c:\users\Rishav Bose\AppData\Roaming\HWWWJ77dEL8\AV Protection 2011.ico
c:\users\Rishav Bose\AppData\Roaming\iL88ggRZqhYXkUe
c:\users\Rishav Bose\AppData\Roaming\JK88ffRZ9hTX
c:\users\Rishav Bose\AppData\Roaming\L00uuvSS2iF3pG5
c:\users\Rishav Bose\AppData\Roaming\p777fEEL9gTZ
c:\users\Rishav Bose\AppData\Roaming\pibbDD3pnG4aH6W
c:\users\Rishav Bose\AppData\Roaming\Q111ivvD3onFam5
c:\users\Rishav Bose\AppData\Roaming\q777dEEL8
c:\users\Rishav Bose\AppData\Roaming\qeellIBBrzPyx1u
c:\users\Rishav Bose\AppData\Roaming\rdEEEK8fRZ9hTwU
c:\users\Rishav Bose\AppData\Roaming\s00uucS1ibD
c:\users\Rishav Bose\AppData\Roaming\SAA11ivDDonF4m5
c:\users\Rishav Bose\AppData\Roaming\sYYYCwwkUVr
c:\users\Rishav Bose\AppData\Roaming\uTXXqqjUCekI
c:\users\Rishav Bose\AppData\Roaming\UYYYCeekIVrzNtA
c:\users\Rishav Bose\AppData\Roaming\vLLL9ggTZqjYwkV
c:\users\Rishav Bose\AppData\Roaming\w11uuvDD2oF4pG5
c:\users\Rishav Bose\AppData\Roaming\w22iibFF3p
c:\users\Rishav Bose\AppData\Roaming\wCCeekIIVrzNt
c:\users\Rishav Bose\AppData\Roaming\wsQQJJ7dEK8gZ9Y
c:\users\Rishav Bose\AppData\Roaming\wsQQJJ7dEK8gZ9Y\AV Protection 2011.ico
c:\users\Rishav Bose\AppData\Roaming\wttzzPNycA
c:\users\Rishav Bose\AppData\Roaming\z3ooonF4amH5sJd
c:\users\Rishav Bose\AppData\Roaming\zammHH5sWJ7dL
c:\users\Rishav Bose\jagexcache
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\awt.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\fontmanager.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\freetype6.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\hpi.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jagexappletviewer.jar
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\JagexLauncher.exe
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\java.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jawt.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jpeg.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jsound.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jsoundds.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\jvm.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\Microsoft.VC90.CRT.manifest
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\msvcm90.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\msvcp90.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\msvcr90.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\net.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\nio.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\unpack.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\verify.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\zip.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\bin\zlib1.dll
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\calendars.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\classlist
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\content-types.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\currency.data
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\flavormap.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\fontconfig.bfc
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\fontconfig.properties.src
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\jsse.jar
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\jsse.pack.gz
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\jvm.hprof.txt
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\logging.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\meta-index
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\net.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\psfont.properties.ja
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\psfontj2d.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\resources.jar
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\resources.pack.gz
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\rt.jar
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\rt.pack.gz
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\sound.properties
c:\users\Rishav Bose\jagexcache\jagexlauncher\lib\tzmappings
c:\users\Rishav Bose\jagexcache\jagexlauncher\LICENSE.txt
c:\users\Rishav Bose\jagexcache\jagexlauncher\runescape\jagexappletviewer.png
c:\users\Rishav Bose\jagexcache\jagexlauncher\runescape\runescape.prm
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 20:04 . 2011-12-06 20:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A348D4E-78B1-4E6A-B099-EC1DD2245CDA}\offreg.dll
2011-12-06 20:04 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A348D4E-78B1-4E6A-B099-EC1DD2245CDA}\mpengine.dll
2011-12-06 19:52 . 2011-12-06 19:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-06 19:52 . 2011-12-06 19:52 -------- d-----w- c:\users\Suparna\AppData\Local\temp
2011-12-06 19:52 . 2011-12-06 19:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-06 19:52 . 2011-12-06 19:52 -------- d-----w- c:\users\Mcx1-RISHAVBOSELT\AppData\Local\temp
2011-12-06 19:52 . 2011-12-06 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 19:32 . 2011-12-06 19:32 -------- d-----w- c:\users\Rishav Bose\AppData\Local\ElevatedDiagnostics
2011-12-05 19:38 . 2011-11-21 08:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-04 07:07 . 2011-12-04 07:07 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{362C2FAC-A010-45CF-9970-F973A9AF06DA}\gapaengine.dll
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-04 00:32 . 2011-12-04 00:32 -------- d-----w- c:\programdata\!SASCORE
2011-12-04 00:31 . 2011-12-04 00:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-04 00:29 . 2011-12-04 00:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-01 19:41 . 2011-12-04 01:19 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 22:11 . 2011-11-28 22:11 -------- dc----w- C:\FRST
2011-11-27 18:48 . 2011-12-01 19:28 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-27 18:48 . 2011-12-04 01:19 -------- d-----w- c:\programdata\Hitman Pro
2011-11-27 15:36 . 2011-11-27 15:36 -------- d-----we c:\windows\system64
2011-11-26 22:38 . 2011-12-04 01:19 -------- d-----w- c:\windows\system32\Macromed
2011-11-15 00:06 . 2011-11-15 00:07 -------- d-----w- c:\program files\iTunes
2011-11-15 00:06 . 2011-11-15 00:06 -------- d-----w- c:\program files\iPod
2011-11-14 20:34 . 2011-12-04 01:19 -------- d-----w- c:\program files (x86)\RSDownloader 2.3
2011-11-09 21:21 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:21 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:21 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:21 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 19:40 . 2011-11-08 19:40 -------- d-----w- c:\users\Suparna\AppData\Roaming\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 01:37 . 2011-06-07 18:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-05_19.49.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-06 19:53 . 2011-12-06 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-05 19:27 . 2011-12-05 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-05 19:27 . 2011-12-05 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-06 19:53 . 2011-12-06 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-06 01:37 . 2011-12-06 01:37 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-06 01:37 . 2011-12-06 01:37 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2009-07-14 04:54 . 2011-12-06 19:53 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-05 19:27 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-12 23:30 . 2011-11-06 12:41 354124 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-03-12 23:30 . 2011-12-06 21:34 354124 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-05 19:32 629444 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-06 19:31 629444 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2011-12-05 19:32 108628 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-06 19:31 108628 c:\windows\system64\perfc009.dat
- 2011-03-12 23:30 . 2011-11-06 12:41 354124 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-03-12 23:30 . 2011-12-06 21:34 354124 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-05 19:32 629444 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-06 19:31 629444 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-06 19:31 108628 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-05 19:32 108628 c:\windows\system32\perfc009.dat
+ 2011-03-14 22:13 . 2011-12-05 21:10 229104 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-12-05 03:04 390584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-06 19:52 390584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2011-12-05 19:27 8060928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-06 19:53 8060928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-05 19:27 11993088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-06 19:53 11993088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-24 23:40 . 2011-12-06 19:52 54292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2223356980-1664756779-6295444-1000-12288.dat
- 2011-03-24 23:40 . 2011-12-04 07:22 54292324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2223356980-1664756779-6295444-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-04 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-04 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-01-14 1294848]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"LXCJCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCJtime.dll" [2006-11-21 31744]
"lxcjmon.exe"="c:\program files (x86)\Lexmark 8300 Series\lxcjmon.exe" [2007-01-30 205744]
"EzPrint"="c:\program files (x86)\Lexmark 8300 Series\ezprint.exe" [2007-01-30 103344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rishav Bose\AppData\Roaming\Mozilla\Firefox\Profiles\8ioio6md.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
.
**************************************************************************
.
Completion time: 2011-12-06 16:37:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 21:37
ComboFix2.txt 2011-12-05 19:53
.
Pre-Run: 361,413,394,432 bytes free
Post-Run: 360,322,277,376 bytes free
.
- - End Of File - - AA2803449586432D42A9F6AA0D86D49B

All problems still happen...

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 December 2011 - 09:43 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#9 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 07 December 2011 - 02:31 PM

Log:
14:29:57.0591 2184 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
14:29:57.0669 2184 ============================================================
14:29:57.0669 2184 Current date / time: 2011/12/07 14:29:57.0669
14:29:57.0669 2184 SystemInfo:
14:29:57.0669 2184
14:29:57.0669 2184 OS Version: 6.1.7601 ServicePack: 1.0
14:29:57.0669 2184 Product type: Workstation
14:29:57.0669 2184 ComputerName: RISHAVBOSELT
14:29:57.0669 2184 UserName: Rishav Bose
14:29:57.0669 2184 Windows directory: C:\Windows
14:29:57.0669 2184 System windows directory: C:\Windows
14:29:57.0669 2184 Running under WOW64
14:29:57.0669 2184 Processor architecture: Intel x64
14:29:57.0669 2184 Number of processors: 4
14:29:57.0669 2184 Page size: 0x1000
14:29:57.0669 2184 Boot type: Normal boot
14:29:57.0669 2184 ============================================================
14:29:59.0229 2184 Initialize success
14:30:00.0368 3396 ============================================================
14:30:00.0368 3396 Scan started
14:30:00.0368 3396 Mode: Manual;
14:30:00.0368 3396 ============================================================
14:30:01.0304 3396 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:30:01.0304 3396 1394ohci - ok
14:30:01.0413 3396 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:30:01.0413 3396 ACPI - ok
14:30:01.0507 3396 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:30:01.0507 3396 AcpiPmi - ok
14:30:01.0632 3396 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:01.0632 3396 adp94xx - ok
14:30:01.0741 3396 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:30:01.0741 3396 adpahci - ok
14:30:01.0835 3396 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:30:01.0835 3396 adpu320 - ok
14:30:01.0959 3396 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:30:01.0959 3396 AFD - ok
14:30:02.0178 3396 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:30:02.0178 3396 agp440 - ok
14:30:02.0287 3396 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:30:02.0287 3396 aliide - ok
14:30:02.0381 3396 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:30:02.0381 3396 amdide - ok
14:30:02.0474 3396 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:30:02.0474 3396 AmdK8 - ok
14:30:02.0552 3396 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:30:02.0552 3396 AmdPPM - ok
14:30:02.0661 3396 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:30:02.0661 3396 amdsata - ok
14:30:02.0755 3396 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:02.0771 3396 amdsbs - ok
14:30:02.0864 3396 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:30:02.0864 3396 amdxata - ok
14:30:02.0958 3396 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:30:02.0958 3396 AppID - ok
14:30:03.0083 3396 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:30:03.0083 3396 arc - ok
14:30:03.0192 3396 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:30:03.0192 3396 arcsas - ok
14:30:03.0301 3396 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:03.0301 3396 AsyncMac - ok
14:30:03.0410 3396 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:30:03.0410 3396 atapi - ok
14:30:03.0535 3396 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:30:03.0551 3396 b06bdrv - ok
14:30:03.0644 3396 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:03.0660 3396 b57nd60a - ok
14:30:03.0753 3396 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
14:30:03.0753 3396 BCM42RLY - ok
14:30:03.0909 3396 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:30:03.0925 3396 BCM43XX - ok
14:30:04.0034 3396 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
14:30:04.0034 3396 BcmVWL - ok
14:30:04.0097 3396 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:30:04.0097 3396 Beep - ok
14:30:04.0159 3396 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:04.0159 3396 blbdrive - ok
14:30:04.0299 3396 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:30:04.0299 3396 bowser - ok
14:30:04.0346 3396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:30:04.0346 3396 BrFiltLo - ok
14:30:04.0409 3396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:30:04.0424 3396 BrFiltUp - ok
14:30:04.0549 3396 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:30:04.0549 3396 Brserid - ok
14:30:04.0643 3396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:04.0643 3396 BrSerWdm - ok
14:30:04.0736 3396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:04.0736 3396 BrUsbMdm - ok
14:30:04.0799 3396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:04.0814 3396 BrUsbSer - ok
14:30:04.0923 3396 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:30:04.0923 3396 BthEnum - ok
14:30:05.0033 3396 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:05.0033 3396 BTHMODEM - ok
14:30:05.0157 3396 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:30:05.0157 3396 BthPan - ok
14:30:05.0267 3396 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:30:05.0282 3396 BTHPORT - ok
14:30:05.0376 3396 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:30:05.0376 3396 BTHUSB - ok
14:30:05.0469 3396 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
14:30:05.0469 3396 btusbflt - ok
14:30:05.0594 3396 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
14:30:05.0610 3396 btwaudio - ok
14:30:05.0703 3396 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
14:30:05.0719 3396 btwavdt - ok
14:30:05.0875 3396 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:30:05.0875 3396 btwl2cap - ok
14:30:06.0015 3396 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
14:30:06.0015 3396 btwrchid - ok
14:30:06.0078 3396 catchme - ok
14:30:06.0203 3396 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:06.0203 3396 cdfs - ok
14:30:06.0343 3396 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:30:06.0343 3396 cdrom - ok
14:30:06.0468 3396 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:30:06.0468 3396 circlass - ok
14:30:06.0577 3396 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:30:06.0577 3396 CLFS - ok
14:30:06.0717 3396 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:06.0717 3396 CmBatt - ok
14:30:06.0827 3396 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:30:06.0842 3396 cmdide - ok
14:30:06.0951 3396 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:30:06.0967 3396 CNG - ok
14:30:07.0092 3396 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:07.0092 3396 Compbatt - ok
14:30:07.0217 3396 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:30:07.0217 3396 CompositeBus - ok
14:30:07.0326 3396 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:07.0326 3396 crcdisk - ok
14:30:07.0435 3396 CtClsFlt - ok
14:30:07.0560 3396 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:30:07.0560 3396 DfsC - ok
14:30:07.0653 3396 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:30:07.0653 3396 discache - ok
14:30:07.0778 3396 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:30:07.0778 3396 Disk - ok
14:30:07.0903 3396 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:30:07.0903 3396 drmkaud - ok
14:30:08.0012 3396 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:08.0012 3396 DXGKrnl - ok
14:30:08.0168 3396 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:30:08.0231 3396 ebdrv - ok
14:30:08.0371 3396 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:30:08.0371 3396 elxstor - ok
14:30:08.0480 3396 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:30:08.0480 3396 ErrDev - ok
14:30:08.0589 3396 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:30:08.0589 3396 exfat - ok
14:30:08.0667 3396 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:30:08.0667 3396 fastfat - ok
14:30:08.0792 3396 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:30:08.0792 3396 fdc - ok
14:30:08.0917 3396 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:30:08.0917 3396 FileInfo - ok
14:30:08.0995 3396 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:30:08.0995 3396 Filetrace - ok
14:30:09.0089 3396 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:09.0089 3396 flpydisk - ok
14:30:09.0245 3396 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:30:09.0245 3396 FltMgr - ok
14:30:09.0354 3396 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:30:09.0354 3396 FsDepends - ok
14:30:09.0447 3396 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:09.0447 3396 Fs_Rec - ok
14:30:09.0572 3396 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:30:09.0572 3396 fvevol - ok
14:30:09.0650 3396 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:09.0650 3396 gagp30kx - ok
14:30:09.0791 3396 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:09.0791 3396 GEARAspiWDM - ok
14:30:09.0900 3396 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:30:09.0900 3396 hamachi - ok
14:30:09.0993 3396 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:30:09.0993 3396 hcw85cir - ok
14:30:10.0103 3396 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:30:10.0103 3396 HDAudBus - ok
14:30:10.0243 3396 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:10.0243 3396 HECIx64 - ok
14:30:10.0337 3396 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:10.0337 3396 HidBatt - ok
14:30:10.0446 3396 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:30:10.0446 3396 HidBth - ok
14:30:10.0555 3396 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:30:10.0555 3396 HidIr - ok
14:30:10.0680 3396 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:10.0680 3396 HidUsb - ok
14:30:10.0851 3396 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:30:10.0867 3396 HpSAMD - ok
14:30:11.0288 3396 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:30:11.0335 3396 HTTP - ok
14:30:11.0616 3396 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:30:11.0631 3396 hwpolicy - ok
14:30:12.0302 3396 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:30:12.0302 3396 i8042prt - ok
14:30:12.0848 3396 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:30:12.0848 3396 iaStor - ok
14:30:13.0347 3396 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:30:13.0379 3396 iaStorV - ok
14:30:14.0595 3396 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:30:14.0798 3396 igfx - ok
14:30:14.0923 3396 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:30:14.0923 3396 iirsp - ok
14:30:15.0048 3396 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:30:15.0063 3396 Impcd - ok
14:30:15.0204 3396 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
14:30:15.0219 3396 IntcAzAudAddService - ok
14:30:15.0344 3396 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:30:15.0344 3396 IntcDAud - ok
14:30:15.0469 3396 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:30:15.0469 3396 intelide - ok
14:30:15.0578 3396 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:15.0578 3396 intelppm - ok
14:30:15.0703 3396 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:30:15.0719 3396 IPMIDRV - ok
14:30:15.0828 3396 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:30:15.0828 3396 IPNAT - ok
14:30:15.0968 3396 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:30:15.0968 3396 IRENUM - ok
14:30:16.0421 3396 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:30:16.0421 3396 isapnp - ok
14:30:16.0530 3396 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:30:16.0545 3396 iScsiPrt - ok
14:30:16.0655 3396 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:30:16.0655 3396 kbdclass - ok
14:30:16.0764 3396 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:30:16.0764 3396 kbdhid - ok
14:30:16.0842 3396 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:30:16.0842 3396 KSecDD - ok
14:30:16.0904 3396 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:30:16.0904 3396 KSecPkg - ok
14:30:16.0998 3396 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:30:16.0998 3396 ksthunk - ok
14:30:17.0107 3396 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:30:17.0107 3396 L1C - ok
14:30:17.0232 3396 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:17.0232 3396 lltdio - ok
14:30:17.0357 3396 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:17.0372 3396 LSI_FC - ok
14:30:17.0481 3396 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:17.0481 3396 LSI_SAS - ok
14:30:17.0622 3396 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:17.0622 3396 LSI_SAS2 - ok
14:30:17.0715 3396 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:17.0715 3396 LSI_SCSI - ok
14:30:17.0778 3396 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:30:17.0778 3396 luafv - ok
14:30:17.0918 3396 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:30:17.0918 3396 megasas - ok
14:30:18.0137 3396 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:18.0137 3396 MegaSR - ok
14:30:18.0261 3396 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:30:18.0261 3396 Modem - ok
14:30:18.0402 3396 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:30:18.0402 3396 monitor - ok
14:30:18.0542 3396 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:30:18.0542 3396 mouclass - ok
14:30:18.0667 3396 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:18.0667 3396 mouhid - ok
14:30:18.0792 3396 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:30:18.0792 3396 mountmgr - ok
14:30:18.0917 3396 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:30:18.0917 3396 MpFilter - ok
14:30:19.0041 3396 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:30:19.0041 3396 mpio - ok
14:30:19.0166 3396 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:30:19.0166 3396 MpNWMon - ok
14:30:19.0275 3396 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:30:19.0275 3396 mpsdrv - ok
14:30:19.0416 3396 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:30:19.0416 3396 MRxDAV - ok
14:30:19.0525 3396 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:19.0525 3396 mrxsmb - ok
14:30:19.0665 3396 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:19.0665 3396 mrxsmb10 - ok
14:30:19.0790 3396 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:19.0790 3396 mrxsmb20 - ok
14:30:19.0915 3396 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:30:19.0931 3396 msahci - ok
14:30:20.0227 3396 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:30:20.0227 3396 msdsm - ok
14:30:20.0367 3396 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:30:20.0367 3396 Msfs - ok
14:30:20.0586 3396 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:30:20.0586 3396 mshidkmdf - ok
14:30:20.0757 3396 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:30:20.0757 3396 msisadrv - ok
14:30:20.0960 3396 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:21.0023 3396 MSKSSRV - ok
14:30:21.0303 3396 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:21.0303 3396 MSPCLOCK - ok
14:30:21.0506 3396 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:30:21.0506 3396 MSPQM - ok
14:30:21.0725 3396 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:30:21.0725 3396 MsRPC - ok
14:30:21.0927 3396 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:30:21.0927 3396 mssmbios - ok
14:30:22.0317 3396 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:30:22.0317 3396 MSTEE - ok
14:30:22.0489 3396 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:22.0489 3396 MTConfig - ok
14:30:22.0692 3396 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:30:22.0692 3396 Mup - ok
14:30:22.0832 3396 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:22.0848 3396 NativeWifiP - ok
14:30:23.0019 3396 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:30:23.0019 3396 NDIS - ok
14:30:23.0175 3396 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:23.0175 3396 NdisCap - ok
14:30:23.0300 3396 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:23.0300 3396 NdisTapi - ok
14:30:23.0425 3396 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:23.0425 3396 Ndisuio - ok
14:30:23.0550 3396 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:23.0550 3396 NdisWan - ok
14:30:23.0690 3396 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:30:23.0690 3396 NDProxy - ok
14:30:23.0799 3396 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:30:23.0799 3396 NetBIOS - ok
14:30:23.0971 3396 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:30:23.0971 3396 NetBT - ok
14:30:24.0439 3396 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:24.0439 3396 nfrd960 - ok
14:30:24.0579 3396 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:30:24.0579 3396 NisDrv - ok
14:30:24.0751 3396 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:24.0751 3396 Npfs - ok
14:30:24.0876 3396 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:24.0876 3396 nsiproxy - ok
14:30:25.0032 3396 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:25.0063 3396 Ntfs - ok
14:30:25.0219 3396 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:25.0219 3396 Null - ok
14:30:25.0359 3396 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:25.0359 3396 nvraid - ok
14:30:25.0515 3396 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:25.0515 3396 nvstor - ok
14:30:25.0656 3396 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:25.0671 3396 nv_agp - ok
14:30:25.0796 3396 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:25.0796 3396 ohci1394 - ok
14:30:25.0921 3396 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:25.0921 3396 Parport - ok
14:30:26.0124 3396 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:30:26.0124 3396 partmgr - ok
14:30:26.0217 3396 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
14:30:26.0327 3396 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
14:30:26.0451 3396 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:26.0451 3396 pci - ok
14:30:26.0545 3396 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:26.0545 3396 pciide - ok
14:30:26.0654 3396 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:26.0654 3396 pcmcia - ok
14:30:26.0748 3396 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:26.0748 3396 pcw - ok
14:30:26.0857 3396 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:26.0873 3396 PEAUTH - ok
14:30:27.0091 3396 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:27.0091 3396 PptpMiniport - ok
14:30:27.0122 3396 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:27.0138 3396 Processor - ok
14:30:27.0263 3396 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:27.0263 3396 Psched - ok
14:30:27.0341 3396 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:27.0372 3396 ql2300 - ok
14:30:27.0512 3396 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:27.0512 3396 ql40xx - ok
14:30:27.0528 3396 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:27.0528 3396 QWAVEdrv - ok
14:30:27.0543 3396 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:27.0543 3396 RasAcd - ok
14:30:27.0637 3396 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:27.0637 3396 RasAgileVpn - ok
14:30:27.0684 3396 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:27.0684 3396 Rasl2tp - ok
14:30:27.0809 3396 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:27.0809 3396 RasPppoe - ok
14:30:27.0855 3396 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:27.0855 3396 RasSstp - ok
14:30:27.0887 3396 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:27.0902 3396 rdbss - ok
14:30:27.0949 3396 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:27.0949 3396 rdpbus - ok
14:30:28.0089 3396 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:28.0089 3396 RDPCDD - ok
14:30:28.0167 3396 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:28.0167 3396 RDPENCDD - ok
14:30:28.0292 3396 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:28.0292 3396 RDPREFMP - ok
14:30:28.0401 3396 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:30:28.0401 3396 RDPWD - ok
14:30:28.0448 3396 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:28.0448 3396 rdyboost - ok
14:30:28.0557 3396 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:30:28.0557 3396 RFCOMM - ok
14:30:28.0667 3396 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:28.0667 3396 rspndr - ok
14:30:28.0713 3396 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
14:30:28.0713 3396 RSUSBSTOR - ok
14:30:28.0823 3396 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:30:28.0823 3396 SASDIFSV - ok
14:30:28.0901 3396 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:30:28.0901 3396 SASKUTIL - ok
14:30:29.0010 3396 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:29.0010 3396 sbp2port - ok
14:30:29.0119 3396 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:29.0119 3396 scfilter - ok
14:30:29.0244 3396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:29.0244 3396 secdrv - ok
14:30:29.0369 3396 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:29.0369 3396 Serenum - ok
14:30:29.0493 3396 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:29.0493 3396 Serial - ok
14:30:29.0634 3396 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:29.0649 3396 sermouse - ok
14:30:29.0774 3396 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:29.0774 3396 sffdisk - ok
14:30:29.0868 3396 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:29.0868 3396 sffp_mmc - ok
14:30:30.0024 3396 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:30.0024 3396 sffp_sd - ok
14:30:30.0180 3396 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:30.0180 3396 sfloppy - ok
14:30:30.0320 3396 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:30.0336 3396 SiSRaid2 - ok
14:30:30.0461 3396 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:30.0461 3396 SiSRaid4 - ok
14:30:30.0585 3396 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:30.0585 3396 Smb - ok
14:30:30.0757 3396 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:30.0757 3396 spldr - ok
14:30:30.0866 3396 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:30.0882 3396 srv - ok
14:30:30.0991 3396 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:31.0007 3396 srv2 - ok
14:30:31.0131 3396 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:31.0131 3396 srvnet - ok
14:30:31.0256 3396 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:31.0256 3396 stexstor - ok
14:30:31.0397 3396 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:30:31.0397 3396 swenum - ok
14:30:31.0568 3396 SynTP (08425cd92972c6430f350a9697f4a553) C:\Windows\system32\DRIVERS\SynTP.sys
14:30:31.0568 3396 SynTP - ok
14:30:31.0787 3396 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:30:31.0834 3396 Tcpip - ok
14:30:32.0068 3396 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:32.0083 3396 TCPIP6 - ok
14:30:32.0255 3396 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:32.0255 3396 tcpipreg - ok
14:30:32.0364 3396 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:32.0364 3396 TDPIPE - ok
14:30:32.0489 3396 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:30:32.0489 3396 TDTCP - ok
14:30:32.0614 3396 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:32.0614 3396 tdx - ok
14:30:32.0785 3396 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:30:32.0785 3396 TermDD - ok
14:30:32.0957 3396 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:32.0957 3396 tssecsrv - ok
14:30:33.0144 3396 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:33.0160 3396 TsUsbFlt - ok
14:30:33.0316 3396 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:33.0316 3396 tunnel - ok
14:30:33.0487 3396 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:30:33.0487 3396 TurboB - ok
14:30:33.0628 3396 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:33.0628 3396 uagp35 - ok
14:30:33.0784 3396 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:33.0799 3396 udfs - ok
14:30:34.0018 3396 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:34.0018 3396 uliagpkx - ok
14:30:34.0189 3396 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:30:34.0189 3396 umbus - ok
14:30:34.0345 3396 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:34.0345 3396 UmPass - ok
14:30:34.0532 3396 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:34.0532 3396 USBAAPL64 - ok
14:30:34.0688 3396 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:34.0688 3396 usbccgp - ok
14:30:34.0844 3396 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:34.0844 3396 usbcir - ok
14:30:35.0000 3396 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:30:35.0000 3396 usbehci - ok
14:30:35.0172 3396 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:35.0172 3396 usbhub - ok
14:30:35.0328 3396 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:35.0328 3396 usbohci - ok
14:30:35.0484 3396 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:35.0484 3396 usbprint - ok
14:30:35.0656 3396 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:35.0656 3396 usbscan - ok
14:30:35.0827 3396 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:35.0827 3396 USBSTOR - ok
14:30:35.0968 3396 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:35.0983 3396 usbuhci - ok
14:30:36.0155 3396 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:30:36.0155 3396 usbvideo - ok
14:30:36.0311 3396 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:30:36.0311 3396 vdrvroot - ok
14:30:36.0482 3396 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:36.0482 3396 vga - ok
14:30:36.0638 3396 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:36.0638 3396 VgaSave - ok
14:30:36.0794 3396 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:30:36.0810 3396 vhdmp - ok
14:30:36.0966 3396 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:30:36.0966 3396 viaide - ok
14:30:37.0106 3396 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:30:37.0106 3396 volmgr - ok
14:30:37.0262 3396 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:30:37.0262 3396 volmgrx - ok
14:30:37.0418 3396 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:30:37.0418 3396 volsnap - ok
14:30:37.0574 3396 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:37.0590 3396 vsmraid - ok
14:30:37.0730 3396 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:37.0730 3396 vwifibus - ok
14:30:37.0886 3396 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:37.0886 3396 vwififlt - ok
14:30:38.0027 3396 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:30:38.0042 3396 vwifimp - ok
14:30:38.0183 3396 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:30:38.0183 3396 WacomPen - ok
14:30:38.0323 3396 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:38.0323 3396 WANARP - ok
14:30:38.0323 3396 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:38.0323 3396 Wanarpv6 - ok
14:30:38.0464 3396 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:30:38.0464 3396 Wd - ok
14:30:38.0604 3396 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:38.0620 3396 Wdf01000 - ok
14:30:38.0776 3396 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:38.0776 3396 WfpLwf - ok
14:30:38.0932 3396 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:30:38.0932 3396 WimFltr - ok
14:30:39.0072 3396 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:39.0072 3396 WIMMount - ok
14:30:39.0244 3396 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:30:39.0244 3396 WinUsb - ok
14:30:39.0400 3396 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:30:39.0400 3396 WmiAcpi - ok
14:30:39.0556 3396 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:39.0571 3396 ws2ifsl - ok
14:30:39.0743 3396 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:30:39.0743 3396 WudfPf - ok
14:30:39.0883 3396 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:39.0883 3396 WUDFRd - ok
14:30:39.0946 3396 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:30:39.0961 3396 \Device\Harddisk0\DR0 - ok
14:30:39.0961 3396 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
14:30:39.0961 3396 \Device\Harddisk0\DR0\Partition0 - ok
14:30:39.0977 3396 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
14:30:39.0977 3396 \Device\Harddisk0\DR0\Partition1 - ok
14:30:39.0977 3396 ============================================================
14:30:39.0977 3396 Scan finished
14:30:39.0977 3396 ============================================================
14:30:39.0992 5052 Detected object count: 0
14:30:39.0992 5052 Actual detected object count: 0

All problems still persist.

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 December 2011 - 02:46 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#11 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 07 December 2011 - 05:27 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-07 16:50:47
-----------------------------
16:50:47.225 OS Version: Windows x64 6.1.7601 Service Pack 1
16:50:47.225 Number of processors: 4 586 0x2505
16:50:47.226 ComputerName: RISHAVBOSELT UserName: Rishav Bose
16:50:49.053 Initialize success
16:51:41.591 AVAST engine defs: 11120701
16:51:48.537 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:51:48.540 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:51:48.559 Disk 0 MBR read successfully
16:51:48.561 Disk 0 MBR scan
16:51:48.566 Disk 0 Windows VISTA default MBR code
16:51:48.569 Service scanning
16:51:49.391 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:51:50.000 Modules scanning
16:51:50.006 Disk 0 trace - called modules:
16:51:50.036 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:51:50.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb1060]
16:51:50.045 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800493a050]
16:51:53.751 AVAST engine scan C:\Windows
16:51:58.113 AVAST engine scan C:\Windows\system32
16:54:26.506 AVAST engine scan C:\Windows\system32\drivers
16:54:40.795 AVAST engine scan C:\Users\Rishav Bose
17:11:58.694 AVAST engine scan C:\ProgramData
17:15:31.153 Scan finished successfully
17:26:50.263 Disk 0 MBR has been saved successfully to "C:\Users\Rishav Bose\Desktop\MBR.dat"
17:26:50.297 The log file has been saved successfully to "C:\Users\Rishav Bose\Desktop\aswMBR.txt"

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 07 December 2011 - 07:30 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

<-- Don't worry every little bit helps.

#13 Jimthebear2

New Member

Group: Members
Posts: 14
Joined: 12-June 11

Posted 08 December 2011 - 03:01 PM

said no infections found

TDSS log:
15:00:42.0683 1552 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
15:00:42.0793 1552 ============================================================
15:00:42.0793 1552 Current date / time: 2011/12/08 15:00:42.0793
15:00:42.0793 1552 SystemInfo:
15:00:42.0793 1552
15:00:42.0793 1552 OS Version: 6.1.7601 ServicePack: 1.0
15:00:42.0793 1552 Product type: Workstation
15:00:42.0793 1552 ComputerName: RISHAVBOSELT
15:00:42.0793 1552 UserName: Rishav Bose
15:00:42.0793 1552 Windows directory: C:\Windows
15:00:42.0793 1552 System windows directory: C:\Windows
15:00:42.0793 1552 Running under WOW64
15:00:42.0793 1552 Processor architecture: Intel x64
15:00:42.0793 1552 Number of processors: 4
15:00:42.0793 1552 Page size: 0x1000
15:00:42.0793 1552 Boot type: Normal boot
15:00:42.0793 1552 ============================================================
15:00:44.0134 1552 Initialize success
15:00:45.0164 5320 ============================================================
15:00:45.0164 5320 Scan started
15:00:45.0164 5320 Mode: Manual;
15:00:45.0164 5320 ============================================================
15:00:45.0803 5320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:00:45.0803 5320 1394ohci - ok
15:00:45.0913 5320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:00:45.0913 5320 ACPI - ok
15:00:46.0022 5320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:00:46.0022 5320 AcpiPmi - ok
15:00:46.0162 5320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:46.0162 5320 adp94xx - ok
15:00:46.0521 5320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:00:46.0521 5320 adpahci - ok
15:00:46.0599 5320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:00:46.0599 5320 adpu320 - ok
15:00:46.0739 5320 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:00:46.0739 5320 AFD - ok
15:00:46.0849 5320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:00:46.0849 5320 agp440 - ok
15:00:46.0958 5320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:00:46.0973 5320 aliide - ok
15:00:47.0083 5320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:00:47.0083 5320 amdide - ok
15:00:47.0176 5320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:00:47.0176 5320 AmdK8 - ok
15:00:47.0270 5320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:00:47.0270 5320 AmdPPM - ok
15:00:47.0379 5320 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:00:47.0379 5320 amdsata - ok
15:00:47.0488 5320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:47.0488 5320 amdsbs - ok
15:00:47.0597 5320 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:00:47.0597 5320 amdxata - ok
15:00:47.0691 5320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:00:47.0691 5320 AppID - ok
15:00:47.0831 5320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:00:47.0831 5320 arc - ok
15:00:47.0941 5320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:00:47.0941 5320 arcsas - ok
15:00:48.0034 5320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:48.0034 5320 AsyncMac - ok
15:00:48.0143 5320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:00:48.0143 5320 atapi - ok
15:00:48.0221 5320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:00:48.0221 5320 b06bdrv - ok
15:00:48.0315 5320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:48.0331 5320 b57nd60a - ok
15:00:48.0440 5320 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
15:00:48.0440 5320 BCM42RLY - ok
15:00:48.0596 5320 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:00:48.0596 5320 BCM43XX - ok
15:00:48.0721 5320 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
15:00:48.0721 5320 BcmVWL - ok
15:00:48.0861 5320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:00:48.0861 5320 Beep - ok
15:00:48.0939 5320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:48.0939 5320 blbdrive - ok
15:00:49.0079 5320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:00:49.0079 5320 bowser - ok
15:00:49.0204 5320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:49.0204 5320 BrFiltLo - ok
15:00:49.0267 5320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:49.0267 5320 BrFiltUp - ok
15:00:49.0407 5320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:00:49.0423 5320 Brserid - ok
15:00:49.0532 5320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:49.0532 5320 BrSerWdm - ok
15:00:49.0625 5320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:49.0625 5320 BrUsbMdm - ok
15:00:49.0735 5320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:49.0735 5320 BrUsbSer - ok
15:00:49.0875 5320 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:00:49.0875 5320 BthEnum - ok
15:00:49.0984 5320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:49.0984 5320 BTHMODEM - ok
15:00:50.0125 5320 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:00:50.0125 5320 BthPan - ok
15:00:50.0281 5320 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:00:50.0281 5320 BTHPORT - ok
15:00:50.0452 5320 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:00:50.0452 5320 BTHUSB - ok
15:00:50.0577 5320 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
15:00:50.0577 5320 btusbflt - ok
15:00:50.0780 5320 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
15:00:50.0780 5320 btwaudio - ok
15:00:50.0967 5320 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
15:00:50.0967 5320 btwavdt - ok
15:00:51.0139 5320 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:00:51.0139 5320 btwl2cap - ok
15:00:51.0279 5320 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
15:00:51.0279 5320 btwrchid - ok
15:00:51.0357 5320 catchme - ok
15:00:51.0482 5320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:00:51.0482 5320 cdfs - ok
15:00:51.0638 5320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:00:51.0638 5320 cdrom - ok
15:00:51.0778 5320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:00:51.0778 5320 circlass - ok
15:00:51.0887 5320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:00:51.0887 5320 CLFS - ok
15:00:52.0137 5320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:52.0137 5320 CmBatt - ok
15:00:52.0309 5320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:00:52.0309 5320 cmdide - ok
15:00:52.0449 5320 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:00:52.0449 5320 CNG - ok
15:00:52.0574 5320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:00:52.0574 5320 Compbatt - ok
15:00:52.0714 5320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:00:52.0714 5320 CompositeBus - ok
15:00:52.0839 5320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:52.0839 5320 crcdisk - ok
15:00:52.0948 5320 CtClsFlt - ok
15:00:53.0198 5320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:00:53.0198 5320 DfsC - ok
15:00:53.0401 5320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:00:53.0401 5320 discache - ok
15:00:53.0572 5320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:00:53.0572 5320 Disk - ok
15:00:53.0713 5320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:00:53.0713 5320 drmkaud - ok
15:00:53.0853 5320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:00:53.0869 5320 DXGKrnl - ok
15:00:54.0040 5320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:00:54.0118 5320 ebdrv - ok
15:00:54.0274 5320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:00:54.0290 5320 elxstor - ok
15:00:54.0430 5320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:00:54.0430 5320 ErrDev - ok
15:00:54.0571 5320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:00:54.0571 5320 exfat - ok
15:00:54.0695 5320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:00:54.0695 5320 fastfat - ok
15:00:54.0836 5320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:00:54.0836 5320 fdc - ok
15:00:54.0992 5320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:00:54.0992 5320 FileInfo - ok
15:00:55.0132 5320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:00:55.0132 5320 Filetrace - ok
15:00:55.0257 5320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:55.0257 5320 flpydisk - ok
15:00:55.0413 5320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:00:55.0413 5320 FltMgr - ok
15:00:55.0616 5320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:00:55.0616 5320 FsDepends - ok
15:00:55.0850 5320 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:00:55.0850 5320 Fs_Rec - ok
15:00:56.0099 5320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:00:56.0115 5320 fvevol - ok
15:00:56.0209 5320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:56.0224 5320 gagp30kx - ok
15:00:56.0380 5320 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:00:56.0380 5320 GEARAspiWDM - ok
15:00:56.0505 5320 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:00:56.0505 5320 hamachi - ok
15:00:56.0614 5320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:00:56.0614 5320 hcw85cir - ok
15:00:56.0755 5320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:00:56.0755 5320 HDAudBus - ok
15:00:56.0879 5320 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:00:56.0879 5320 HECIx64 - ok
15:00:57.0004 5320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:57.0004 5320 HidBatt - ok
15:00:57.0129 5320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:00:57.0129 5320 HidBth - ok
15:00:57.0269 5320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:00:57.0269 5320 HidIr - ok
15:00:57.0410 5320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:00:57.0410 5320 HidUsb - ok
15:00:57.0566 5320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:00:57.0566 5320 HpSAMD - ok
15:00:57.0706 5320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:00:57.0706 5320 HTTP - ok
15:00:57.0847 5320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:00:57.0847 5320 hwpolicy - ok
15:00:57.0971 5320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:00:57.0971 5320 i8042prt - ok
15:00:58.0159 5320 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:00:58.0159 5320 iaStor - ok
15:00:58.0439 5320 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:00:58.0439 5320 iaStorV - ok
15:00:58.0861 5320 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:00:59.0063 5320 igfx - ok
15:00:59.0173 5320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:00:59.0173 5320 iirsp - ok
15:00:59.0282 5320 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:00:59.0282 5320 Impcd - ok
15:00:59.0422 5320 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
15:00:59.0422 5320 IntcAzAudAddService - ok
15:00:59.0547 5320 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:00:59.0547 5320 IntcDAud - ok
15:00:59.0594 5320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:00:59.0609 5320 intelide - ok
15:00:59.0687 5320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:00:59.0687 5320 intelppm - ok
15:00:59.0797 5320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:00:59.0812 5320 IPMIDRV - ok
15:00:59.0843 5320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:00:59.0843 5320 IPNAT - ok
15:00:59.0968 5320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:00:59.0968 5320 IRENUM - ok
15:01:00.0077 5320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:01:00.0077 5320 isapnp - ok
15:01:00.0124 5320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:01:00.0140 5320 iScsiPrt - ok
15:01:00.0233 5320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:01:00.0233 5320 kbdclass - ok
15:01:00.0296 5320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:01:00.0296 5320 kbdhid - ok
15:01:00.0389 5320 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:01:00.0389 5320 KSecDD - ok
15:01:00.0436 5320 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:01:00.0436 5320 KSecPkg - ok
15:01:00.0545 5320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:01:00.0545 5320 ksthunk - ok
15:01:00.0670 5320 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:01:00.0670 5320 L1C - ok
15:01:00.0842 5320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:01:00.0842 5320 lltdio - ok
15:01:01.0076 5320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:01:01.0076 5320 LSI_FC - ok
15:01:01.0201 5320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:01:01.0201 5320 LSI_SAS - ok
15:01:01.0310 5320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:01:01.0310 5320 LSI_SAS2 - ok
15:01:01.0403 5320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:01:01.0403 5320 LSI_SCSI - ok
15:01:01.0528 5320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:01:01.0528 5320 luafv - ok
15:01:01.0653 5320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:01:01.0653 5320 megasas - ok
15:01:01.0762 5320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:01:01.0762 5320 MegaSR - ok
15:01:01.0903 5320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:01:01.0903 5320 Modem - ok
15:01:02.0027 5320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:01:02.0027 5320 monitor - ok
15:01:02.0168 5320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:01:02.0168 5320 mouclass - ok
15:01:02.0183 5320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:01:02.0183 5320 mouhid - ok
15:01:02.0293 5320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:01:02.0293 5320 mountmgr - ok
15:01:02.0402 5320 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:01:02.0402 5320 MpFilter - ok
15:01:02.0495 5320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:01:02.0495 5320 mpio - ok
15:01:02.0573 5320 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:01:02.0573 5320 MpNWMon - ok
15:01:02.0667 5320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:01:02.0667 5320 mpsdrv - ok
15:01:02.0776 5320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:01:02.0776 5320 MRxDAV - ok
15:01:02.0854 5320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:01:02.0854 5320 mrxsmb - ok
15:01:02.0948 5320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:01:02.0948 5320 mrxsmb10 - ok
15:01:03.0041 5320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:01:03.0041 5320 mrxsmb20 - ok
15:01:03.0182 5320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:01:03.0182 5320 msahci - ok
15:01:03.0322 5320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:01:03.0322 5320 msdsm - ok
15:01:03.0494 5320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:01:03.0494 5320 Msfs - ok
15:01:03.0619 5320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:01:03.0619 5320 mshidkmdf - ok
15:01:03.0712 5320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:01:03.0712 5320 msisadrv - ok
15:01:03.0853 5320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:01:03.0853 5320 MSKSSRV - ok
15:01:04.0040 5320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:01:04.0040 5320 MSPCLOCK - ok
15:01:04.0165 5320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:01:04.0165 5320 MSPQM - ok
15:01:04.0274 5320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:01:04.0274 5320 MsRPC - ok
15:01:04.0367 5320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:01:04.0367 5320 mssmbios - ok
15:01:04.0477 5320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:01:04.0477 5320 MSTEE - ok
15:01:04.0555 5320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:01:04.0555 5320 MTConfig - ok
15:01:04.0601 5320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:01:04.0601 5320 Mup - ok
15:01:04.0726 5320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:01:04.0742 5320 NativeWifiP - ok
15:01:04.0882 5320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:01:04.0898 5320 NDIS - ok
15:01:05.0023 5320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:01:05.0023 5320 NdisCap - ok
15:01:05.0132 5320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:05.0132 5320 NdisTapi - ok
15:01:05.0257 5320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:05.0257 5320 Ndisuio - ok
15:01:05.0366 5320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:05.0366 5320 NdisWan - ok
15:01:05.0491 5320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:01:05.0491 5320 NDProxy - ok
15:01:05.0584 5320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:01:05.0584 5320 NetBIOS - ok
15:01:05.0756 5320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:01:05.0756 5320 NetBT - ok
15:01:05.0974 5320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:01:05.0974 5320 nfrd960 - ok
15:01:06.0177 5320 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:01:06.0177 5320 NisDrv - ok
15:01:06.0427 5320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:01:06.0442 5320 Npfs - ok
15:01:06.0520 5320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:01:06.0536 5320 nsiproxy - ok
15:01:06.0661 5320 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:01:06.0692 5320 Ntfs - ok
15:01:06.0785 5320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:01:06.0785 5320 Null - ok
15:01:06.0895 5320 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:01:06.0910 5320 nvraid - ok
15:01:07.0019 5320 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:01:07.0019 5320 nvstor - ok
15:01:07.0129 5320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:01:07.0129 5320 nv_agp - ok
15:01:07.0222 5320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:01:07.0222 5320 ohci1394 - ok
15:01:07.0269 5320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:01:07.0269 5320 Parport - ok
15:01:07.0363 5320 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:01:07.0363 5320 partmgr - ok
15:01:07.0472 5320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:01:07.0472 5320 pci - ok
15:01:07.0581 5320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:01:07.0581 5320 pciide - ok
15:01:07.0675 5320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:01:07.0675 5320 pcmcia - ok
15:01:07.0753 5320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:01:07.0768 5320 pcw - ok
15:01:07.0846 5320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:01:07.0862 5320 PEAUTH - ok
15:01:08.0033 5320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:01:08.0033 5320 PptpMiniport - ok
15:01:08.0127 5320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:01:08.0143 5320 Processor - ok
15:01:08.0252 5320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:01:08.0252 5320 Psched - ok
15:01:08.0408 5320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:01:08.0455 5320 ql2300 - ok
15:01:08.0642 5320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:01:08.0642 5320 ql40xx - ok
15:01:08.0813 5320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:01:08.0813 5320 QWAVEdrv - ok
15:01:08.0938 5320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:01:08.0938 5320 RasAcd - ok
15:01:09.0032 5320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:01:09.0032 5320 RasAgileVpn - ok
15:01:09.0157 5320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:09.0157 5320 Rasl2tp - ok
15:01:09.0297 5320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:09.0297 5320 RasPppoe - ok
15:01:09.0406 5320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:01:09.0406 5320 RasSstp - ok
15:01:09.0515 5320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:01:09.0515 5320 rdbss - ok
15:01:09.0547 5320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:01:09.0547 5320 rdpbus - ok
15:01:09.0640 5320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:09.0640 5320 RDPCDD - ok
15:01:09.0734 5320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:01:09.0749 5320 RDPENCDD - ok
15:01:09.0859 5320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:01:09.0859 5320 RDPREFMP - ok
15:01:09.0952 5320 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:01:09.0968 5320 RDPWD - ok
15:01:10.0093 5320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:01:10.0093 5320 rdyboost - ok
15:01:10.0233 5320 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:01:10.0233 5320 RFCOMM - ok
15:01:10.0358 5320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:01:10.0358 5320 rspndr - ok
15:01:10.0467 5320 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
15:01:10.0467 5320 RSUSBSTOR - ok
15:01:10.0561 5320 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:01:10.0561 5320 SASDIFSV - ok
15:01:10.0685 5320 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:01:10.0685 5320 SASKUTIL - ok
15:01:10.0748 5320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:01:10.0763 5320 sbp2port - ok
15:01:10.0904 5320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:01:10.0904 5320 scfilter - ok
15:01:11.0091 5320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:01:11.0091 5320 secdrv - ok
15:01:11.0263 5320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:01:11.0263 5320 Serenum - ok
15:01:11.0356 5320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:01:11.0356 5320 Serial - ok
15:01:11.0434 5320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:01:11.0434 5320 sermouse - ok
15:01:11.0543 5320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:01:11.0543 5320 sffdisk - ok
15:01:11.0637 5320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:01:11.0637 5320 sffp_mmc - ok
15:01:11.0746 5320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:01:11.0746 5320 sffp_sd - ok
15:01:11.0840 5320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:01:11.0840 5320 sfloppy - ok
15:01:11.0965 5320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:01:11.0965 5320 SiSRaid2 - ok
15:01:12.0074 5320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:01:12.0074 5320 SiSRaid4 - ok
15:01:12.0167 5320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:01:12.0183 5320 Smb - ok
15:01:12.0308 5320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:01:12.0308 5320 spldr - ok
15:01:12.0417 5320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:01:12.0433 5320 srv - ok
15:01:12.0526 5320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:01:12.0526 5320 srv2 - ok
15:01:12.0635 5320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:01:12.0635 5320 srvnet - ok
15:01:12.0745 5320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:01:12.0745 5320 stexstor - ok
15:01:12.0854 5320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:01:12.0854 5320 swenum - ok
15:01:12.0994 5320 SynTP (08425cd92972c6430f350a9697f4a553) C:\Windows\system32\DRIVERS\SynTP.sys
15:01:13.0010 5320 SynTP - ok
15:01:13.0135 5320 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:01:13.0181 5320 Tcpip - ok
15:01:13.0400 5320 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:01:13.0400 5320 TCPIP6 - ok
15:01:13.0556 5320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:01:13.0556 5320 tcpipreg - ok
15:01:13.0712 5320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:01:13.0727 5320 TDPIPE - ok
15:01:13.0915 5320 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:01:13.0915 5320 TDTCP - ok
15:01:14.0039 5320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:01:14.0039 5320 tdx - ok
15:01:14.0180 5320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:01:14.0180 5320 TermDD - ok
15:01:14.0289 5320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:14.0305 5320 tssecsrv - ok
15:01:14.0461 5320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:01:14.0461 5320 TsUsbFlt - ok
15:01:14.0601 5320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:01:14.0601 5320 tunnel - ok
15:01:14.0741 5320 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
15:01:14.0757 5320 TurboB - ok
15:01:14.0882 5320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:01:14.0882 5320 uagp35 - ok
15:01:15.0007 5320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:01:15.0007 5320 udfs - ok
15:01:15.0178 5320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:01:15.0178 5320 uliagpkx - ok
15:01:15.0303 5320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:01:15.0303 5320 umbus - ok
15:01:15.0428 5320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:01:15.0428 5320 UmPass - ok
15:01:15.0568 5320 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:01:15.0568 5320 USBAAPL64 - ok
15:01:15.0693 5320 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:15.0693 5320 usbccgp - ok
15:01:15.0833 5320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:01:15.0833 5320 usbcir - ok
15:01:15.0958 5320 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:01:15.0958 5320 usbehci - ok
15:01:16.0161 5320 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:01:16.0161 5320 usbhub - ok
15:01:16.0348 5320 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:01:16.0348 5320 usbohci - ok
15:01:16.0567 5320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:01:16.0567 5320 usbprint - ok
15:01:16.0707 5320 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:01:16.0707 5320 usbscan - ok
15:01:16.0832 5320 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:16.0832 5320 USBSTOR - ok
15:01:17.0019 5320 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:01:17.0019 5320 usbuhci - ok
15:01:17.0315 5320 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:01:17.0315 5320 usbvideo - ok
15:01:17.0721 5320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:01:17.0721 5320 vdrvroot - ok
15:01:18.0142 5320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:18.0142 5320 vga - ok
15:01:18.0485 5320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:01:18.0501 5320 VgaSave - ok
15:01:18.0766 5320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:01:18.0782 5320 vhdmp - ok
15:01:19.0078 5320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:01:19.0078 5320 viaide - ok
15:01:19.0328 5320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:01:19.0328 5320 volmgr - ok
15:01:19.0780 5320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:01:19.0796 5320 volmgrx - ok
15:01:20.0108 5320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:01:20.0108 5320 volsnap - ok
15:01:20.0357 5320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:01:20.0373 5320 vsmraid - ok
15:01:20.0591 5320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:01:20.0591 5320 vwifibus - ok
15:01:20.0732 5320 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:20.0732 5320 vwififlt - ok
15:01:20.0888 5320 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:01:20.0888 5320 vwifimp - ok
15:01:21.0153 5320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:01:21.0153 5320 WacomPen - ok
15:01:21.0371 5320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:21.0371 5320 WANARP - ok
15:01:21.0403 5320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:01:21.0403 5320 Wanarpv6 - ok
15:01:21.0652 5320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:01:21.0652 5320 Wd - ok
15:01:21.0855 5320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:01:21.0855 5320 Wdf01000 - ok
15:01:22.0120 5320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:22.0120 5320 WfpLwf - ok
15:01:22.0354 5320 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:01:22.0354 5320 WimFltr - ok
15:01:22.0463 5320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:01:22.0463 5320 WIMMount - ok
15:01:22.0588 5320 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:01:22.0588 5320 WinUsb - ok
15:01:22.0697 5320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:01:22.0697 5320 WmiAcpi - ok
15:01:22.0822 5320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:01:22.0822 5320 ws2ifsl - ok
15:01:22.0963 5320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:01:22.0963 5320 WudfPf - ok
15:01:23.0056 5320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:23.0056 5320 WUDFRd - ok
15:01:23.0119 5320 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:01:23.0134 5320 \Device\Harddisk0\DR0 - ok
15:01:23.0134 5320 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
15:01:23.0134 5320 \Device\Harddisk0\DR0\Partition0 - ok
15:01:23.0150 5320 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
15:01:23.0150 5320 \Device\Harddisk0\DR0\Partition1 - ok
15:01:23.0150 5320 ============================================================
15:01:23.0150 5320 Scan finished
15:01:23.0150 5320 ============================================================
15:01:23.0165 0844 Detected object count: 0
15:01:23.0165 0844 Actual detected object count: 0

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 08 December 2011 - 04:31 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

Download and save a copy of the latest Puppy ISO file
Download and save a copy of Unetbootin for Windows.
Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
Launch Unetbootin ....
Ensure that Disk Image is selected.
Using the browse button ... browse to and select the Puppy ISO file.
Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
Click OK

Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

Click menu > Graphic > mtPaint-snapshot screen capture
A small window will open ....
- Click Capture Now
- Click OK
The mtPaint program will open ....
- Click File > Save
- Double click on ../
- Double click on mnt/
- Double click on sdb1/
- Set File Format to JPEG
- Enter screenshot1 into the text box
- Click OK