Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect in Firefox (but not Chrome or IE)


  • This topic is locked This topic is locked
23 replies to this topic

#1 ablantzer

ablantzer

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 April 2012 - 01:00 AM

Here is my DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sym at 1:51:26 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2385 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Sym\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] "C:\Users\Sym\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: Interfaces\{63C68C74-5140-4347-84D2-6AEE96259109} : NameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253600]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-10 05:36:33 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 05:36:33 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-10 05:22:58 -------- d-----w- C:\Users\Sym\AppData\Local\Apps
2012-04-10 03:32:22 -------- d-----w- C:\Users\Sym\AppData\Roaming\SUPERAntiSpyware.com
2012-04-10 03:31:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-10 03:31:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-10 03:28:12 302592 ----a-w- C:\Windows\SysWow64\CF1228.exe
2012-04-10 03:28:12 168 ----a-w- C:\Start_.cmd
2012-04-10 03:28:12 -------- d-----w- C:\ComboFix
2012-04-09 22:19:19 -------- d-----r- C:\Users\Sym\AppData\Roaming\Brother
2012-04-09 22:15:58 -------- d-----w- C:\Users\Sym\AppData\Local\Microsoft Games
2012-04-09 21:48:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5B35F54-6B66-48A2-BD89-69DAF2A89057}\offreg.dll
2012-04-09 21:25:08 -------- d-----w- C:\ProgramData\Brother
2012-04-09 21:24:22 -------- d-----w- C:\Program Files (x86)\Brother Software
2012-04-09 18:44:14 -------- d-----w- C:\Users\Sym\AppData\Roaming\Malwarebytes
2012-04-09 18:44:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-09 18:44:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-09 18:44:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-09 17:55:20 -------- d-----w- C:\Users\Sym\AppData\Roaming\Tinnes Software
2012-04-09 17:55:06 606720 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\desktopcalendar.exe
2012-04-09 17:55:06 5632 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.Gadget.Interop.dll
2012-04-09 17:55:04 46080 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.DesktopCalendar.dll
2012-04-09 17:55:04 1251839 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\unins000.exe
2012-04-09 17:55:04 -------- d-----w- C:\ProgramData\Tinnes Software
2012-04-08 19:11:39 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-04-08 03:17:26 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-08 00:50:08 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-08 00:50:08 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-04-08 00:50:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-07 19:47:44 -------- d-----r- C:\Program Files (x86)\Skype
2012-04-07 09:32:57 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5B35F54-6B66-48A2-BD89-69DAF2A89057}\mpengine.dll
2012-04-07 00:53:21 -------- d-----w- C:\Users\Sym\AppData\Roaming\.purple
2012-04-07 00:32:23 -------- d-----w- C:\Program Files (x86)\Pidgin
2012-04-06 08:02:20 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-06 08:02:20 -------- d-----w- C:\Windows\System32\Wat
2012-04-06 07:21:49 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-06 07:21:48 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-06 07:21:48 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-05 22:11:02 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-04-05 20:13:12 -------- d-----w- C:\Users\Sym\AppData\Local\PunkBuster
2012-04-05 20:13:12 -------- d-----w- C:\Users\Sym\AppData\Local\CrashRpt
2012-04-05 20:12:33 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-04-05 20:11:01 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-05 20:11:01 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:11:00 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-05 07:10:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-04-05 07:09:59 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-05 07:09:59 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-05 07:09:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-05 07:09:47 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-05 07:04:16 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-05 05:50:00 -------- d-----w- C:\Program Files (x86)\SIW
2012-04-05 05:27:39 -------- d-----w- C:\Users\Sym\AppData\Local\Diagnostics
2012-04-05 05:23:52 -------- d-----w- C:\Users\Sym\AppData\Local\ElevatedDiagnostics
2012-04-05 05:15:08 -------- d-----w- C:\Users\Sym\AppData\Roaming\wargaming.net
2012-04-05 04:30:56 -------- d-----w- C:\ProgramData\Corel
2012-04-05 04:29:23 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2012-04-05 04:28:20 -------- d-----w- C:\Program Files (x86)\Corel
2012-04-05 04:21:07 -------- d-----w- C:\Users\Sym\AppData\Roaming\UBitMenu
2012-04-05 04:06:14 -------- d-----w- C:\Windows\Panther
2012-04-05 03:14:45 -------- d-----w- C:\Windows\PCHEALTH
2012-04-05 03:12:27 -------- d-----w- C:\Users\Sym\AppData\Local\Microsoft Help
2012-04-05 03:09:25 0 ----a-w- C:\Windows\ativpsrm.bin
2012-04-05 03:01:28 -------- d-----w- C:\Windows\SysWow64\directx
2012-04-05 03:01:25 -------- d-----w- C:\Games
2012-04-05 01:41:00 -------- d-----w- C:\Users\Sym\AppData\Local\Google
2012-04-05 01:32:58 -------- d-----w- C:\Users\Sym\AppData\Local\Thunderbird
2012-04-05 01:12:27 -------- d-----w- C:\Program Files (x86)\Steam
2012-04-05 01:12:27 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-04-05 01:11:42 -------- d-sh--w- C:\Windows\Installer
2012-04-05 00:19:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-05 00:19:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-05 00:19:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-05 00:19:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-05 00:19:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-05 00:19:52 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-05 00:19:52 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 1:51:55.59 ===============

Attached File  Attach.txt   9.35KB   1 downloads

BC AdBot (Login to Remove)

 


#2 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 April 2012 - 11:33 PM

Sorry, I was very annoyed with the virus and continued fiddling with it on my own even though I should probably have sat tight and waited for instructions. Anyway, I figured out that starting Firefox in Safe Mode (all add-ons disabled) solved the problem (though no anti-virus software that I've tried, which includes Avast, Malwarebytes and Super AntiSpyware could detect anything, even when I told them to specifically scan the Firefox add-on folder).

I'm going to investigate further to see if I can pin-point which add-on it is.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 AM

Posted 11 April 2012 - 06:07 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 April 2012 - 01:32 PM

I ran ComboFix as you asked me to. I also played some more with Firefox add-ons. First, I started Firefox up in normal mode again, but this time disabled all of the extensions (to verify that this problem was not with the plugins or themes). Sure enough, as soon as the extensions are disabled, the Google redirects stop. When they're enabled, the Google redirects persist. The next step is to track down which extension causes it by enabling them one-by-one.

Meanwhile, here is the ComboFix log:

ComboFix 12-04-09.07 - Sym 04/11/2012 13:41:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2597 [GMT -4:00]
Running from: c:\users\Sym\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\my documents\~WRL0075.tmp
e:\my documents\~WRL0090.tmp
e:\my documents\~WRL0148.tmp
e:\my documents\~WRL0278.tmp
e:\my documents\~WRL0337.tmp
e:\my documents\~WRL0350.tmp
e:\my documents\~WRL0404.tmp
e:\my documents\~WRL0429.tmp
e:\my documents\~WRL0477.tmp
e:\my documents\~WRL0490.tmp
e:\my documents\~WRL0497.tmp
e:\my documents\~WRL0512.tmp
e:\my documents\~WRL0603.tmp
e:\my documents\~WRL0630.tmp
e:\my documents\~WRL0710.tmp
e:\my documents\~WRL0758.tmp
e:\my documents\~WRL0834.tmp
e:\my documents\~WRL0959.tmp
e:\my documents\~WRL0968.tmp
e:\my documents\~WRL1040.tmp
e:\my documents\~WRL1044.tmp
e:\my documents\~WRL1111.tmp
e:\my documents\~WRL1134.tmp
e:\my documents\~WRL1246.tmp
e:\my documents\~WRL1380.tmp
e:\my documents\~WRL1387.tmp
e:\my documents\~WRL1396.tmp
e:\my documents\~WRL1397.tmp
e:\my documents\~WRL1422.tmp
e:\my documents\~WRL1486.tmp
e:\my documents\~WRL1623.tmp
e:\my documents\~WRL1647.tmp
e:\my documents\~WRL1794.tmp
e:\my documents\~WRL1884.tmp
e:\my documents\~WRL1981.tmp
e:\my documents\~WRL2047.tmp
e:\my documents\~WRL2082.tmp
e:\my documents\~WRL2087.tmp
e:\my documents\~WRL2210.tmp
e:\my documents\~WRL2267.tmp
e:\my documents\~WRL2270.tmp
e:\my documents\~WRL2282.tmp
e:\my documents\~WRL2341.tmp
e:\my documents\~WRL2380.tmp
e:\my documents\~WRL2512.tmp
e:\my documents\~WRL2522.tmp
e:\my documents\~WRL2524.tmp
e:\my documents\~WRL2540.tmp
e:\my documents\~WRL2543.tmp
e:\my documents\~WRL2588.tmp
e:\my documents\~WRL2591.tmp
e:\my documents\~WRL2601.tmp
e:\my documents\~WRL2722.tmp
e:\my documents\~WRL2753.tmp
e:\my documents\~WRL2764.tmp
e:\my documents\~WRL2827.tmp
e:\my documents\~WRL2896.tmp
e:\my documents\~WRL2897.tmp
e:\my documents\~WRL2933.tmp
e:\my documents\~WRL3031.tmp
e:\my documents\~WRL3178.tmp
e:\my documents\~WRL3326.tmp
e:\my documents\~WRL3477.tmp
e:\my documents\~WRL3521.tmp
e:\my documents\~WRL3549.tmp
e:\my documents\~WRL3587.tmp
e:\my documents\~WRL3616.tmp
e:\my documents\~WRL3655.tmp
e:\my documents\~WRL3660.tmp
e:\my documents\~WRL3916.tmp
e:\my documents\~WRL3955.tmp
e:\my documents\~WRL4063.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 17:47 . 2012-04-11 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 20:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 20:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 20:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 20:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 20:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 20:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 20:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 08:23 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAACD1A7-DDB5-4767-A36D-22104FB2F66B}\mpengine.dll
2012-04-10 06:04 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 06:04 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 06:04 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-10 06:04 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 06:04 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 06:04 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 06:04 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-10 06:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 06:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-10 06:03 . 2012-04-10 06:03 -------- d-----w- c:\programdata\AVAST Software
2012-04-10 06:03 . 2012-04-10 06:03 -------- d-----w- c:\program files\AVAST Software
2012-04-10 05:36 . 2012-04-10 05:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 05:36 . 2012-04-10 05:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-10 05:36 . 2012-04-10 05:36 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-10 05:36 . 2012-04-10 05:36 -------- d-----w- c:\windows\system32\Macromed
2012-04-10 03:31 . 2012-04-10 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-10 03:31 . 2012-04-10 03:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-10 03:28 . 2010-11-21 03:24 302592 ----a-w- c:\windows\SysWow64\CF1228.exe
2012-04-09 21:25 . 2012-04-09 21:25 -------- d-----w- c:\programdata\Brother
2012-04-09 21:24 . 2012-04-09 21:24 -------- d-----w- c:\program files (x86)\Brother Software
2012-04-09 18:44 . 2012-04-09 18:44 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 18:44 . 2012-04-09 18:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 18:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 17:55 . 2012-03-06 14:31 606720 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\desktopcalendar.exe
2012-04-09 17:55 . 2012-03-06 14:26 5632 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.Gadget.Interop.dll
2012-04-09 17:55 . 2012-04-09 17:55 -------- d-----w- c:\programdata\Tinnes Software
2012-04-09 17:55 . 2012-04-09 17:54 1251839 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\unins000.exe
2012-04-09 17:55 . 2012-03-06 14:31 46080 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.DesktopCalendar.dll
2012-04-08 19:11 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-04-08 03:17 . 2012-04-08 03:31 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-08 00:50 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-08 00:50 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-08 00:50 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-07 19:47 . 2012-04-07 22:57 -------- d-----r- c:\program files (x86)\Skype
2012-04-07 19:47 . 2012-04-07 19:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-07 19:47 . 2012-04-07 19:47 -------- d-----w- c:\programdata\Skype
2012-04-07 00:32 . 2012-04-07 00:32 -------- d-----w- c:\program files (x86)\Pidgin
2012-04-06 08:02 . 2012-04-06 08:02 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-06 08:02 . 2012-04-06 08:02 -------- d-----w- c:\windows\system32\Wat
2012-04-06 07:02 . 2012-04-06 07:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-05 22:11 . 2012-04-05 22:11 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-05 20:12 . 2012-04-05 20:12 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-04-05 20:11 . 2012-04-08 03:31 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-05 20:11 . 2012-04-08 03:17 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:11 . 2012-04-05 20:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-05 18:20 . 2012-04-05 18:20 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-04-05 07:10 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-05 07:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-05 07:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-05 07:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-05 07:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-05 05:50 . 2012-04-05 05:50 -------- d-----w- c:\program files (x86)\SIW
2012-04-05 04:37 . 2012-04-05 04:37 -------- d-----w- c:\program files (x86)\Notepad++
2012-04-05 04:30 . 2012-04-07 17:43 -------- d-----w- c:\programdata\Corel
2012-04-05 04:29 . 2012-04-05 04:29 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-04-05 04:28 . 2012-04-05 04:28 -------- d-----w- c:\program files (x86)\Corel
2012-04-05 04:06 . 2012-04-05 00:18 -------- d-----w- c:\windows\Panther
2012-04-05 03:15 . 2012-04-06 07:11 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-04-05 03:14 . 2012-04-07 20:16 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-05 03:14 . 2012-04-05 03:14 -------- d-----w- c:\windows\PCHEALTH
2012-04-05 03:12 . 2012-04-10 20:41 -------- d-----w- c:\programdata\Microsoft Help
2012-04-05 03:12 . 2012-04-05 03:12 -------- d-----r- C:\MSOCache
2012-04-05 03:09 . 2012-04-05 03:09 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-05 03:01 . 2012-04-05 03:01 -------- d-----w- C:\Games
2012-04-05 01:26 . 2012-04-05 01:26 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-04-05 01:12 . 2012-04-11 00:18 -------- d-----w- c:\program files (x86)\Steam
2012-04-05 01:12 . 2012-04-05 04:42 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-05 01:11 . 2012-04-10 20:44 -------- d-sh--w- c:\windows\Installer
2012-04-05 00:19 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 00:19 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 00:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-05 00:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-05 00:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-05 00:19 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-05 00:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-05 00:18 . 2012-04-10 05:51 -------- d-----w- c:\users\Sym
2012-04-05 00:18 . 2012-04-05 00:18 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-05 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:36]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445065322-2614787395-372240664-1000Core.job
- c:\users\Sym\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 01:41]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445065322-2614787395-372240664-1000UA.job
- c:\users\Sym\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 01:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{63C68C74-5140-4347-84D2-6AEE96259109}: NameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-11 13:53:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 17:53
.
Pre-Run: 104,914,423,808 bytes free
Post-Run: 105,087,418,368 bytes free
.
- - End Of File - - 5968282CF9B18B8D965656EECD366E07

#5 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 April 2012 - 01:52 PM

Some more information:

1) I enabled XUL Cache in Firefox (of which I have 4 instances... I dunno if that's normal but it's been that way as long as I can remember). Restarted Firefox. Bam, Google Redirects! I disabled XUL Cache, and they went away.
2) I enabled BlockSite (XUL Cache was still disabled after step 1). This is a kind of parental control tool that prevents access to a list of websites. Restarted Firefox. Did some google searches, but there were no redirects. Just to be sure, I restarted Firefox again and did some more searches. No redirects.

I'm going to continue testing the extensions one-by-one, however, my intuition is telling me that the virus is in the XUL Cache extension (it would make sense, as this add-on comes default with all new installations of Firefox).

#6 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 April 2012 - 03:37 PM

Have re-enabled all extensions except the XUL Cache. No Google re-directs. It looks like XUL Cache is the culprit. I'm not taking any further steps at this point. Please advise on how to proceed!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 AM

Posted 11 April 2012 - 03:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 April 2012 - 10:48 PM

Ran TDS Killer. It found no threats. Here is the log:

23:46:14.0726 3428 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
23:46:15.0076 3428 ============================================================
23:46:15.0076 3428 Current date / time: 2012/04/11 23:46:15.0076
23:46:15.0076 3428 SystemInfo:
23:46:15.0076 3428
23:46:15.0076 3428 OS Version: 6.1.7601 ServicePack: 1.0
23:46:15.0076 3428 Product type: Workstation
23:46:15.0077 3428 ComputerName: COMPONE
23:46:15.0077 3428 UserName: Sym
23:46:15.0077 3428 Windows directory: C:\Windows
23:46:15.0077 3428 System windows directory: C:\Windows
23:46:15.0077 3428 Running under WOW64
23:46:15.0078 3428 Processor architecture: Intel x64
23:46:15.0078 3428 Number of processors: 2
23:46:15.0078 3428 Page size: 0x1000
23:46:15.0078 3428 Boot type: Normal boot
23:46:15.0078 3428 ============================================================
23:46:16.0038 3428 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:46:16.0051 3428 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:46:16.0065 3428 \Device\Harddisk0\DR0:
23:46:16.0066 3428 MBR used
23:46:16.0066 3428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x32000
23:46:16.0066 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4D800, BlocksNum 0x129B7800
23:46:16.0066 3428 \Device\Harddisk1\DR1:
23:46:16.0066 3428 MBR used
23:46:16.0066 3428 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2FFFFBE
23:46:16.0066 3428 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2FFFFFD, BlocksNum 0x54545304
23:46:16.0130 3428 Initialize success
23:46:16.0130 3428 ============================================================
23:46:23.0992 4812 ============================================================
23:46:23.0992 4812 Scan started
23:46:23.0992 4812 Mode: Manual;
23:46:23.0992 4812 ============================================================
23:46:25.0007 4812 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:46:25.0009 4812 !SASCORE - ok
23:46:25.0166 4812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:46:25.0170 4812 1394ohci - ok
23:46:25.0211 4812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:46:25.0216 4812 ACPI - ok
23:46:25.0243 4812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:46:25.0244 4812 AcpiPmi - ok
23:46:25.0340 4812 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:46:25.0342 4812 AdobeFlashPlayerUpdateSvc - ok
23:46:25.0388 4812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:46:25.0396 4812 adp94xx - ok
23:46:25.0423 4812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:46:25.0427 4812 adpahci - ok
23:46:25.0454 4812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:46:25.0457 4812 adpu320 - ok
23:46:25.0495 4812 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:46:25.0496 4812 AeLookupSvc - ok
23:46:25.0545 4812 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:46:25.0552 4812 AFD - ok
23:46:25.0580 4812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:46:25.0581 4812 agp440 - ok
23:46:25.0611 4812 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:46:25.0613 4812 ALG - ok
23:46:25.0635 4812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:46:25.0636 4812 aliide - ok
23:46:25.0659 4812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:46:25.0661 4812 amdide - ok
23:46:25.0681 4812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:46:25.0683 4812 AmdK8 - ok
23:46:25.0709 4812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:46:25.0711 4812 AmdPPM - ok
23:46:25.0767 4812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:46:25.0769 4812 amdsata - ok
23:46:25.0792 4812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:46:25.0795 4812 amdsbs - ok
23:46:25.0817 4812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:46:25.0818 4812 amdxata - ok
23:46:25.0848 4812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:46:25.0850 4812 AppID - ok
23:46:25.0869 4812 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:46:25.0871 4812 AppIDSvc - ok
23:46:25.0904 4812 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:46:25.0906 4812 Appinfo - ok
23:46:25.0935 4812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:46:25.0937 4812 arc - ok
23:46:25.0951 4812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:46:25.0953 4812 arcsas - ok
23:46:26.0000 4812 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
23:46:26.0001 4812 aswFsBlk - ok
23:46:26.0051 4812 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
23:46:26.0052 4812 aswMonFlt - ok
23:46:26.0082 4812 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
23:46:26.0083 4812 aswRdr - ok
23:46:26.0128 4812 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
23:46:26.0133 4812 aswSnx - ok
23:46:26.0165 4812 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
23:46:26.0168 4812 aswSP - ok
23:46:26.0188 4812 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
23:46:26.0189 4812 aswTdi - ok
23:46:26.0225 4812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:46:26.0227 4812 AsyncMac - ok
23:46:26.0245 4812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:46:26.0245 4812 atapi - ok
23:46:26.0388 4812 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
23:46:26.0447 4812 atikmdag - ok
23:46:26.0561 4812 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:46:26.0570 4812 AudioEndpointBuilder - ok
23:46:26.0585 4812 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:46:26.0590 4812 AudioSrv - ok
23:46:26.0669 4812 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:46:26.0671 4812 avast! Antivirus - ok
23:46:26.0699 4812 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:46:26.0702 4812 AxInstSV - ok
23:46:26.0761 4812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:46:26.0768 4812 b06bdrv - ok
23:46:26.0813 4812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:46:26.0817 4812 b57nd60a - ok
23:46:26.0866 4812 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:46:26.0868 4812 BDESVC - ok
23:46:26.0905 4812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:46:26.0906 4812 Beep - ok
23:46:26.0952 4812 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:46:26.0963 4812 BFE - ok
23:46:27.0010 4812 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:46:27.0025 4812 BITS - ok
23:46:27.0056 4812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:46:27.0057 4812 blbdrive - ok
23:46:27.0088 4812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:46:27.0090 4812 bowser - ok
23:46:27.0109 4812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:46:27.0111 4812 BrFiltLo - ok
23:46:27.0123 4812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:46:27.0124 4812 BrFiltUp - ok
23:46:27.0144 4812 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:46:27.0146 4812 BridgeMP - ok
23:46:27.0186 4812 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:46:27.0188 4812 Browser - ok
23:46:27.0216 4812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:46:27.0221 4812 Brserid - ok
23:46:27.0236 4812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:46:27.0238 4812 BrSerWdm - ok
23:46:27.0251 4812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:46:27.0252 4812 BrUsbMdm - ok
23:46:27.0269 4812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:46:27.0272 4812 BrUsbSer - ok
23:46:27.0289 4812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:46:27.0291 4812 BTHMODEM - ok
23:46:27.0316 4812 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:46:27.0318 4812 bthserv - ok
23:46:27.0338 4812 catchme - ok
23:46:27.0372 4812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:46:27.0374 4812 cdfs - ok
23:46:27.0404 4812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:46:27.0408 4812 cdrom - ok
23:46:27.0441 4812 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:46:27.0443 4812 CertPropSvc - ok
23:46:27.0462 4812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:46:27.0463 4812 circlass - ok
23:46:27.0487 4812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:46:27.0492 4812 CLFS - ok
23:46:27.0542 4812 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:46:27.0544 4812 clr_optimization_v2.0.50727_32 - ok
23:46:27.0602 4812 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:46:27.0605 4812 clr_optimization_v2.0.50727_64 - ok
23:46:27.0703 4812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:46:27.0705 4812 clr_optimization_v4.0.30319_32 - ok
23:46:27.0731 4812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:46:27.0734 4812 clr_optimization_v4.0.30319_64 - ok
23:46:27.0757 4812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:46:27.0758 4812 CmBatt - ok
23:46:27.0784 4812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:46:27.0786 4812 cmdide - ok
23:46:27.0826 4812 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:46:27.0833 4812 CNG - ok
23:46:27.0855 4812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:46:27.0856 4812 Compbatt - ok
23:46:27.0882 4812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:46:27.0884 4812 CompositeBus - ok
23:46:27.0901 4812 COMSysApp - ok
23:46:27.0926 4812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:46:27.0928 4812 crcdisk - ok
23:46:27.0974 4812 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:46:27.0977 4812 CryptSvc - ok
23:46:28.0027 4812 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:46:28.0034 4812 DcomLaunch - ok
23:46:28.0079 4812 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:46:28.0085 4812 defragsvc - ok
23:46:28.0099 4812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:46:28.0102 4812 DfsC - ok
23:46:28.0137 4812 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:46:28.0143 4812 Dhcp - ok
23:46:28.0157 4812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:46:28.0158 4812 discache - ok
23:46:28.0195 4812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:46:28.0196 4812 Disk - ok
23:46:28.0235 4812 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:46:28.0239 4812 Dnscache - ok
23:46:28.0262 4812 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:46:28.0268 4812 dot3svc - ok
23:46:28.0352 4812 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:46:28.0377 4812 DPS - ok
23:46:28.0486 4812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:46:28.0487 4812 drmkaud - ok
23:46:28.0533 4812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:46:28.0539 4812 DXGKrnl - ok
23:46:28.0571 4812 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:46:28.0575 4812 EapHost - ok
23:46:28.0674 4812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:46:28.0713 4812 ebdrv - ok
23:46:28.0747 4812 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:46:28.0751 4812 EFS - ok
23:46:28.0819 4812 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:46:28.0829 4812 ehRecvr - ok
23:46:28.0845 4812 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:46:28.0848 4812 ehSched - ok
23:46:28.0895 4812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:46:28.0903 4812 elxstor - ok
23:46:28.0922 4812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:46:28.0923 4812 ErrDev - ok
23:46:28.0974 4812 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:46:28.0981 4812 EventSystem - ok
23:46:29.0007 4812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:46:29.0010 4812 exfat - ok
23:46:29.0039 4812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:46:29.0043 4812 fastfat - ok
23:46:29.0084 4812 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:46:29.0095 4812 Fax - ok
23:46:29.0114 4812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:46:29.0116 4812 fdc - ok
23:46:29.0133 4812 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:46:29.0136 4812 fdPHost - ok
23:46:29.0159 4812 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:46:29.0162 4812 FDResPub - ok
23:46:29.0186 4812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:46:29.0188 4812 FileInfo - ok
23:46:29.0201 4812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:46:29.0202 4812 Filetrace - ok
23:46:29.0216 4812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:46:29.0218 4812 flpydisk - ok
23:46:29.0258 4812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:46:29.0262 4812 FltMgr - ok
23:46:29.0321 4812 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:46:29.0338 4812 FontCache - ok
23:46:29.0417 4812 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:46:29.0420 4812 FontCache3.0.0.0 - ok
23:46:29.0446 4812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:46:29.0448 4812 FsDepends - ok
23:46:29.0495 4812 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:46:29.0496 4812 Fs_Rec - ok
23:46:29.0522 4812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:46:29.0525 4812 fvevol - ok
23:46:29.0546 4812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:46:29.0548 4812 gagp30kx - ok
23:46:29.0589 4812 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:46:29.0601 4812 gpsvc - ok
23:46:29.0624 4812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:46:29.0626 4812 hcw85cir - ok
23:46:29.0678 4812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:46:29.0683 4812 HdAudAddService - ok
23:46:29.0719 4812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:46:29.0721 4812 HDAudBus - ok
23:46:29.0737 4812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:46:29.0739 4812 HidBatt - ok
23:46:29.0752 4812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:46:29.0754 4812 HidBth - ok
23:46:29.0770 4812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:46:29.0772 4812 HidIr - ok
23:46:29.0797 4812 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:46:29.0800 4812 hidserv - ok
23:46:29.0824 4812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:46:29.0825 4812 HidUsb - ok
23:46:29.0854 4812 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:46:29.0858 4812 hkmsvc - ok
23:46:29.0884 4812 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:46:29.0890 4812 HomeGroupListener - ok
23:46:29.0917 4812 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:46:29.0923 4812 HomeGroupProvider - ok
23:46:29.0936 4812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:46:29.0938 4812 HpSAMD - ok
23:46:29.0987 4812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:46:29.0998 4812 HTTP - ok
23:46:30.0016 4812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:46:30.0017 4812 hwpolicy - ok
23:46:30.0050 4812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:46:30.0052 4812 i8042prt - ok
23:46:30.0112 4812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:46:30.0118 4812 iaStorV - ok
23:46:30.0220 4812 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:46:30.0232 4812 idsvc - ok
23:46:30.0260 4812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:46:30.0261 4812 iirsp - ok
23:46:30.0313 4812 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:46:30.0326 4812 IKEEXT - ok
23:46:30.0355 4812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:46:30.0356 4812 intelide - ok
23:46:30.0380 4812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:46:30.0381 4812 intelppm - ok
23:46:30.0413 4812 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:46:30.0417 4812 IPBusEnum - ok
23:46:30.0436 4812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:46:30.0438 4812 IpFilterDriver - ok
23:46:30.0472 4812 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:46:30.0482 4812 iphlpsvc - ok
23:46:30.0494 4812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:46:30.0496 4812 IPMIDRV - ok
23:46:30.0517 4812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:46:30.0519 4812 IPNAT - ok
23:46:30.0538 4812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:46:30.0539 4812 IRENUM - ok
23:46:30.0564 4812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:46:30.0566 4812 isapnp - ok
23:46:30.0590 4812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:46:30.0595 4812 iScsiPrt - ok
23:46:30.0617 4812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:46:30.0618 4812 kbdclass - ok
23:46:30.0636 4812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:46:30.0637 4812 kbdhid - ok
23:46:30.0668 4812 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:30.0671 4812 KeyIso - ok
23:46:30.0695 4812 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:46:30.0696 4812 KSecDD - ok
23:46:30.0720 4812 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:46:30.0723 4812 KSecPkg - ok
23:46:30.0744 4812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:46:30.0745 4812 ksthunk - ok
23:46:30.0781 4812 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:46:30.0790 4812 KtmRm - ok
23:46:30.0823 4812 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:46:30.0830 4812 LanmanServer - ok
23:46:30.0855 4812 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:46:30.0862 4812 LanmanWorkstation - ok
23:46:30.0906 4812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:46:30.0908 4812 lltdio - ok
23:46:30.0933 4812 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:46:30.0940 4812 lltdsvc - ok
23:46:30.0966 4812 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:46:30.0970 4812 lmhosts - ok
23:46:30.0994 4812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:46:30.0996 4812 LSI_FC - ok
23:46:31.0010 4812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:46:31.0012 4812 LSI_SAS - ok
23:46:31.0037 4812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:46:31.0039 4812 LSI_SAS2 - ok
23:46:31.0053 4812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:46:31.0055 4812 LSI_SCSI - ok
23:46:31.0085 4812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:46:31.0087 4812 luafv - ok
23:46:31.0126 4812 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:46:31.0130 4812 Mcx2Svc - ok
23:46:31.0150 4812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:46:31.0151 4812 megasas - ok
23:46:31.0173 4812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:46:31.0178 4812 MegaSR - ok
23:46:31.0211 4812 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:46:31.0215 4812 MMCSS - ok
23:46:31.0237 4812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:46:31.0238 4812 Modem - ok
23:46:31.0273 4812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:46:31.0274 4812 monitor - ok
23:46:31.0297 4812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:46:31.0299 4812 mouclass - ok
23:46:31.0335 4812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:46:31.0336 4812 mouhid - ok
23:46:31.0349 4812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:46:31.0351 4812 mountmgr - ok
23:46:31.0367 4812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:46:31.0370 4812 mpio - ok
23:46:31.0395 4812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:46:31.0397 4812 mpsdrv - ok
23:46:31.0434 4812 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:46:31.0447 4812 MpsSvc - ok
23:46:31.0472 4812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:46:31.0475 4812 MRxDAV - ok
23:46:31.0511 4812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:46:31.0514 4812 mrxsmb - ok
23:46:31.0542 4812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:46:31.0547 4812 mrxsmb10 - ok
23:46:31.0568 4812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:46:31.0570 4812 mrxsmb20 - ok
23:46:31.0590 4812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:46:31.0592 4812 msahci - ok
23:46:31.0617 4812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:46:31.0621 4812 msdsm - ok
23:46:31.0644 4812 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:46:31.0650 4812 MSDTC - ok
23:46:31.0684 4812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:46:31.0685 4812 Msfs - ok
23:46:31.0707 4812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:46:31.0708 4812 mshidkmdf - ok
23:46:31.0728 4812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:46:31.0729 4812 msisadrv - ok
23:46:31.0770 4812 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:46:31.0775 4812 MSiSCSI - ok
23:46:31.0790 4812 msiserver - ok
23:46:31.0825 4812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:46:31.0827 4812 MSKSSRV - ok
23:46:31.0841 4812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:46:31.0842 4812 MSPCLOCK - ok
23:46:31.0857 4812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:46:31.0858 4812 MSPQM - ok
23:46:31.0891 4812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:46:31.0896 4812 MsRPC - ok
23:46:31.0922 4812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:46:31.0924 4812 mssmbios - ok
23:46:31.0947 4812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:46:31.0948 4812 MSTEE - ok
23:46:31.0961 4812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:46:31.0962 4812 MTConfig - ok
23:46:31.0980 4812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:46:31.0981 4812 Mup - ok
23:46:32.0023 4812 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:46:32.0032 4812 napagent - ok
23:46:32.0074 4812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:46:32.0078 4812 NativeWifiP - ok
23:46:32.0119 4812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:46:32.0131 4812 NDIS - ok
23:46:32.0165 4812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:46:32.0167 4812 NdisCap - ok
23:46:32.0203 4812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:46:32.0204 4812 NdisTapi - ok
23:46:32.0226 4812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:46:32.0228 4812 Ndisuio - ok
23:46:32.0245 4812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:46:32.0249 4812 NdisWan - ok
23:46:32.0263 4812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:46:32.0264 4812 NDProxy - ok
23:46:32.0293 4812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:46:32.0295 4812 NetBIOS - ok
23:46:32.0318 4812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:46:32.0322 4812 NetBT - ok
23:46:32.0355 4812 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:32.0358 4812 Netlogon - ok
23:46:32.0397 4812 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:46:32.0402 4812 Netman - ok
23:46:32.0422 4812 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:46:32.0431 4812 netprofm - ok
23:46:32.0516 4812 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:46:32.0519 4812 NetTcpPortSharing - ok
23:46:32.0550 4812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:46:32.0552 4812 nfrd960 - ok
23:46:32.0591 4812 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:46:32.0598 4812 NlaSvc - ok
23:46:32.0610 4812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:46:32.0612 4812 Npfs - ok
23:46:32.0647 4812 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:46:32.0651 4812 nsi - ok
23:46:32.0677 4812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:46:32.0678 4812 nsiproxy - ok
23:46:32.0756 4812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:46:32.0778 4812 Ntfs - ok
23:46:32.0799 4812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:46:32.0801 4812 Null - ok
23:46:32.0846 4812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:46:32.0849 4812 nvraid - ok
23:46:32.0886 4812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:46:32.0890 4812 nvstor - ok
23:46:32.0912 4812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:46:32.0915 4812 nv_agp - ok
23:46:33.0003 4812 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:46:33.0010 4812 odserv - ok
23:46:33.0035 4812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:46:33.0037 4812 ohci1394 - ok
23:46:33.0076 4812 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:46:33.0080 4812 ose - ok
23:46:33.0132 4812 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:46:33.0140 4812 p2pimsvc - ok
23:46:33.0173 4812 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:46:33.0183 4812 p2psvc - ok
23:46:33.0213 4812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:46:33.0215 4812 Parport - ok
23:46:33.0229 4812 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:46:33.0231 4812 partmgr - ok
23:46:33.0254 4812 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:46:33.0261 4812 PcaSvc - ok
23:46:33.0283 4812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:46:33.0287 4812 pci - ok
23:46:33.0323 4812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:46:33.0325 4812 pciide - ok
23:46:33.0354 4812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:46:33.0358 4812 pcmcia - ok
23:46:33.0370 4812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:46:33.0371 4812 pcw - ok
23:46:33.0406 4812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:46:33.0415 4812 PEAUTH - ok
23:46:33.0559 4812 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:46:33.0563 4812 PerfHost - ok
23:46:33.0634 4812 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:46:33.0654 4812 pla - ok
23:46:33.0709 4812 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:46:33.0719 4812 PlugPlay - ok
23:46:33.0729 4812 PnkBstrA - ok
23:46:33.0754 4812 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:46:33.0758 4812 PNRPAutoReg - ok
23:46:33.0783 4812 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:46:33.0788 4812 PNRPsvc - ok
23:46:33.0829 4812 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:46:33.0838 4812 PolicyAgent - ok
23:46:33.0880 4812 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:46:33.0886 4812 Power - ok
23:46:33.0929 4812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:46:33.0931 4812 PptpMiniport - ok
23:46:33.0961 4812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:46:33.0963 4812 Processor - ok
23:46:33.0993 4812 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:46:33.0999 4812 ProfSvc - ok
23:46:34.0034 4812 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:34.0037 4812 ProtectedStorage - ok
23:46:34.0071 4812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:46:34.0074 4812 Psched - ok
23:46:34.0127 4812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:46:34.0148 4812 ql2300 - ok
23:46:34.0162 4812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:46:34.0165 4812 ql40xx - ok
23:46:34.0191 4812 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:46:34.0198 4812 QWAVE - ok
23:46:34.0223 4812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:46:34.0225 4812 QWAVEdrv - ok
23:46:34.0244 4812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:46:34.0246 4812 RasAcd - ok
23:46:34.0289 4812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:46:34.0291 4812 RasAgileVpn - ok
23:46:34.0313 4812 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:46:34.0319 4812 RasAuto - ok
23:46:34.0334 4812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:46:34.0337 4812 Rasl2tp - ok
23:46:34.0361 4812 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:46:34.0370 4812 RasMan - ok
23:46:34.0383 4812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:46:34.0385 4812 RasPppoe - ok
23:46:34.0414 4812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:46:34.0416 4812 RasSstp - ok
23:46:34.0436 4812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:46:34.0441 4812 rdbss - ok
23:46:34.0465 4812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:46:34.0466 4812 rdpbus - ok
23:46:34.0489 4812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:46:34.0491 4812 RDPCDD - ok
23:46:34.0524 4812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:46:34.0526 4812 RDPENCDD - ok
23:46:34.0554 4812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:46:34.0555 4812 RDPREFMP - ok
23:46:34.0596 4812 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:46:34.0600 4812 RDPWD - ok
23:46:34.0614 4812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:46:34.0618 4812 rdyboost - ok
23:46:34.0663 4812 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:46:34.0667 4812 RemoteAccess - ok
23:46:34.0695 4812 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:46:34.0701 4812 RemoteRegistry - ok
23:46:34.0734 4812 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:46:34.0739 4812 RpcEptMapper - ok
23:46:34.0763 4812 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:46:34.0767 4812 RpcLocator - ok
23:46:34.0800 4812 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
23:46:34.0807 4812 RpcSs - ok
23:46:34.0831 4812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:46:34.0833 4812 rspndr - ok
23:46:34.0869 4812 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:34.0872 4812 SamSs - ok
23:46:34.0960 4812 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:46:34.0961 4812 SASDIFSV - ok
23:46:34.0970 4812 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:46:34.0971 4812 SASKUTIL - ok
23:46:34.0993 4812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:46:34.0996 4812 sbp2port - ok
23:46:35.0018 4812 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:46:35.0025 4812 SCardSvr - ok
23:46:35.0052 4812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:46:35.0053 4812 scfilter - ok
23:46:35.0104 4812 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:46:35.0123 4812 Schedule - ok
23:46:35.0149 4812 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:46:35.0151 4812 SCPolicySvc - ok
23:46:35.0189 4812 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:46:35.0196 4812 SDRSVC - ok
23:46:35.0233 4812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:46:35.0234 4812 secdrv - ok
23:46:35.0259 4812 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:46:35.0264 4812 seclogon - ok
23:46:35.0286 4812 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:46:35.0292 4812 SENS - ok
23:46:35.0319 4812 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:46:35.0327 4812 SensrSvc - ok
23:46:35.0353 4812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:46:35.0354 4812 Serenum - ok
23:46:35.0388 4812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:46:35.0391 4812 Serial - ok
23:46:35.0421 4812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:46:35.0423 4812 sermouse - ok
23:46:35.0463 4812 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:46:35.0469 4812 SessionEnv - ok
23:46:35.0482 4812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:46:35.0484 4812 sffdisk - ok
23:46:35.0500 4812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:46:35.0502 4812 sffp_mmc - ok
23:46:35.0518 4812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:46:35.0520 4812 sffp_sd - ok
23:46:35.0535 4812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:46:35.0536 4812 sfloppy - ok
23:46:35.0581 4812 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:46:35.0588 4812 SharedAccess - ok
23:46:35.0614 4812 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:46:35.0623 4812 ShellHWDetection - ok
23:46:35.0635 4812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:46:35.0637 4812 SiSRaid2 - ok
23:46:35.0653 4812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:46:35.0655 4812 SiSRaid4 - ok
23:46:35.0721 4812 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:46:35.0722 4812 SkypeUpdate - ok
23:46:35.0749 4812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:46:35.0751 4812 Smb - ok
23:46:35.0788 4812 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:46:35.0793 4812 SNMPTRAP - ok
23:46:35.0812 4812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:46:35.0813 4812 spldr - ok
23:46:35.0845 4812 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:46:35.0852 4812 Spooler - ok
23:46:35.0951 4812 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:46:35.0996 4812 sppsvc - ok
23:46:36.0010 4812 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:46:36.0015 4812 sppuinotify - ok
23:46:36.0057 4812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:46:36.0065 4812 srv - ok
23:46:36.0092 4812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:46:36.0098 4812 srv2 - ok
23:46:36.0119 4812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:46:36.0122 4812 srvnet - ok
23:46:36.0162 4812 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:46:36.0169 4812 SSDPSRV - ok
23:46:36.0181 4812 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:46:36.0187 4812 SstpSvc - ok
23:46:36.0229 4812 Steam Client Service - ok
23:46:36.0258 4812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:46:36.0259 4812 stexstor - ok
23:46:36.0315 4812 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
23:46:36.0316 4812 StillCam - ok
23:46:36.0371 4812 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:46:36.0383 4812 stisvc - ok
23:46:36.0406 4812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:46:36.0407 4812 swenum - ok
23:46:36.0440 4812 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:46:36.0451 4812 swprv - ok
23:46:36.0508 4812 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:46:36.0533 4812 SysMain - ok
23:46:36.0556 4812 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:46:36.0562 4812 TabletInputService - ok
23:46:36.0594 4812 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:46:36.0603 4812 TapiSrv - ok
23:46:36.0620 4812 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:46:36.0626 4812 TBS - ok
23:46:36.0704 4812 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:46:36.0727 4812 Tcpip - ok
23:46:36.0772 4812 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:46:36.0782 4812 TCPIP6 - ok
23:46:36.0819 4812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:46:36.0821 4812 tcpipreg - ok
23:46:36.0838 4812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:46:36.0840 4812 TDPIPE - ok
23:46:36.0878 4812 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:46:36.0880 4812 TDTCP - ok
23:46:36.0903 4812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:46:36.0905 4812 tdx - ok
23:46:36.0920 4812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:46:36.0921 4812 TermDD - ok
23:46:36.0963 4812 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:46:36.0977 4812 TermService - ok
23:46:37.0004 4812 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:46:37.0009 4812 Themes - ok
23:46:37.0040 4812 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:46:37.0044 4812 THREADORDER - ok
23:46:37.0065 4812 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:46:37.0072 4812 TrkWks - ok
23:46:37.0124 4812 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:46:37.0127 4812 TrustedInstaller - ok
23:46:37.0152 4812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:46:37.0154 4812 tssecsrv - ok
23:46:37.0185 4812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:46:37.0188 4812 TsUsbFlt - ok
23:46:37.0200 4812 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:46:37.0202 4812 TsUsbGD - ok
23:46:37.0234 4812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:46:37.0236 4812 tunnel - ok
23:46:37.0261 4812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:46:37.0263 4812 uagp35 - ok
23:46:37.0290 4812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:46:37.0296 4812 udfs - ok
23:46:37.0332 4812 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:46:37.0337 4812 UI0Detect - ok
23:46:37.0358 4812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:46:37.0361 4812 uliagpkx - ok
23:46:37.0385 4812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:46:37.0387 4812 umbus - ok
23:46:37.0402 4812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:46:37.0403 4812 UmPass - ok
23:46:37.0439 4812 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:46:37.0448 4812 upnphost - ok
23:46:37.0484 4812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:46:37.0487 4812 usbccgp - ok
23:46:37.0518 4812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:46:37.0520 4812 usbcir - ok
23:46:37.0567 4812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:46:37.0569 4812 usbehci - ok
23:46:37.0606 4812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:46:37.0612 4812 usbhub - ok
23:46:37.0645 4812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:46:37.0647 4812 usbohci - ok
23:46:37.0673 4812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:46:37.0675 4812 usbprint - ok
23:46:37.0703 4812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:46:37.0706 4812 USBSTOR - ok
23:46:37.0734 4812 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:46:37.0736 4812 usbuhci - ok
23:46:37.0765 4812 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:46:37.0771 4812 UxSms - ok
23:46:37.0800 4812 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:46:37.0803 4812 VaultSvc - ok
23:46:37.0841 4812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:46:37.0842 4812 vdrvroot - ok
23:46:37.0881 4812 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:46:37.0893 4812 vds - ok
23:46:37.0915 4812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:46:37.0917 4812 vga - ok
23:46:37.0936 4812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:46:37.0938 4812 VgaSave - ok
23:46:37.0964 4812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:46:37.0968 4812 vhdmp - ok
23:46:37.0989 4812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:46:37.0990 4812 viaide - ok
23:46:38.0013 4812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:46:38.0015 4812 volmgr - ok
23:46:38.0037 4812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:46:38.0043 4812 volmgrx - ok
23:46:38.0059 4812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:46:38.0063 4812 volsnap - ok
23:46:38.0093 4812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:46:38.0096 4812 vsmraid - ok
23:46:38.0152 4812 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:46:38.0176 4812 VSS - ok
23:46:38.0198 4812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:46:38.0200 4812 vwifibus - ok
23:46:38.0228 4812 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:46:38.0238 4812 W32Time - ok
23:46:38.0255 4812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:46:38.0257 4812 WacomPen - ok
23:46:38.0280 4812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:38.0282 4812 WANARP - ok
23:46:38.0291 4812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:38.0292 4812 Wanarpv6 - ok
23:46:38.0384 4812 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:46:38.0401 4812 WatAdminSvc - ok
23:46:38.0461 4812 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:46:38.0485 4812 wbengine - ok
23:46:38.0517 4812 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:46:38.0525 4812 WbioSrvc - ok
23:46:38.0552 4812 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:46:38.0561 4812 wcncsvc - ok
23:46:38.0581 4812 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:46:38.0587 4812 WcsPlugInService - ok
23:46:38.0623 4812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:46:38.0624 4812 Wd - ok
23:46:38.0659 4812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:46:38.0668 4812 Wdf01000 - ok
23:46:38.0688 4812 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:46:38.0694 4812 WdiServiceHost - ok
23:46:38.0700 4812 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:46:38.0705 4812 WdiSystemHost - ok
23:46:38.0731 4812 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:46:38.0739 4812 WebClient - ok
23:46:38.0768 4812 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:46:38.0776 4812 Wecsvc - ok
23:46:38.0798 4812 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:46:38.0804 4812 wercplsupport - ok
23:46:38.0828 4812 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:46:38.0834 4812 WerSvc - ok
23:46:38.0868 4812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:46:38.0870 4812 WfpLwf - ok
23:46:38.0894 4812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:46:38.0896 4812 WIMMount - ok
23:46:38.0926 4812 WinDefend - ok
23:46:38.0940 4812 WinHttpAutoProxySvc - ok
23:46:39.0001 4812 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:46:39.0006 4812 Winmgmt - ok
23:46:39.0086 4812 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:46:39.0116 4812 WinRM - ok
23:46:39.0186 4812 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:46:39.0202 4812 Wlansvc - ok
23:46:39.0237 4812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:46:39.0239 4812 WmiAcpi - ok
23:46:39.0304 4812 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:46:39.0308 4812 wmiApSrv - ok
23:46:39.0344 4812 WMPNetworkSvc - ok
23:46:39.0373 4812 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:46:39.0379 4812 WPCSvc - ok
23:46:39.0401 4812 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:46:39.0408 4812 WPDBusEnum - ok
23:46:39.0420 4812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:46:39.0422 4812 ws2ifsl - ok
23:46:39.0447 4812 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:46:39.0454 4812 wscsvc - ok
23:46:39.0490 4812 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:46:39.0492 4812 WSDPrintDevice - ok
23:46:39.0503 4812 WSearch - ok
23:46:39.0587 4812 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:46:39.0621 4812 wuauserv - ok
23:46:39.0636 4812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:46:39.0639 4812 WudfPf - ok
23:46:39.0670 4812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:46:39.0674 4812 WUDFRd - ok
23:46:39.0693 4812 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:46:39.0699 4812 wudfsvc - ok
23:46:39.0728 4812 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:46:39.0736 4812 WwanSvc - ok
23:46:39.0766 4812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:46:39.0822 4812 \Device\Harddisk0\DR0 - ok
23:46:39.0829 4812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:46:39.0832 4812 \Device\Harddisk1\DR1 - ok
23:46:39.0839 4812 Boot (0x1200) (95fe3140c2f6a25e8b5735a0e17bfa25) \Device\Harddisk0\DR0\Partition0
23:46:39.0840 4812 \Device\Harddisk0\DR0\Partition0 - ok
23:46:39.0857 4812 Boot (0x1200) (a004eb541b7164de7eb193218916a1ea) \Device\Harddisk0\DR0\Partition1
23:46:39.0858 4812 \Device\Harddisk0\DR0\Partition1 - ok
23:46:39.0864 4812 Boot (0x1200) (a03b20d7cce40ce60e89a99620ee62ac) \Device\Harddisk1\DR1\Partition0
23:46:39.0865 4812 \Device\Harddisk1\DR1\Partition0 - ok
23:46:39.0875 4812 Boot (0x1200) (d0173d20ab75adb27e34de0df6230b5d) \Device\Harddisk1\DR1\Partition1
23:46:39.0876 4812 \Device\Harddisk1\DR1\Partition1 - ok
23:46:39.0879 4812 ============================================================
23:46:39.0879 4812 Scan finished
23:46:39.0879 4812 ============================================================
23:46:39.0899 4028 Detected object count: 0
23:46:39.0899 4028 Actual detected object count: 0

#9 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 April 2012 - 10:54 PM

Ran aswMBR. It did NOT ask to download extra definitions. Don't know if that's suspicious. Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 23:48:01
-----------------------------
23:48:01.894 OS Version: Windows x64 6.1.7601 Service Pack 1
23:48:01.895 Number of processors: 2 586 0x605
23:48:01.896 ComputerName: COMPONE UserName: Sym
23:48:02.574 Initialize success
23:48:02.723 AVAST engine defs: 12041101
23:48:20.916 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:48:20.924 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
23:48:20.934 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
23:48:20.943 Disk 1 Vendor: WDC_WD7500AALX-009BA0 15.01H15 Size: 715404MB BusType: 3
23:48:20.971 Disk 0 MBR read successfully
23:48:20.981 Disk 0 MBR scan
23:48:20.991 Disk 0 Windows 7 default MBR code
23:48:21.005 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
23:48:21.030 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 112640
23:48:21.047 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152431 MB offset 317440
23:48:21.064 Disk 0 scanning C:\Windows\system32\drivers
23:48:26.220 Service scanning
23:48:37.871 Modules scanning
23:48:37.872 Disk 0 trace - called modules:
23:48:37.885 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:48:37.887 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b36700]
23:48:37.888 3 CLASSPNP.SYS[fffff8800195f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045f3680]
23:48:38.317 AVAST engine scan C:\Windows
23:48:39.831 AVAST engine scan C:\Windows\system32
23:50:25.987 AVAST engine scan C:\Windows\system32\drivers
23:50:36.302 AVAST engine scan C:\Users\Sym
23:52:25.735 AVAST engine scan C:\ProgramData
23:52:46.220 Scan finished successfully
23:53:50.891 Disk 0 MBR has been saved successfully to "C:\Users\Sym\Desktop\MBR.dat"
23:53:50.900 The log file has been saved successfully to "C:\Users\Sym\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 AM

Posted 11 April 2012 - 11:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 12 April 2012 - 07:47 PM

I have not had any issues since I disabled XUL Cache in Firefox. I'm just worried about there potentially being a keylogger or something like that running in the background.

Here is the ComboFix log:

ComboFix 12-04-09.07 - Sym 04/12/2012 19:39:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.3031 [GMT -4:00]
Running from: c:\users\Sym\Desktop\ComboFix.exe
Command switches used :: c:\users\Sym\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 23:45 . 2012-04-12 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 20:37 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 20:37 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 20:37 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 20:37 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 20:37 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 20:37 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 20:37 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 08:23 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAACD1A7-DDB5-4767-A36D-22104FB2F66B}\mpengine.dll
2012-04-10 06:04 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 06:04 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 06:04 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-10 06:04 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 06:04 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 06:04 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 06:04 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-10 06:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 06:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-10 06:03 . 2012-04-10 06:03 -------- d-----w- c:\programdata\AVAST Software
2012-04-10 06:03 . 2012-04-10 06:03 -------- d-----w- c:\program files\AVAST Software
2012-04-10 05:36 . 2012-04-10 05:36 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 05:36 . 2012-04-10 05:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-10 05:36 . 2012-04-10 05:36 -------- d-----w- c:\windows\SysWow64\Macromed
2012-04-10 05:36 . 2012-04-10 05:36 -------- d-----w- c:\windows\system32\Macromed
2012-04-10 03:31 . 2012-04-10 03:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-10 03:31 . 2012-04-10 03:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-10 03:28 . 2010-11-21 03:24 302592 ----a-w- c:\windows\SysWow64\CF1228.exe
2012-04-09 21:25 . 2012-04-09 21:25 -------- d-----w- c:\programdata\Brother
2012-04-09 21:24 . 2012-04-09 21:24 -------- d-----w- c:\program files (x86)\Brother Software
2012-04-09 18:44 . 2012-04-09 18:44 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 18:44 . 2012-04-09 18:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 18:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 17:55 . 2012-03-06 14:31 606720 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\desktopcalendar.exe
2012-04-09 17:55 . 2012-03-06 14:26 5632 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.Gadget.Interop.dll
2012-04-09 17:55 . 2012-04-09 17:55 -------- d-----w- c:\programdata\Tinnes Software
2012-04-09 17:55 . 2012-04-09 17:54 1251839 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\unins000.exe
2012-04-09 17:55 . 2012-03-06 14:31 46080 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.DesktopCalendar.dll
2012-04-08 19:11 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2012-04-08 03:17 . 2012-04-08 03:31 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-08 00:50 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-08 00:50 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-08 00:50 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-07 19:47 . 2012-04-07 22:57 -------- d-----r- c:\program files (x86)\Skype
2012-04-07 19:47 . 2012-04-07 19:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-07 19:47 . 2012-04-07 19:47 -------- d-----w- c:\programdata\Skype
2012-04-07 00:32 . 2012-04-07 00:32 -------- d-----w- c:\program files (x86)\Pidgin
2012-04-06 08:02 . 2012-04-06 08:02 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-06 08:02 . 2012-04-06 08:02 -------- d-----w- c:\windows\system32\Wat
2012-04-06 07:02 . 2012-04-06 07:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-05 22:11 . 2012-04-05 22:11 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-05 20:12 . 2012-04-05 20:12 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-04-05 20:11 . 2012-04-08 03:31 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-05 20:11 . 2012-04-08 03:17 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:11 . 2012-04-05 20:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-05 18:20 . 2012-04-05 18:20 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-04-05 07:10 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-05 07:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-05 07:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-05 07:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-05 07:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-05 05:50 . 2012-04-05 05:50 -------- d-----w- c:\program files (x86)\SIW
2012-04-05 04:37 . 2012-04-05 04:37 -------- d-----w- c:\program files (x86)\Notepad++
2012-04-05 04:30 . 2012-04-07 17:43 -------- d-----w- c:\programdata\Corel
2012-04-05 04:29 . 2012-04-05 04:29 -------- d-----w- c:\program files (x86)\Common Files\Corel
2012-04-05 04:28 . 2012-04-05 04:28 -------- d-----w- c:\program files (x86)\Corel
2012-04-05 04:06 . 2012-04-05 00:18 -------- d-----w- c:\windows\Panther
2012-04-05 03:15 . 2012-04-06 07:11 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-04-05 03:14 . 2012-04-07 20:16 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-05 03:14 . 2012-04-05 03:14 -------- d-----w- c:\windows\PCHEALTH
2012-04-05 03:12 . 2012-04-10 20:41 -------- d-----w- c:\programdata\Microsoft Help
2012-04-05 03:12 . 2012-04-05 03:12 -------- d-----r- C:\MSOCache
2012-04-05 03:09 . 2012-04-05 03:09 0 ----a-w- c:\windows\ativpsrm.bin
2012-04-05 03:01 . 2012-04-05 03:01 -------- d-----w- C:\Games
2012-04-05 01:26 . 2012-04-05 01:26 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-04-05 01:12 . 2012-04-11 17:57 -------- d-----w- c:\program files (x86)\Steam
2012-04-05 01:12 . 2012-04-05 04:42 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-05 01:11 . 2012-04-10 20:44 -------- d-sh--w- c:\windows\Installer
2012-04-05 00:19 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 00:19 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 00:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-05 00:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-05 00:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-05 00:19 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-05 00:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-05 00:18 . 2012-04-10 05:51 -------- d-----w- c:\users\Sym
2012-04-05 00:18 . 2012-04-05 00:18 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_17.49.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-11 17:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-12 23:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-11 17:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 23:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 23:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-11 17:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-11 17:58 18698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-11 17:58 35434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-05 00:35 . 2012-04-11 17:58 6234 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-445065322-2614787395-372240664-1000_UserData.bin
- 2012-04-11 17:48 . 2012-04-11 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 23:47 . 2012-04-12 23:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 23:47 . 2012-04-12 23:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-11 17:48 . 2012-04-11 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 10:45 . 2012-04-12 16:02 204526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-11 00:24 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 18:02 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 18:02 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-11 00:24 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-12 23:46 419528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-11 17:48 419528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-05 00:51 . 2012-04-12 23:46 3935120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-445065322-2614787395-372240664-1000-8192.dat
- 2012-04-05 00:51 . 2012-04-11 17:48 3935120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-445065322-2614787395-372240664-1000-8192.dat
- 2012-04-09 21:30 . 2012-04-11 17:48 1996240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-445065322-2614787395-372240664-1000-12288.dat
+ 2012-04-09 21:30 . 2012-04-12 23:46 1996240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-445065322-2614787395-372240664-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-05 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:36]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445065322-2614787395-372240664-1000Core.job
- c:\users\Sym\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 01:41]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-445065322-2614787395-372240664-1000UA.job
- c:\users\Sym\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 01:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{63C68C74-5140-4347-84D2-6AEE96259109}: NameServer = 192.168.1.1
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-12 19:51:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 23:51
ComboFix2.txt 2012-04-11 17:53
.
Pre-Run: 107,241,259,008 bytes free
Post-Run: 107,033,419,776 bytes free
.
- - End Of File - - 872C2477135E91D83678D233A5A262C4

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 AM

Posted 12 April 2012 - 08:50 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 April 2012 - 07:32 PM

Very sorry about the delay. I've been busy over the past couple of days. Here is the log from MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sym :: COMPONE [administrator]

4/14/2012 8:28:43 PM
mbam-log-2012-04-14 (20-28-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196194
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 ablantzer

ablantzer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 April 2012 - 07:39 PM

Here's the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:19 PM, on 4/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Sym\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
E:\Downloads\putty.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Sym\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sym\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sym\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sym\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Sym\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{63C68C74-5140-4347-84D2-6AEE96259109}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63C68C74-5140-4347-84D2-6AEE96259109}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63C68C74-5140-4347-84D2-6AEE96259109}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6775 bytes

I have not been having any issues with the computer that I have noticed.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:28 AM

Posted 14 April 2012 - 07:59 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users