Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinfection even after reinstall fresh OEM disk


  • This topic is locked This topic is locked
44 replies to this topic

#1 systematicdecline

systematicdecline

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 30 April 2012 - 07:12 PM

Yes hi. I have some experience in pcs. and i am baffled at whats going on here. i have some scripts, Permission issues, redirection issues, i believe fake drivers for stuff on my computer, redirection even to the OEM site of my computer in which i just purchased in the last 6 months. i cant trust anything this computer takes me too. i am doing all this stuff from a public network to i dont get re infected. Its also installing hardware thats not even on my computer, like bluetooth, and such. a lot of it, right after i re install.
I believe my old roommate had something to do with this. if i can prove it. awesome. if not. oh well. I used fogger to turn off the dvd stuff. and i am at your mercy. awaiting orders. thanks guys. I hope you are up for the Challenge. :D


ps as i was coming on this site, all of a sudden it downloaded a flash drive. I am running Norton security 2012. i used the power eraser and the boot disk, with nothing. thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:45 AM

Posted 30 April 2012 - 09:05 PM

Can you do this?
Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in this topic,thanks.
If GMER won't run skip it and move on.

Edited by boopme, 30 April 2012 - 09:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 AM

Posted 05 May 2012 - 09:08 AM

Hi
I'm nasdaq

i am doing all this stuff from a public network to i dont get re infected


If connected at home via a Wireless router that router could be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Please read the preparation guide as suggested on the previous post.

I will review your logs.

Edited by nasdaq, 06 May 2012 - 08:40 AM.


#4 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 05 May 2012 - 02:36 PM

Thank you boopme!!! and nasdaq. i did not do the modem thing yet. as i am on a new modem. i am afraid maybe if that is the case it may infect this modem. as that seem to be a common denominator in this hack. a Cisco hack, with Cisco information in my MBR. Anyways. Thanks again for helping me and taking on this task.

Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by freddie at 12:24:21 on 2012-05-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8044.5769 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Google Update] "C:\Users\freddie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5}\25166647D27657563747 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5}\2756D697E656C697D296E66796471646F6 : DhcpNameServer = 192.168.7.254
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5}\84F64756C675962756C6563737 : DhcpNameServer = 10.5.5.5
TCP: Interfaces\{EE3233C9-054C-45F2-88B9-46921EFB06B5}\E4165747963616C6 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-13 1160824]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120505.001\IDSviA64.sys [2012-5-1 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-18 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-4-23 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-18 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-18 255376]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-4-25 138232]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-24 138232]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-23 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-24 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-05 12:23:23 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B3B0644-CC33-47EF-995E-6265BB450851}\mpengine.dll
2012-05-01 23:37:25 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 00:22:53 -------- d-----w- C:\Users\freddie\AppData\Roaming\SUPERAntiSpyware.com
2012-05-01 00:21:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-01 00:21:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-28 02:36:33 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-04-28 02:36:27 -------- d-----w- C:\Program Files (x86)\Steam
2012-04-27 22:33:34 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-04-27 19:41:55 -------- d-----w- C:\NBRT
2012-04-27 03:14:29 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-04-27 03:14:06 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-04-27 03:14:06 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-04-27 03:13:41 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0405000.022
2012-04-27 03:13:41 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-04-27 03:13:37 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-27 01:33:40 -------- d-----w- C:\Users\freddie\AppData\Local\NPE
2012-04-27 01:12:58 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-27 01:12:06 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-27 01:11:39 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-27 01:11:27 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-26 22:41:28 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0BE941F-A7BE-45F6-935F-B3A946D77291}\gapaengine.dll
2012-04-26 04:16:30 -------- d-----w- C:\Users\freddie\AppData\Local\CrashDumps
2012-04-26 02:38:27 -------- d-----w- C:\Users\freddie\AppData\Local\Cyberlink
2012-04-25 23:32:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-25 23:32:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-25 22:51:35 167048 ----a-r- C:\Windows\System32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys
2012-04-25 22:51:31 -------- d-----w- C:\Windows\System32\drivers\MCLIENTx64\0201020.00D
2012-04-25 22:51:31 -------- d-----w- C:\Windows\System32\drivers\MCLIENTx64
2012-04-25 22:51:31 -------- d-----w- C:\Program Files (x86)\Norton Management
2012-04-25 18:21:21 -------- d-----w- C:\Users\freddie\New folder (2)
2012-04-25 18:20:25 -------- d-----w- C:\Users\freddie\New folder
2012-04-25 03:59:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-25 03:59:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-25 03:59:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-25 03:50:57 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-04-25 03:50:57 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-04-25 03:50:15 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-04-25 03:50:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-04-25 03:50:12 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-04-25 03:50:12 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-04-25 03:44:00 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-25 03:38:29 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-25 03:38:27 -------- d-----w- C:\Windows\System32\Wat
2012-04-25 03:27:09 -------- d-----w- C:\Users\freddie\AppData\Local\Intel WiDi
2012-04-24 20:16:20 -------- d-----w- C:\Users\freddie\AppData\Roaming\SNS
2012-04-24 19:15:06 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-24 19:15:06 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-24 19:15:06 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-24 19:15:06 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-24 19:15:06 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-24 19:15:06 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-24 19:15:06 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-24 19:14:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009
2012-04-24 18:56:55 -------- d-----w- C:\Program Files (x86)\Acer
2012-04-24 18:41:35 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-24 18:34:44 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-24 18:34:44 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-24 18:34:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-24 18:34:44 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-24 18:34:43 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-24 18:34:43 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-24 18:34:43 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-24 18:26:56 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-04-24 18:25:59 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-04-24 18:25:59 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-04-24 18:25:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-04-24 18:25:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-04-24 18:25:18 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-04-24 18:25:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-04-24 18:25:16 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-04-24 18:25:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-24 18:25:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-24 18:25:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 18:25:13 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-24 18:25:11 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-04-24 18:23:44 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-04-24 18:23:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-04-24 18:16:02 77312 ----a-w- C:\Windows\System32\packager.dll
2012-04-24 18:16:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-04-24 18:13:39 -------- d-----w- C:\Users\freddie\AppData\Local\ElevatedDiagnostics
2012-04-24 18:05:57 -------- d-----w- C:\Users\freddie\AppData\Local\Google
2012-04-24 06:02:54 -------- d-----w- C:\Users\freddie\AppData\Local\Diagnostics
2012-04-24 05:39:04 -------- d-----w- C:\Users\freddie\AppData\Local\Best Buy pc app
2012-04-24 04:46:24 -------- d-----w- C:\Windows\NAPP_Dism_Log
2012-04-24 04:36:39 -------- d-----w- C:\Users\freddie\AppData\Local\Apps
2012-04-24 04:36:37 -------- d-----w- C:\Users\freddie\AppData\Local\Deployment
2012-04-24 04:35:48 -------- d-----w- C:\Users\freddie\AppData\Local\VirtualStore
2012-04-24 04:15:16 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-04-24 04:14:04 -------- d-----w- C:\ProgramData\OEM
2012-04-24 04:13:39 -------- d-----w- C:\Program Files (x86)\Video Web Camera
2012-04-24 04:12:02 -------- d-----w- C:\ProgramData\Best Buy pc app
2012-04-24 04:10:59 50688 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Rosebud.en-us\RosebudMUI.msi
2012-04-24 04:09:29 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-04-24 04:09:28 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-24 04:09:28 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-04-24 04:09:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-24 04:06:31 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2012-04-24 04:06:31 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-04-24 04:02:05 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-04-24 04:02:02 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-04-24 03:59:43 -------- d-----w- C:\Program Files\Elantech
2012-04-24 03:58:34 -------- d-----w- C:\ProgramData\Roaming
2012-04-24 03:57:57 -------- d-----w- C:\Program Files (x86)\Cisco
2012-04-24 03:55:33 -------- d-----w- C:\Program Files (x86)\Launch Manager
2012-04-24 03:53:23 -------- d---a-w- C:\book
2012-04-24 03:50:12 -------- d-----w- C:\Program Files\Common Files\Intel
2012-04-24 03:50:11 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
.
==================== Find3M ====================
.
2012-04-24 19:16:13 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 12:25:24.21 ===============

Attached Files


Edited by systematicdecline, 05 May 2012 - 02:41 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 AM

Posted 06 May 2012 - 08:47 AM

Thank you boopme!!! and nasdaq. i did not do the modem thing yet. as i am on a new modem.

I was referring to the router. If the following scans do not fix your current issues you will have to reset the router.

Your DDS log is clean.

For now run these scans and post the logs.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Please post the logs and let me know what problem persists.

#6 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 06 May 2012 - 04:17 PM

ok lets get started... :D


14:13:20.0162 1560 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:13:20.0583 1560 ============================================================
14:13:20.0583 1560 Current date / time: 2012/05/06 14:13:20.0583
14:13:20.0583 1560 SystemInfo:
14:13:20.0583 1560
14:13:20.0583 1560 OS Version: 6.1.7601 ServicePack: 1.0
14:13:20.0583 1560 Product type: Workstation
14:13:20.0583 1560 ComputerName: FREDDIE-PC
14:13:20.0583 1560 UserName: freddie
14:13:20.0583 1560 Windows directory: C:\Windows
14:13:20.0583 1560 System windows directory: C:\Windows
14:13:20.0583 1560 Running under WOW64
14:13:20.0583 1560 Processor architecture: Intel x64
14:13:20.0583 1560 Number of processors: 4
14:13:20.0583 1560 Page size: 0x1000
14:13:20.0583 1560 Boot type: Normal boot
14:13:20.0583 1560 ============================================================
14:13:23.0173 1560 Drive \Device\Harddisk1\DR1 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:13:23.0173 1560 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:23.0189 1560 Drive \Device\Harddisk1\DR1 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:13:23.0189 1560 ============================================================
14:13:23.0189 1560 \Device\Harddisk1\DR1:
14:13:23.0189 1560 MBR partitions:
14:13:23.0189 1560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1DAAC00
14:13:23.0189 1560 \Device\Harddisk0\DR0:
14:13:23.0189 1560 MBR partitions:
14:13:23.0189 1560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2A000
14:13:23.0189 1560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353030
14:13:23.0189 1560 \Device\Harddisk1\DR1:
14:13:23.0204 1560 MBR partitions:
14:13:23.0204 1560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x1DAAC00
14:13:23.0204 1560 ============================================================
14:13:23.0204 1560 C: <-> \Device\Harddisk0\DR0\Partition1
14:13:23.0220 1560 G: <-> \Device\Harddisk0\DR0\Partition0
14:13:23.0220 1560 ============================================================
14:13:23.0220 1560 Initialize success
14:13:23.0220 1560 ============================================================
14:13:28.0009 1476 ============================================================
14:13:28.0009 1476 Scan started
14:13:28.0009 1476 Mode: Manual;
14:13:28.0009 1476 ============================================================
14:13:29.0694 1476 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:13:29.0725 1476 !SASCORE - ok
14:13:29.0975 1476 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:13:29.0990 1476 1394ohci - ok
14:13:30.0053 1476 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:13:30.0053 1476 ACPI - ok
14:13:30.0068 1476 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:13:30.0068 1476 AcpiPmi - ok
14:13:30.0162 1476 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:13:30.0177 1476 adp94xx - ok
14:13:30.0224 1476 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:13:30.0224 1476 adpahci - ok
14:13:30.0255 1476 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:13:30.0255 1476 adpu320 - ok
14:13:30.0302 1476 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:13:30.0302 1476 AeLookupSvc - ok
14:13:30.0396 1476 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:13:30.0411 1476 AFD - ok
14:13:30.0427 1476 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:13:30.0427 1476 agp440 - ok
14:13:30.0443 1476 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:13:30.0458 1476 ALG - ok
14:13:30.0474 1476 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:13:30.0489 1476 aliide - ok
14:13:30.0489 1476 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:13:30.0489 1476 amdide - ok
14:13:30.0521 1476 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:13:30.0521 1476 AmdK8 - ok
14:13:30.0536 1476 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:13:30.0536 1476 AmdPPM - ok
14:13:30.0552 1476 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:13:30.0567 1476 amdsata - ok
14:13:30.0599 1476 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:13:30.0599 1476 amdsbs - ok
14:13:30.0630 1476 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:13:30.0630 1476 amdxata - ok
14:13:30.0645 1476 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:13:30.0645 1476 AppID - ok
14:13:30.0645 1476 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:13:30.0661 1476 AppIDSvc - ok
14:13:30.0677 1476 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:13:30.0677 1476 Appinfo - ok
14:13:30.0755 1476 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:13:30.0770 1476 arc - ok
14:13:30.0801 1476 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:13:30.0801 1476 arcsas - ok
14:13:30.0817 1476 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:13:30.0817 1476 AsyncMac - ok
14:13:30.0833 1476 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:13:30.0833 1476 atapi - ok
14:13:30.0942 1476 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:13:30.0957 1476 AudioEndpointBuilder - ok
14:13:30.0973 1476 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:13:30.0989 1476 AudioSrv - ok
14:13:31.0020 1476 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:13:31.0035 1476 AxInstSV - ok
14:13:31.0113 1476 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:13:31.0129 1476 b06bdrv - ok
14:13:31.0223 1476 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:13:31.0238 1476 b57nd60a - ok
14:13:31.0285 1476 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
14:13:31.0285 1476 b57xdbd - ok
14:13:31.0285 1476 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
14:13:31.0285 1476 b57xdmp - ok
14:13:31.0410 1476 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:13:31.0425 1476 BBSvc - ok
14:13:31.0472 1476 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:13:31.0472 1476 BBUpdate - ok
14:13:31.0519 1476 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:13:31.0535 1476 BDESVC - ok
14:13:31.0550 1476 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:13:31.0566 1476 Beep - ok
14:13:31.0659 1476 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:13:31.0675 1476 BFE - ok
14:13:31.0784 1476 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:13:31.0800 1476 BITS - ok
14:13:31.0893 1476 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:13:31.0909 1476 blbdrive - ok
14:13:31.0925 1476 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:13:31.0925 1476 bowser - ok
14:13:31.0956 1476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:13:31.0956 1476 BrFiltLo - ok
14:13:31.0971 1476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:13:31.0971 1476 BrFiltUp - ok
14:13:32.0065 1476 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:13:32.0081 1476 BridgeMP - ok
14:13:32.0127 1476 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:13:32.0143 1476 Browser - ok
14:13:32.0174 1476 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:13:32.0174 1476 Brserid - ok
14:13:32.0190 1476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:13:32.0190 1476 BrSerWdm - ok
14:13:32.0190 1476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:13:32.0205 1476 BrUsbMdm - ok
14:13:32.0205 1476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:13:32.0205 1476 BrUsbSer - ok
14:13:32.0283 1476 bScsiMSa (0970d8b7151e9113bf8d44ce2e954df7) C:\Windows\system32\DRIVERS\bScsiMSa.sys
14:13:32.0283 1476 bScsiMSa - ok
14:13:32.0299 1476 bScsiSDa (0c1eee5af32402d306874b110de237ec) C:\Windows\system32\DRIVERS\bScsiSDa.sys
14:13:32.0299 1476 bScsiSDa - ok
14:13:32.0299 1476 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:13:32.0315 1476 BTHMODEM - ok
14:13:32.0377 1476 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:13:32.0377 1476 bthserv - ok
14:13:32.0439 1476 ccSet_MCLIENT (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys
14:13:32.0439 1476 ccSet_MCLIENT - ok
14:13:32.0502 1476 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:13:32.0502 1476 cdfs - ok
14:13:32.0549 1476 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:13:32.0580 1476 cdrom - ok
14:13:32.0611 1476 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:13:32.0611 1476 CertPropSvc - ok
14:13:32.0627 1476 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:13:32.0642 1476 circlass - ok
14:13:32.0689 1476 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:13:32.0705 1476 CLFS - ok
14:13:32.0798 1476 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:13:32.0798 1476 clr_optimization_v2.0.50727_32 - ok
14:13:32.0845 1476 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:13:32.0845 1476 clr_optimization_v2.0.50727_64 - ok
14:13:33.0110 1476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:13:33.0110 1476 clr_optimization_v4.0.30319_32 - ok
14:13:33.0297 1476 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:13:33.0313 1476 clr_optimization_v4.0.30319_64 - ok
14:13:33.0360 1476 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:13:33.0360 1476 CmBatt - ok
14:13:33.0391 1476 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:13:33.0391 1476 cmdide - ok
14:13:33.0485 1476 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:13:33.0500 1476 CNG - ok
14:13:33.0516 1476 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:13:33.0516 1476 Compbatt - ok
14:13:33.0547 1476 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:13:33.0563 1476 CompositeBus - ok
14:13:33.0594 1476 COMSysApp - ok
14:13:33.0625 1476 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:13:33.0625 1476 crcdisk - ok
14:13:33.0703 1476 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:13:33.0703 1476 CryptSvc - ok
14:13:33.0812 1476 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:13:33.0828 1476 DcomLaunch - ok
14:13:33.0937 1476 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:13:33.0968 1476 defragsvc - ok
14:13:34.0031 1476 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:13:34.0031 1476 DfsC - ok
14:13:34.0093 1476 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:13:34.0093 1476 Dhcp - ok
14:13:34.0124 1476 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:13:34.0140 1476 discache - ok
14:13:34.0155 1476 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:13:34.0155 1476 Disk - ok
14:13:34.0202 1476 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:13:34.0218 1476 Dnscache - ok
14:13:34.0249 1476 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:13:34.0249 1476 dot3svc - ok
14:13:34.0280 1476 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:13:34.0280 1476 DPS - ok
14:13:34.0327 1476 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:13:34.0327 1476 drmkaud - ok
14:13:34.0483 1476 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:13:34.0670 1476 DsiWMIService - ok
14:13:34.0811 1476 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:13:34.0826 1476 DXGKrnl - ok
14:13:34.0904 1476 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:13:34.0904 1476 EapHost - ok
14:13:35.0232 1476 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:13:35.0325 1476 ebdrv - ok
14:13:35.0481 1476 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:13:35.0481 1476 EFS - ok
14:13:35.0653 1476 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:13:35.0669 1476 ehRecvr - ok
14:13:35.0715 1476 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:13:35.0731 1476 ehSched - ok
14:13:35.0856 1476 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:13:35.0871 1476 elxstor - ok
14:13:36.0059 1476 ePowerSvc (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:13:36.0074 1476 ePowerSvc - ok
14:13:36.0215 1476 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:13:36.0215 1476 ErrDev - ok
14:13:36.0261 1476 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
14:13:36.0277 1476 ETD - ok
14:13:36.0355 1476 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:13:36.0355 1476 EventSystem - ok
14:13:36.0620 1476 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:13:36.0667 1476 EvtEng - ok
14:13:36.0870 1476 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:13:36.0885 1476 exfat - ok
14:13:36.0932 1476 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:13:36.0932 1476 fastfat - ok
14:13:37.0041 1476 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:13:37.0073 1476 Fax - ok
14:13:37.0088 1476 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:13:37.0088 1476 fdc - ok
14:13:37.0135 1476 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:13:37.0135 1476 fdPHost - ok
14:13:37.0151 1476 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:13:37.0151 1476 FDResPub - ok
14:13:37.0166 1476 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:13:37.0166 1476 FileInfo - ok
14:13:37.0182 1476 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:13:37.0182 1476 Filetrace - ok
14:13:37.0197 1476 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:13:37.0197 1476 flpydisk - ok
14:13:37.0244 1476 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:13:37.0244 1476 FltMgr - ok
14:13:37.0369 1476 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:13:37.0400 1476 FontCache - ok
14:13:37.0478 1476 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:13:37.0494 1476 FontCache3.0.0.0 - ok
14:13:37.0572 1476 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:13:37.0572 1476 FsDepends - ok
14:13:37.0603 1476 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:13:37.0603 1476 Fs_Rec - ok
14:13:37.0665 1476 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:13:37.0665 1476 fvevol - ok
14:13:37.0697 1476 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:13:37.0697 1476 gagp30kx - ok
14:13:37.0743 1476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:13:37.0759 1476 GEARAspiWDM - ok
14:13:37.0853 1476 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:13:37.0868 1476 gpsvc - ok
14:13:37.0977 1476 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:13:37.0977 1476 GREGService - ok
14:13:37.0993 1476 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:13:38.0009 1476 hcw85cir - ok
14:13:38.0071 1476 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:13:38.0087 1476 HdAudAddService - ok
14:13:38.0149 1476 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:13:38.0149 1476 HDAudBus - ok
14:13:38.0165 1476 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:13:38.0165 1476 HidBatt - ok
14:13:38.0180 1476 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:13:38.0180 1476 HidBth - ok
14:13:38.0180 1476 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:13:38.0196 1476 HidIr - ok
14:13:38.0227 1476 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:13:38.0227 1476 hidserv - ok
14:13:38.0243 1476 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:13:38.0243 1476 HidUsb - ok
14:13:38.0258 1476 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:13:38.0258 1476 hkmsvc - ok
14:13:38.0289 1476 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:13:38.0289 1476 HomeGroupListener - ok
14:13:38.0352 1476 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:13:38.0352 1476 HomeGroupProvider - ok
14:13:38.0383 1476 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:13:38.0383 1476 HpSAMD - ok
14:13:38.0477 1476 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:13:38.0492 1476 HTTP - ok
14:13:38.0508 1476 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:13:38.0508 1476 hwpolicy - ok
14:13:38.0539 1476 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:13:38.0539 1476 i8042prt - ok
14:13:38.0601 1476 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
14:13:38.0617 1476 iaStor - ok
14:13:38.0711 1476 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:13:38.0711 1476 IAStorDataMgrSvc - ok
14:13:38.0789 1476 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:13:38.0804 1476 iaStorV - ok
14:13:38.0960 1476 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:13:38.0991 1476 idsvc - ok
14:13:39.0787 1476 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:13:40.0021 1476 igfx - ok
14:13:40.0208 1476 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:13:40.0208 1476 iirsp - ok
14:13:40.0333 1476 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:13:40.0349 1476 IKEEXT - ok
14:13:40.0395 1476 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
14:13:40.0395 1476 intaud_WaveExtensible - ok
14:13:40.0676 1476 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
14:13:40.0723 1476 IntcAzAudAddService - ok
14:13:40.0926 1476 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:13:40.0941 1476 IntcDAud - ok
14:13:40.0973 1476 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:13:40.0973 1476 intelide - ok
14:13:41.0004 1476 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:13:41.0019 1476 intelppm - ok
14:13:41.0051 1476 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:13:41.0082 1476 IPBusEnum - ok
14:13:41.0097 1476 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:13:41.0097 1476 IpFilterDriver - ok
14:13:41.0160 1476 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:13:41.0175 1476 iphlpsvc - ok
14:13:41.0175 1476 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:13:41.0191 1476 IPMIDRV - ok
14:13:41.0207 1476 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:13:41.0207 1476 IPNAT - ok
14:13:41.0207 1476 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:13:41.0207 1476 IRENUM - ok
14:13:41.0253 1476 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:13:41.0253 1476 isapnp - ok
14:13:41.0300 1476 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:13:41.0316 1476 iScsiPrt - ok
14:13:41.0363 1476 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
14:13:41.0363 1476 iwdbus - ok
14:13:41.0456 1476 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:13:41.0456 1476 k57nd60a - ok
14:13:41.0487 1476 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:13:41.0487 1476 kbdclass - ok
14:13:41.0503 1476 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:13:41.0503 1476 kbdhid - ok
14:13:41.0550 1476 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:41.0550 1476 KeyIso - ok
14:13:41.0581 1476 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:13:41.0597 1476 KSecDD - ok
14:13:41.0628 1476 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:13:41.0659 1476 KSecPkg - ok
14:13:41.0706 1476 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:13:41.0706 1476 ksthunk - ok
14:13:41.0768 1476 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:13:41.0784 1476 KtmRm - ok
14:13:41.0862 1476 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:13:41.0862 1476 LanmanServer - ok
14:13:41.0924 1476 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:13:41.0924 1476 LanmanWorkstation - ok
14:13:42.0033 1476 Live Updater Service (93b73ded2bc688f140c6ae2fbad45789) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:13:42.0065 1476 Live Updater Service - ok
14:13:42.0111 1476 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:13:42.0127 1476 lltdio - ok
14:13:42.0174 1476 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:13:42.0189 1476 lltdsvc - ok
14:13:42.0221 1476 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:13:42.0221 1476 lmhosts - ok
14:13:42.0361 1476 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:13:42.0361 1476 LMS - ok
14:13:42.0423 1476 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:13:42.0455 1476 LSI_FC - ok
14:13:42.0486 1476 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:13:42.0486 1476 LSI_SAS - ok
14:13:42.0501 1476 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:13:42.0501 1476 LSI_SAS2 - ok
14:13:42.0517 1476 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:13:42.0533 1476 LSI_SCSI - ok
14:13:42.0564 1476 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:13:42.0564 1476 luafv - ok
14:13:42.0689 1476 MCLIENT (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe
14:13:42.0689 1476 MCLIENT - ok
14:13:42.0735 1476 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:13:42.0735 1476 Mcx2Svc - ok
14:13:42.0751 1476 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:13:42.0751 1476 megasas - ok
14:13:42.0798 1476 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:13:42.0813 1476 MegaSR - ok
14:13:42.0860 1476 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:13:42.0860 1476 MEIx64 - ok
14:13:42.0891 1476 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:13:42.0891 1476 MMCSS - ok
14:13:42.0907 1476 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:13:42.0907 1476 Modem - ok
14:13:42.0954 1476 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:13:42.0954 1476 monitor - ok
14:13:42.0954 1476 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:13:42.0969 1476 mouclass - ok
14:13:42.0969 1476 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:13:42.0969 1476 mouhid - ok
14:13:43.0001 1476 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:13:43.0001 1476 mountmgr - ok
14:13:43.0079 1476 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:13:43.0079 1476 MpFilter - ok
14:13:43.0110 1476 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:13:43.0110 1476 mpio - ok
14:13:43.0125 1476 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:13:43.0125 1476 mpsdrv - ok
14:13:43.0250 1476 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:13:43.0266 1476 MpsSvc - ok
14:13:43.0281 1476 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:13:43.0297 1476 MRxDAV - ok
14:13:43.0313 1476 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:13:43.0313 1476 mrxsmb - ok
14:13:43.0375 1476 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:13:43.0391 1476 mrxsmb10 - ok
14:13:43.0406 1476 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:13:43.0422 1476 mrxsmb20 - ok
14:13:43.0437 1476 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:13:43.0437 1476 msahci - ok
14:13:43.0453 1476 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:13:43.0453 1476 msdsm - ok
14:13:43.0484 1476 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:13:43.0515 1476 MSDTC - ok
14:13:43.0531 1476 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:13:43.0531 1476 Msfs - ok
14:13:43.0547 1476 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:13:43.0547 1476 mshidkmdf - ok
14:13:43.0562 1476 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:13:43.0562 1476 msisadrv - ok
14:13:43.0609 1476 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:13:43.0625 1476 MSiSCSI - ok
14:13:43.0640 1476 msiserver - ok
14:13:43.0671 1476 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:13:43.0671 1476 MSKSSRV - ok
14:13:43.0859 1476 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:13:43.0874 1476 MsMpSvc - ok
14:13:43.0905 1476 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:13:43.0905 1476 MSPCLOCK - ok
14:13:43.0921 1476 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:13:43.0921 1476 MSPQM - ok
14:13:43.0983 1476 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:13:43.0999 1476 MsRPC - ok
14:13:44.0015 1476 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:13:44.0015 1476 mssmbios - ok
14:13:44.0030 1476 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:13:44.0030 1476 MSTEE - ok
14:13:44.0030 1476 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:13:44.0030 1476 MTConfig - ok
14:13:44.0046 1476 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:13:44.0046 1476 Mup - ok
14:13:44.0155 1476 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:13:44.0171 1476 MyWiFiDHCPDNS - ok
14:13:44.0264 1476 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:13:44.0264 1476 napagent - ok
14:13:44.0327 1476 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:13:44.0342 1476 NativeWifiP - ok
14:13:44.0498 1476 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
14:13:44.0514 1476 NAUpdate - ok
14:13:44.0623 1476 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:13:44.0639 1476 NDIS - ok
14:13:44.0670 1476 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:13:44.0670 1476 NdisCap - ok
14:13:44.0701 1476 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:13:44.0701 1476 NdisTapi - ok
14:13:44.0717 1476 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:13:44.0717 1476 Ndisuio - ok
14:13:44.0748 1476 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:13:44.0748 1476 NdisWan - ok
14:13:44.0763 1476 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:13:44.0763 1476 NDProxy - ok
14:13:44.0779 1476 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:13:44.0779 1476 NetBIOS - ok
14:13:44.0826 1476 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:13:44.0857 1476 NetBT - ok
14:13:44.0904 1476 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:44.0904 1476 Netlogon - ok
14:13:44.0997 1476 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:13:44.0997 1476 Netman - ok
14:13:45.0060 1476 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:13:45.0075 1476 netprofm - ok
14:13:45.0153 1476 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:13:45.0169 1476 NetTcpPortSharing - ok
14:13:45.0887 1476 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
14:13:46.0089 1476 NETwNs64 - ok
14:13:46.0277 1476 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:13:46.0292 1476 nfrd960 - ok
14:13:46.0339 1476 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:13:46.0370 1476 NisDrv - ok
14:13:46.0511 1476 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:13:46.0542 1476 NisSrv - ok
14:13:46.0635 1476 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:13:46.0635 1476 NlaSvc - ok
14:13:46.0667 1476 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:13:46.0667 1476 Npfs - ok
14:13:46.0667 1476 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:13:46.0682 1476 nsi - ok
14:13:46.0682 1476 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:13:46.0682 1476 nsiproxy - ok
14:13:46.0854 1476 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:13:46.0916 1476 Ntfs - ok
14:13:47.0025 1476 NTI IScheduleSvc (6cc09d2f0ba4a09babc3c41b8fd888f7) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
14:13:47.0135 1476 NTI IScheduleSvc - ok
14:13:47.0275 1476 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:13:47.0275 1476 NTIDrvr - ok
14:13:47.0291 1476 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:13:47.0291 1476 Null - ok
14:13:47.0337 1476 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:13:47.0353 1476 nvraid - ok
14:13:47.0369 1476 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:13:47.0384 1476 nvstor - ok
14:13:47.0415 1476 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:13:47.0415 1476 nv_agp - ok
14:13:47.0431 1476 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:13:47.0431 1476 ohci1394 - ok
14:13:47.0493 1476 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:13:47.0509 1476 p2pimsvc - ok
14:13:47.0571 1476 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:13:47.0587 1476 p2psvc - ok
14:13:47.0603 1476 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:13:47.0618 1476 Parport - ok
14:13:47.0634 1476 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:13:47.0634 1476 partmgr - ok
14:13:47.0665 1476 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:13:47.0665 1476 PcaSvc - ok
14:13:47.0681 1476 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:13:47.0681 1476 pci - ok
14:13:47.0712 1476 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:13:47.0712 1476 pciide - ok
14:13:47.0727 1476 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:13:47.0743 1476 pcmcia - ok
14:13:47.0743 1476 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:13:47.0743 1476 pcw - ok
14:13:47.0805 1476 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:13:47.0821 1476 PEAUTH - ok
14:13:47.0946 1476 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:13:47.0946 1476 PerfHost - ok
14:13:48.0164 1476 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:13:48.0211 1476 pla - ok
14:13:48.0289 1476 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:13:48.0305 1476 PlugPlay - ok
14:13:48.0305 1476 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:13:48.0320 1476 PNRPAutoReg - ok
14:13:48.0367 1476 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:13:48.0367 1476 PNRPsvc - ok
14:13:48.0461 1476 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:13:48.0461 1476 PolicyAgent - ok
14:13:48.0492 1476 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:13:48.0507 1476 Power - ok
14:13:48.0585 1476 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:13:48.0585 1476 PptpMiniport - ok
14:13:48.0617 1476 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:13:48.0617 1476 Processor - ok
14:13:48.0679 1476 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:13:48.0679 1476 ProfSvc - ok
14:13:48.0726 1476 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:48.0726 1476 ProtectedStorage - ok
14:13:48.0773 1476 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:13:48.0773 1476 Psched - ok
14:13:48.0960 1476 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:13:49.0022 1476 ql2300 - ok
14:13:49.0178 1476 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:13:49.0194 1476 ql40xx - ok
14:13:49.0241 1476 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:13:49.0272 1476 QWAVE - ok
14:13:49.0287 1476 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:13:49.0287 1476 QWAVEdrv - ok
14:13:49.0303 1476 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:13:49.0319 1476 RasAcd - ok
14:13:49.0365 1476 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:49.0365 1476 RasAgileVpn - ok
14:13:49.0381 1476 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:13:49.0381 1476 RasAuto - ok
14:13:49.0412 1476 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:49.0412 1476 Rasl2tp - ok
14:13:49.0459 1476 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:13:49.0490 1476 RasMan - ok
14:13:49.0506 1476 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:49.0506 1476 RasPppoe - ok
14:13:49.0537 1476 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:13:49.0537 1476 RasSstp - ok
14:13:49.0568 1476 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:13:49.0584 1476 rdbss - ok
14:13:49.0615 1476 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:13:49.0615 1476 rdpbus - ok
14:13:49.0631 1476 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:49.0631 1476 RDPCDD - ok
14:13:49.0646 1476 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:13:49.0646 1476 RDPENCDD - ok
14:13:49.0662 1476 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:13:49.0662 1476 RDPREFMP - ok
14:13:49.0724 1476 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:13:49.0740 1476 RDPWD - ok
14:13:49.0771 1476 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:13:49.0771 1476 rdyboost - ok
14:13:49.0958 1476 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:13:49.0974 1476 RegSrvc - ok
14:13:50.0021 1476 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:13:50.0052 1476 RemoteAccess - ok
14:13:50.0099 1476 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:13:50.0114 1476 RemoteRegistry - ok
14:13:50.0130 1476 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:13:50.0130 1476 RpcEptMapper - ok
14:13:50.0177 1476 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:13:50.0177 1476 RpcLocator - ok
14:13:50.0239 1476 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:13:50.0255 1476 RpcSs - ok
14:13:50.0317 1476 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:13:50.0333 1476 rspndr - ok
14:13:50.0364 1476 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:50.0364 1476 SamSs - ok
14:13:50.0489 1476 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:13:50.0489 1476 SASDIFSV - ok
14:13:50.0535 1476 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:13:50.0535 1476 SASKUTIL - ok
14:13:50.0582 1476 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:13:50.0629 1476 sbp2port - ok
14:13:50.0691 1476 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:13:50.0707 1476 SCardSvr - ok
14:13:50.0738 1476 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:13:50.0738 1476 scfilter - ok
14:13:50.0879 1476 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:13:50.0910 1476 Schedule - ok
14:13:50.0957 1476 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:13:50.0957 1476 SCPolicySvc - ok
14:13:50.0972 1476 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:13:50.0972 1476 sdbus - ok
14:13:51.0019 1476 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:13:51.0035 1476 SDRSVC - ok
14:13:51.0066 1476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:13:51.0066 1476 secdrv - ok
14:13:51.0081 1476 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:13:51.0081 1476 seclogon - ok
14:13:51.0097 1476 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:13:51.0097 1476 SENS - ok
14:13:51.0113 1476 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:13:51.0128 1476 SensrSvc - ok
14:13:51.0128 1476 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:13:51.0144 1476 Serenum - ok
14:13:51.0159 1476 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:13:51.0175 1476 Serial - ok
14:13:51.0175 1476 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:13:51.0175 1476 sermouse - ok
14:13:51.0206 1476 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:13:51.0222 1476 SessionEnv - ok
14:13:51.0222 1476 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:13:51.0237 1476 sffdisk - ok
14:13:51.0237 1476 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:13:51.0237 1476 sffp_mmc - ok
14:13:51.0253 1476 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:13:51.0253 1476 sffp_sd - ok
14:13:51.0253 1476 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:13:51.0269 1476 sfloppy - ok
14:13:51.0315 1476 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:13:51.0331 1476 SharedAccess - ok
14:13:51.0393 1476 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:13:51.0409 1476 ShellHWDetection - ok
14:13:51.0425 1476 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:13:51.0440 1476 SiSRaid2 - ok
14:13:51.0456 1476 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:13:51.0456 1476 SiSRaid4 - ok
14:13:51.0487 1476 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:13:51.0487 1476 Smb - ok
14:13:51.0518 1476 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:13:51.0518 1476 SNMPTRAP - ok
14:13:51.0534 1476 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:13:51.0549 1476 spldr - ok
14:13:51.0627 1476 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:13:51.0643 1476 Spooler - ok
14:13:51.0955 1476 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:13:51.0986 1476 sppsvc - ok
14:13:52.0127 1476 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:13:52.0127 1476 sppuinotify - ok
14:13:52.0189 1476 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:13:52.0205 1476 srv - ok
14:13:52.0251 1476 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:13:52.0251 1476 srv2 - ok
14:13:52.0283 1476 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:13:52.0283 1476 srvnet - ok
14:13:52.0314 1476 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:13:52.0329 1476 SSDPSRV - ok
14:13:52.0345 1476 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:13:52.0345 1476 SstpSvc - ok
14:13:52.0439 1476 Steam Client Service - ok
14:13:52.0470 1476 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:13:52.0470 1476 stexstor - ok
14:13:52.0548 1476 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:13:52.0579 1476 stisvc - ok
14:13:52.0595 1476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:13:52.0595 1476 swenum - ok
14:13:52.0673 1476 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:13:52.0688 1476 swprv - ok
14:13:52.0844 1476 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:13:52.0891 1476 SysMain - ok
14:13:53.0031 1476 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:13:53.0047 1476 TabletInputService - ok
14:13:53.0078 1476 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:13:53.0094 1476 TapiSrv - ok
14:13:53.0109 1476 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:13:53.0125 1476 TBS - ok
14:13:53.0328 1476 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:13:53.0390 1476 Tcpip - ok
14:13:53.0749 1476 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:13:53.0780 1476 TCPIP6 - ok
14:13:53.0874 1476 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:13:53.0905 1476 tcpipreg - ok
14:13:53.0936 1476 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:13:53.0936 1476 TDPIPE - ok
14:13:53.0967 1476 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:13:53.0967 1476 TDTCP - ok
14:13:53.0999 1476 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:13:53.0999 1476 tdx - ok
14:13:54.0014 1476 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:13:54.0014 1476 TermDD - ok
14:13:54.0108 1476 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:13:54.0139 1476 TermService - ok
14:13:54.0139 1476 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:13:54.0155 1476 Themes - ok
14:13:54.0186 1476 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:13:54.0201 1476 THREADORDER - ok
14:13:54.0233 1476 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:13:54.0233 1476 TrkWks - ok
14:13:54.0311 1476 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:13:54.0326 1476 TrustedInstaller - ok
14:13:54.0342 1476 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:54.0342 1476 tssecsrv - ok
14:13:54.0373 1476 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:13:54.0373 1476 TsUsbFlt - ok
14:13:54.0404 1476 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:13:54.0404 1476 TsUsbGD - ok
14:13:54.0435 1476 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:13:54.0451 1476 tunnel - ok
14:13:54.0498 1476 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
14:13:54.0513 1476 TurboB - ok
14:13:54.0576 1476 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:13:54.0607 1476 TurboBoost - ok
14:13:54.0623 1476 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:13:54.0623 1476 uagp35 - ok
14:13:54.0623 1476 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:13:54.0638 1476 UBHelper - ok
14:13:54.0669 1476 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:13:54.0669 1476 udfs - ok
14:13:54.0701 1476 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:13:54.0716 1476 UI0Detect - ok
14:13:54.0732 1476 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:13:54.0747 1476 uliagpkx - ok
14:13:54.0747 1476 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:13:54.0747 1476 umbus - ok
14:13:54.0763 1476 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:13:54.0779 1476 UmPass - ok
14:13:55.0184 1476 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:13:55.0215 1476 UNS - ok
14:13:55.0418 1476 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:13:55.0434 1476 upnphost - ok
14:13:55.0496 1476 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:13:55.0512 1476 usbaudio - ok
14:13:55.0574 1476 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:55.0590 1476 usbccgp - ok
14:13:55.0637 1476 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:13:55.0652 1476 usbcir - ok
14:13:55.0668 1476 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:13:55.0668 1476 usbehci - ok
14:13:55.0715 1476 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
14:13:55.0715 1476 usbhub - ok
14:13:55.0730 1476 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:13:55.0730 1476 usbohci - ok
14:13:55.0746 1476 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:13:55.0761 1476 usbprint - ok
14:13:55.0777 1476 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:13:55.0777 1476 USBSTOR - ok
14:13:55.0793 1476 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:13:55.0793 1476 usbuhci - ok
14:13:55.0824 1476 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:13:55.0824 1476 usbvideo - ok
14:13:55.0886 1476 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:13:55.0902 1476 UxSms - ok
14:13:55.0949 1476 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:13:55.0949 1476 VaultSvc - ok
14:13:55.0980 1476 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:13:55.0980 1476 vdrvroot - ok
14:13:56.0042 1476 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:13:56.0073 1476 vds - ok
14:13:56.0089 1476 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:13:56.0089 1476 vga - ok
14:13:56.0105 1476 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:13:56.0105 1476 VgaSave - ok
14:13:56.0136 1476 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:13:56.0136 1476 vhdmp - ok
14:13:56.0151 1476 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:13:56.0151 1476 viaide - ok
14:13:56.0183 1476 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:13:56.0183 1476 volmgr - ok
14:13:56.0245 1476 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:13:56.0261 1476 volmgrx - ok
14:13:56.0292 1476 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:13:56.0292 1476 volsnap - ok
14:13:56.0339 1476 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:13:56.0354 1476 vsmraid - ok
14:13:56.0557 1476 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:13:56.0604 1476 VSS - ok
14:13:56.0775 1476 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:13:56.0775 1476 vwifibus - ok
14:13:56.0807 1476 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:13:56.0807 1476 vwififlt - ok
14:13:56.0807 1476 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:13:56.0822 1476 vwifimp - ok
14:13:56.0853 1476 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:13:56.0885 1476 W32Time - ok
14:13:56.0900 1476 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:13:56.0900 1476 WacomPen - ok
14:13:56.0931 1476 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:13:56.0931 1476 WANARP - ok
14:13:56.0931 1476 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:13:56.0931 1476 Wanarpv6 - ok
14:13:57.0056 1476 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:13:57.0087 1476 WatAdminSvc - ok
14:13:57.0275 1476 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:13:57.0321 1476 wbengine - ok
14:13:57.0462 1476 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:13:57.0477 1476 WbioSrvc - ok
14:13:57.0524 1476 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:13:57.0524 1476 wcncsvc - ok
14:13:57.0540 1476 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:13:57.0540 1476 WcsPlugInService - ok
14:13:57.0587 1476 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:13:57.0587 1476 Wd - ok
14:13:57.0680 1476 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:13:57.0696 1476 Wdf01000 - ok
14:13:57.0711 1476 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:13:57.0727 1476 WdiServiceHost - ok
14:13:57.0727 1476 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:13:57.0743 1476 WdiSystemHost - ok
14:13:57.0774 1476 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:13:57.0774 1476 WebClient - ok
14:13:57.0821 1476 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:13:57.0836 1476 Wecsvc - ok
14:13:57.0867 1476 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:13:57.0883 1476 wercplsupport - ok
14:13:57.0914 1476 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:13:57.0914 1476 WerSvc - ok
14:13:58.0008 1476 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:13:58.0008 1476 WfpLwf - ok
14:13:58.0039 1476 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:13:58.0039 1476 WIMMount - ok
14:13:58.0133 1476 WinDefend - ok
14:13:58.0148 1476 WinHttpAutoProxySvc - ok
14:13:58.0211 1476 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:13:58.0226 1476 Winmgmt - ok
14:13:58.0445 1476 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:13:58.0507 1476 WinRM - ok
14:13:58.0772 1476 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:13:58.0788 1476 Wlansvc - ok
14:13:58.0881 1476 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:13:58.0881 1476 wlcrasvc - ok
14:13:59.0131 1476 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:13:59.0193 1476 wlidsvc - ok
14:13:59.0365 1476 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:13:59.0365 1476 WmiAcpi - ok
14:13:59.0427 1476 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:13:59.0443 1476 wmiApSrv - ok
14:13:59.0537 1476 WMPNetworkSvc - ok
14:13:59.0568 1476 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:13:59.0583 1476 WPCSvc - ok
14:13:59.0599 1476 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:13:59.0599 1476 WPDBusEnum - ok
14:13:59.0630 1476 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:13:59.0630 1476 ws2ifsl - ok
14:13:59.0661 1476 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:13:59.0661 1476 wscsvc - ok
14:13:59.0661 1476 WSearch - ok
14:13:59.0942 1476 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:14:00.0020 1476 wuauserv - ok
14:14:00.0161 1476 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:14:00.0176 1476 WudfPf - ok
14:14:00.0207 1476 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:00.0223 1476 WUDFRd - ok
14:14:00.0239 1476 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:14:00.0239 1476 wudfsvc - ok
14:14:00.0270 1476 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:14:00.0285 1476 WwanSvc - ok
14:14:00.0332 1476 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:14:00.0348 1476 \Device\Harddisk1\DR1 - ok
14:14:00.0348 1476 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:14:00.0426 1476 \Device\Harddisk0\DR0 - ok
14:14:00.0426 1476 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:14:00.0426 1476 \Device\Harddisk1\DR1 - ok
14:14:00.0441 1476 Boot (0x1200) (759b79a1db9c2b8b67e5c8724c6c4e87) \Device\Harddisk1\DR1\Partition0
14:14:00.0441 1476 \Device\Harddisk1\DR1\Partition0 - ok
14:14:00.0441 1476 Boot (0x1200) (acb3c8a626e0fdf632154e60ae2d2869) \Device\Harddisk0\DR0\Partition0
14:14:00.0457 1476 \Device\Harddisk0\DR0\Partition0 - ok
14:14:00.0457 1476 Boot (0x1200) (efdf8a4fae38a2c076e7eb3588e06687) \Device\Harddisk0\DR0\Partition1
14:14:00.0457 1476 \Device\Harddisk0\DR0\Partition1 - ok
14:14:00.0473 1476 Boot (0x1200) (759b79a1db9c2b8b67e5c8724c6c4e87) \Device\Harddisk1\DR1\Partition0
14:14:00.0473 1476 \Device\Harddisk1\DR1\Partition0 - ok
14:14:00.0473 1476 ============================================================
14:14:00.0473 1476 Scan finished
14:14:00.0473 1476 ============================================================
14:14:00.0488 1180 Detected object count: 0
14:14:00.0488 1180 Actual detected object count: 0

#7 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 06 May 2012 - 04:24 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 14:17:54
-----------------------------
14:17:54.809 OS Version: Windows x64 6.1.7601 Service Pack 1
14:17:54.809 Number of processors: 4 586 0x2A07
14:17:54.809 ComputerName: FREDDIE-PC UserName: freddie
14:17:56.853 Initialize success
14:18:59.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:18:59.295 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:18:59.295 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\bScsiSDa1Port1Path0Target0Lun0
14:18:59.295 Disk 1 Vendor: Size: 476940MB BusType: 0
14:18:59.311 Disk 0 MBR read successfully
14:18:59.327 Disk 0 MBR scan
14:18:59.327 Disk 0 Windows 7 default MBR code
14:18:59.342 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 84 MB offset 2048
14:18:59.358 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:18:59.389 Disk 0 scanning C:\Windows\system32\drivers
14:19:03.071 Service scanning
14:19:17.282 Modules scanning
14:19:17.298 Disk 0 trace - called modules:
14:19:17.329 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:19:17.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a305060]
14:19:17.345 3 CLASSPNP.SYS[fffff88001d9043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a46050]
14:19:17.360 Scan finished successfully
14:19:47.468 Disk 0 MBR has been saved successfully to "C:\Users\freddie\Desktop\MBR.dat"
14:19:47.468 The log file has been saved successfully to "C:\Users\freddie\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   560bytes   0 downloads


#8 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 06 May 2012 - 05:50 PM

ComboFix 12-05-06.03 - freddie 05/06/2012 15:27:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8044.6282 [GMT -7:00]
Running from: c:\users\freddie\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-06 22:31 . 2012-05-06 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 22:13 . 2012-05-06 22:13 775804 ----a-w- c:\programdata\1336339727.bdinstall.bin
2012-05-06 22:12 . 2012-05-06 22:12 -------- d-----w- c:\programdata\BDLogging
2012-05-06 22:11 . 2012-05-06 22:12 -------- d-----w- c:\programdata\Bitdefender
2012-05-06 21:29 . 2012-05-06 21:29 -------- d-----w- c:\program files\Bitdefender
2012-05-06 21:28 . 2011-08-16 21:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-05-06 21:28 . 2011-10-27 22:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-05-06 21:25 . 2012-05-06 21:28 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-05-06 17:55 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDD4E385-294E-4573-B5DC-3E44E13863F9}\mpengine.dll
2012-05-05 12:23 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 00:21 . 2012-05-01 00:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-01 00:21 . 2012-05-01 00:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-28 02:36 . 2012-04-28 17:07 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-28 02:36 . 2012-05-06 22:35 -------- d-----w- c:\program files (x86)\Steam
2012-04-27 22:33 . 2012-04-27 22:33 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-27 19:41 . 2012-04-27 19:41 -------- d-----w- C:\NBRT
2012-04-27 03:14 . 2012-04-27 03:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-27 03:14 . 2009-05-18 08:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-27 03:14 . 2010-08-27 07:38 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-04-27 03:14 . 2010-08-27 07:38 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-04-27 03:13 . 2012-04-27 03:13 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-04-27 03:13 . 2012-04-27 03:13 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-04-27 01:12 . 2012-04-27 01:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-04-27 01:12 . 2012-04-27 01:12 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-27 01:11 . 2012-04-27 01:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-27 01:11 . 2012-04-27 01:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-26 22:41 . 2012-04-26 22:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0BE941F-A7BE-45F6-935F-B3A946D77291}\gapaengine.dll
2012-04-26 02:26 . 2012-04-26 02:26 -------- d-----w- c:\users\Public\CyberLink
2012-04-25 23:32 . 2012-04-25 23:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-25 23:32 . 2012-04-25 23:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-25 22:51 . 2012-04-25 22:51 -------- d-----w- c:\windows\system32\drivers\MCLIENTx64
2012-04-25 22:51 . 2012-04-25 22:51 -------- d-----w- c:\program files (x86)\Norton Management
2012-04-25 03:59 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-25 03:59 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-25 03:59 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-25 03:50 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-25 03:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-25 03:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-25 03:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-25 03:50 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-25 03:50 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-25 03:44 . 2012-05-06 07:38 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-25 03:38 . 2012-04-25 03:38 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-25 03:38 . 2012-04-25 03:38 -------- d-----w- c:\windows\system32\Wat
2012-04-24 18:56 . 2012-04-24 18:56 -------- d-----w- c:\program files (x86)\Acer
2012-04-24 18:41 . 2012-04-24 18:41 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-24 18:34 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-24 18:34 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-24 18:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-24 18:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-24 18:34 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-24 18:34 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-24 18:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-24 18:26 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-24 18:25 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-24 18:25 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-04-24 18:25 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-24 18:25 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-24 18:25 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-24 18:25 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-24 18:25 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-24 18:25 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-24 18:25 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-24 18:25 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-24 18:25 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-24 18:25 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-04-24 18:23 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-24 18:23 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-24 18:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-24 18:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-24 17:15 . 2012-04-26 02:25 -------- d-----w- c:\programdata\CyberLink
2012-04-24 04:46 . 2012-04-24 04:46 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-04-24 04:34 . 2012-05-01 00:03 -------- d-----w- c:\users\freddie
2012-04-24 04:34 . 2012-04-24 04:34 -------- d-----w- C:\Recovery
2012-04-24 04:14 . 2012-04-24 04:36 -------- d-----w- c:\programdata\OEM
2012-04-24 04:13 . 2012-04-24 04:13 -------- d-----w- c:\program files (x86)\Video Web Camera
2012-04-24 04:12 . 2012-04-24 04:12 -------- d-----w- c:\programdata\Best Buy pc app
2012-04-24 04:10 . 2010-11-22 01:29 50688 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\Rosebud.en-us\RosebudMUI.msi
2012-04-24 04:09 . 2012-04-24 04:09 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-04-24 04:09 . 2012-04-24 04:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-24 04:09 . 2012-04-24 04:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-24 04:09 . 2012-04-24 04:09 -------- d-----w- c:\program files (x86)\Microsoft
2012-04-24 04:06 . 2012-04-24 04:06 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-04-24 04:06 . 2012-04-24 04:06 -------- d-----w- c:\program files (x86)\Intel Corporation
2012-04-24 04:02 . 2010-12-22 20:06 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-04-24 04:02 . 2012-04-24 04:02 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-04-24 03:59 . 2012-04-24 03:59 -------- d-----w- c:\program files\Elantech
2012-04-24 03:58 . 2012-04-24 03:58 -------- d-----w- c:\users\Public\Roaming
2012-04-24 03:58 . 2012-04-24 03:58 -------- d-----w- c:\users\Default\Roaming
2012-04-24 03:57 . 2012-04-24 03:57 -------- d-----w- c:\program files (x86)\Cisco
2012-04-24 03:56 . 2012-04-24 03:57 -------- d-----w- c:\program files\Intel
2012-04-24 03:55 . 2012-04-24 03:55 -------- d-----w- c:\program files (x86)\Launch Manager
2012-04-24 03:53 . 2012-04-24 03:53 -------- d---a-w- C:\book
2012-04-24 03:53 . 2012-04-24 04:06 -------- d-----w- c:\programdata\Intel
2012-04-24 03:50 . 2012-04-24 03:57 -------- d-----w- c:\program files\Common Files\Intel
2012-04-24 03:50 . 2012-04-24 03:50 -------- d-----w- c:\program files (x86)\Common Files\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 17:05 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-21 03:22 . 2012-03-21 03:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-02-17 23:45 . 2012-02-17 23:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-28 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-03-09 290112]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-6-30 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-15 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2012-04-05 255376]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-01-16 138232]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-03-09 257344]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-14 66096]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078389659-3422900757-3589903395-1000Core.job
- c:\users\freddie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 18:05]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4078389659-3422900757-3589903395-1000UA.job
- c:\users\freddie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 18:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\2.1.2.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-06 15:38:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-06 22:38
.
Pre-Run: 451,707,420,672 bytes free
Post-Run: 451,956,826,112 bytes free
.
- - End Of File - - 8578D63DD04A67C81C48AC89200EB82E

#9 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 06 May 2012 - 05:59 PM

How my computer is acting now. Thats the funny thing. is it acts just fine. but when i format, it spends a hour installing 50 different things including bluetooth named files and other hardware not on this model of this computer. i have a feeling a bios update is in order, but im being redirected so i need someone else to download it for me.. i had a new update show up in important... its not the second tuesday of the month.... its from march of this year and talks about a possible .dll injection fix, and bug in windows. the number of update that all of asuden after all the steps but before combofix is Kb2565063 update from 3/13/2012. as per instructions to combofix, i did not install it, as it instructed to not install anything after the combofix log.

awaiting orders!

i do plan on doing some scans of bitdefender trial, microsoft security esc, and maybe some more i already have install. now before i posted i used superantispyware and it happen to catch a little over 100 different spyware, so if you need that log or any other let me know.

Edit: i know you guys hate this, but i posted my Bit defender log in case you can use it for something. it found one infection with a removal. it was a Roaming file which i suspect is the file used to gain access to my computer remotely and do whatever the hacker pleases.

Attached Files


Edited by systematicdecline, 06 May 2012 - 07:00 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 AM

Posted 07 May 2012 - 08:38 AM

These security programs are disable that is good when running ComboFix

AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


You should not run Microsoft Security Essentials and Bitdefender antispyware simultaneously.
Make sure of that.

===

I see nothing wrong in your ComboFix log.


but when i format, it spends a hour installing 50 different things including bluetooth named files and other hardware not on this model of this computer.


Formatting the Hard disk remove all programs and files leaving your to install the operating system and all the programs.

I you realy formatting your computer?

A format alone will not install anything.

What exactly are you doing?

#11 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 May 2012 - 01:14 PM

The first infection before re installing with OEM disk. What happen. First thing i saw was check marks in the upper right hand corner of shortcuts, shortcuts that where translucent with blue arrow on bottom right then started noticing other things changing right before my eyes. i then noticed i was unable to get into files i know i had rights too. so i downloaded Microsoft network 3.5 to see what was going on with my ports. two ports where stuck open regardless of my protection with a ton of other stuff going on other ports. after going to finding the ip addresses, seem a lot of them where network based others where unable to find, etc. i was unable to save any of the logs, or screenshot. and a lot of the files that i took snapshots, where showing in the list of the Microsoft networking program, as someone attached too it. a lot of remote connections with ip addresses and file names they where connected too.

i then went to command promt and typed in attrib /? to see my options. i used the attrib /s /d to show me the attrib even in the sub folders. i noticed key loggers on several hidden files etc and a lot of inconsistent stuff. i noticed when i right clicked on a file, i had a option to "Take Ownership" and when i clicked on it. a command promt thing in the background popped up, and would have a command line i dont remember that had a -F and really weird direction. and that still gave me no control over the files. and or drives. i7 goggled this and it turns out it was a hack or program to put on win 7. which i never did. every file that was taken over was pictures, music all personal stuff. their where other hidden profiles that would sometimes pop up as S-5- etc etc. showing the token number. then after a refresh would show the name main user and among other names. with the attrib of S. making a ton of different types of profiles and subtoken numbers in the DEP system. the more research i did, the more errors i got browing the internet on Chrome or any other browser. getting a DNS error trying to connect to a webpage. i would reload then i would reconnect. i was running norton 360 from the start 4.0, and whatever comes with windows 7 by default.

according to the owner of the network. he had a cisco wireless router. he said someone hacked his router. and changed the bios on it to a old old bios, and the name and password. When i clicked on my wireless connection and highlighted his SSID, and clicked show characters. it actually showed his password to his modem. which it should of came up blank. This is when i alerted the network owner of what was going on.

The i will try to remember more. but if you want any of these files, XML files etc let me know. if all this stuff is normal. let me know. but from my experience, what i saw, and what keeps happening is a series hack to have control of my computer. and i believe its someone who may had gotten hands on to my computer, and or bios hack, etc.


what i ment was, about format. no i dont know if i am actually formatting my computer as re installing gateways disk i made when i first purchased this laptop 4 months ago, before even plugging in the internet.

Notice: The first thing that caught my attention as a pc tech / network tech, was that attributes where all messed up. i could see this visually just by seeing the translucent files, also those files had blue arrors on the bottom right showing me sharing issues as well. I had files denied access too. .XML files that direct the machine to create new names for drivers, the redirection websites, token ids to be used, and tcpip settings and . all things that caught my eye fast.

issues: i believe i am being redirected by XML files i have read, with false DLL and other system files. mainly working off the svhost. So i cant even update my gateway without feeling like im being redirected. most of my certificates have a ! mark in one or more important signatures making so i cant trust anywhere i download from. Even when i have tried to download Microsoft essentials, Microsoft page came up, but in the right hand side where you download the program came up, Can not find address page.... This was all on my old network.


i have been redirected many times on prior re installs. my master boot record, or a second partition on here thats only 83.9 mb has information about a old router of mine on a different network. before my computer crashed teh first time with a volume error sending me to dos and a X: drive to work off for commands. i have had volume corrupt. and recycling bin corrupt My roommate experienced the same thing.

Other issues,weird random software i never had, a gateway registration page that looks completely different that reappears even after filling in the information, over and over and over again at random times very basic and for sure not suppose to be on here.
i believe maybe someone got their hands physically to my pc, and created some back up file in a hidden partition that reinstalls drivers etc, that i believe are not the OEM stuff. and possibly a exploit into my computer.



You should not run Microsoft Security Essentials and Bitdefender antispyware simultaneously.
Make sure of that.


Do you mean i should not install both of them on my computer? or i should not run both programs? before i purchase anything.... let me know if im creating conflicts with to many programs. im about to add spybot. i have installed that update from Microsoft. i have a optional BING update, i have not updated.

These security programs are disable that is good when running ComboFix


I try to follow instructions. :D let me know if i misunderstand something and mess up! im sure you will LOL. :D


Awaiting Orders! Thank you for taking on this challenge. as this one is a major one for me. i hope im just being extra paranoid. but since i was infected once, and took me down. i have a feeling im not... and need some serious professional help. thanks again.

Awaiting Orders!

Edited by systematicdecline, 07 May 2012 - 04:16 PM.


#12 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 May 2012 - 02:54 PM

my Super antispyware log. also take note over a 100 files are considered password protected.... and has shown up in a couple of scans on different scanners.



Two different logs. one done today. the other one i did when following the instructions of how to post on here. the later file will be the oldest log. the first program to actually catch anything.
maybe this can help us.

Attached Files


Edited by systematicdecline, 07 May 2012 - 03:55 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:45 AM

Posted 08 May 2012 - 08:01 AM

Do you mean i should not install both of them on my computer? or i should not run both programs? before i purchase anything.... let me know if im creating conflicts with to many programs. im about to add spybot.


I mean do not run them both together simultaneously. They will only slow down your computer performance.
As for Spybot I do not think you need it. Your call if you want to install it.
===

The ComboFix log is clean.
All that Bitdefender removes are cookies. Nothing to worry about.

Install this MVP hosts file and most of these cookies will not get installed.

Download HostsXpert

Tutorial, go here:
http://i28.photobucket.com/albums/c227/tetonbob/emoticons/HostsXpert4.jpg
  • Unzip HostsXpert to it's own folder.
  • Run HostsXpert.exe
  • Click: Make Writable? in the upper left corner.
  • Click: Download
  • Click: MVPs Hosts
  • Click: Replace
  • Click: OK
  • Click: Make ReadOnly
  • Close HostsXpert.
Note: If a custom Hosts file was in place, also edit those entries back in.
*/*
I suggest that you update the new version of the Hosts file, every 6 weeks. I Do.

All you need to know about the hosts file.
http://www.mvps.org/winhelp2002/hosts.htm
===

Are you still being redirected?

#14 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 May 2012 - 01:17 AM

im not sure if i am being redirected. but at random times, a DLL file will get downloaded, and norton will scan download, that is how i am even aware of it. sometimes 3 files at a time. this was rare and only happen 4 times.

i have some pictures to show what i mean about the certificate thing. i do believe someone has complete access to my pc at all times.... and i want to get to the bottom of this. all though things seem to be looking up. and acting better. my superantispy found more. i will post that log as well.

i followed your last post.

#15 systematicdecline

systematicdecline
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 10 May 2012 - 01:20 AM

i cant seem up upload a zip or png of these snap shots. but it shows how the certificates are messed up and why its hard for me to trust anywhere i download from.

Edit i tried to download and install Turbo Boost_Intel_2.0.82.0_W7x64_A.zip which is a update from my computer manufacture. and it stated i needed a newer form of windows. i have windows 7 home, so i dont know what the issue is. but brings me back to my first suspension, that this version of windows was altered for someones advantage. including creating havoc on my pc by wrong drivers? just a theory at this point. As my old roommate claim to be in the Razor Group which are some big hackers. then he played all stupid when i showed him all this. and i think he tried to clean up as much as possible to not be traceable to him. he sure did, seem like a amateur...

Edit: yes it seems im being redirected. my help was turn to offline, i cant download a update for logitech off of windows options. error. also error for Fix it, also frozen webpages to microsfts website

Edited by systematicdecline, 10 May 2012 - 02:13 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users