Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome says "Weak Signature Algorithm" following Live Security Platinum infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 mcompton1973

mcompton1973

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 22 July 2012 - 08:27 PM

I had the Live Security Platinum issue last week. Since then, I am still having some other issues. When I go to a https site I get an error about a weak signature algorithm. I also get redirected from time to time, especially when I try to open links from a google search. I am following the preparation guide.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Mike at 19:32:39 on 2012-07-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1790.650 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=8/
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [<NO NAME>]
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{A40BEEE8-2327-48B1-BC32-7726BF338A0D} : DhcpNameServer = 204.130.255.3 209.63.0.6
TCP: Interfaces\{B3E2A2BA-E554-465C-AAE8-A6EB93771D58} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{B3E2A2BA-E554-465C-AAE8-A6EB93771D58}\249474F5255444 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B3E2A2BA-E554-465C-AAE8-A6EB93771D58}\2656C6B696E6E2669363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3E2A2BA-E554-465C-AAE8-A6EB93771D58}\35566756E644F67637 : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B3E2A2BA-E554-465C-AAE8-A6EB93771D58}\75C414E423 : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\ypjg4yhc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\users\mike\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe [2009-3-30 43010392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-18 22344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-1 250056]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-18 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-18 136176]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-18 655944]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-25 113120]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
.
=============== Created Last 30 ================
.
2012-07-20 05:03:59 -------- d-----w- c:\program files\AVG
2012-07-20 04:54:21 -------- d-----w- c:\users\mike\appdata\roaming\SUPERAntiSpyware.com
2012-07-20 04:53:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-20 04:53:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-20 04:53:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-20 04:53:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-20 04:48:13 -------- d--h--w- c:\programdata\Common Files
2012-07-20 04:48:13 -------- d-----w- c:\programdata\MFAData
2012-07-18 16:30:57 883616 ----a-w- C:\FixExec.exe
2012-07-18 16:26:01 110080 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe
2012-07-18 16:26:01 110080 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe
2012-07-18 16:26:01 110080 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe
2012-07-18 16:25:59 -------- d-----w- C:\sh4ldr
2012-07-18 16:25:59 -------- d-----w- c:\program files\Enigma Software Group
2012-07-18 16:25:41 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-18 16:25:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-18 15:19:50 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2012-07-18 15:19:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 15:19:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 15:19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-18 14:48:56 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-18 14:44:42 -------- d-----w- c:\users\mike\appdata\local\{A3A15572-D0E6-11E1-8270-B8AC6F996F26}
2012-07-18 14:41:30 -------- d-----w- c:\users\mike\appdata\local\{A3A121B0-D0E6-11E1-8270-B8AC6F996F26}
2012-07-18 14:41:25 -------- d-----w- c:\programdata\036E190F000905D602BA85A64F147C45
2012-07-12 03:24:29 -------- d-----w- c:\windows\BisonC07
2012-07-11 08:34:46 257024 ----a-w- c:\windows\system32\msv1_0.dll
2012-07-11 08:08:45 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-11 08:08:22 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fff33af4-aabd-46a6-9487-e6b33789b089}\mpengine.dll
2012-07-11 07:55:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 07:55:00 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 07:55:00 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 07:55:00 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 07:48:27 -------- d-----w- c:\program files\MSXML 4.0
2012-07-11 07:46:16 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-11 07:46:16 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-11 07:46:12 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-07-11 07:46:12 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-07-11 07:46:01 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-11 07:46:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-07-11 07:46:00 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-07-11 07:44:59 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-07-11 07:43:54 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-07-11 07:43:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-11 07:43:52 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-07-11 07:43:49 67072 ----a-w- c:\windows\system32\packager.dll
2012-07-11 07:43:42 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-07-11 07:43:39 708608 ----a-w- c:\program files\common files\system\wab32.dll
2012-07-11 07:43:36 34816 ----a-w- c:\windows\system32\msasn1.dll
2012-07-11 07:43:33 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-11 07:43:02 67584 ----a-w- c:\windows\system32\asycfilt.dll
2012-07-11 07:41:59 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2012-07-11 07:40:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-07-11 07:40:06 792368 ----a-w- c:\windows\system32\drivers\BisonC07.sys
2012-07-11 07:40:06 180224 ----a-w- c:\windows\system\StillDrv.dll
2012-07-11 07:40:06 176128 ----a-w- c:\windows\system32\BisonR07.dll
2012-07-11 07:40:05 131072 ----a-w- c:\windows\system\BisonC07.dll
2012-07-11 07:40:05 106496 ----a-w- c:\windows\system\BisonV07.dll
2012-07-11 07:40:05 -------- d-----w- c:\windows\Options
2012-06-25 22:22:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-25 22:22:01 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-25 22:22:01 624608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-06-25 22:22:01 43488 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-06-25 22:22:01 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-25 22:22:01 157608 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-06-25 22:22:01 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-06-25 22:08:37 -------- d-----w- c:\users\mike\appdata\local\Macromedia
.
==================== Find3M ====================
.
2012-07-12 05:56:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 05:56:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:12:09 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-04-28 03:19:47 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:48:52 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:48:52 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:43:14 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 19:34:06.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 25 July 2012 - 01:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 27 July 2012 - 11:19 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 28 July 2012 - 04:22 AM

I have not had a chance to try everything on here yet...but I DO still want the help. I will try to do it tomorrow. Thank you.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 28 July 2012 - 12:01 PM

OK No problem and hope to see you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 July 2012 - 08:30 PM

Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SpyHunter
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.2)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 29 July 2012 - 08:46 PM

let me have the combofix report when it is done


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 July 2012 - 09:18 PM

i have tried twice to do the combofix and both times I get the blue screen and it restarts...

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 29 July 2012 - 09:25 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 July 2012 - 09:45 PM

Here is the TDSKiller...I will run and post the other one next


21:38:22.0844 3980 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:38:23.0542 3980 ============================================================
21:38:23.0542 3980 Current date / time: 2012/07/29 21:38:23.0542
21:38:23.0542 3980 SystemInfo:
21:38:23.0542 3980
21:38:23.0542 3980 OS Version: 6.1.7600 ServicePack: 0.0
21:38:23.0542 3980 Product type: Workstation
21:38:23.0542 3980 ComputerName: MIKE-PC
21:38:23.0542 3980 UserName: Mike
21:38:23.0542 3980 Windows directory: C:\Windows
21:38:23.0542 3980 System windows directory: C:\Windows
21:38:23.0542 3980 Processor architecture: Intel x86
21:38:23.0542 3980 Number of processors: 2
21:38:23.0542 3980 Page size: 0x1000
21:38:23.0542 3980 Boot type: Normal boot
21:38:23.0542 3980 ============================================================
21:38:26.0777 3980 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:38:26.0779 3980 ============================================================
21:38:26.0779 3980 \Device\Harddisk0\DR0:
21:38:26.0779 3980 MBR partitions:
21:38:26.0779 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:38:26.0779 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
21:38:26.0779 3980 ============================================================
21:38:26.0801 3980 C: <-> \Device\Harddisk0\DR0\Partition1
21:38:26.0801 3980 ============================================================
21:38:26.0801 3980 Initialize success
21:38:26.0801 3980 ============================================================
21:38:34.0565 2988 ============================================================
21:38:34.0565 2988 Scan started
21:38:34.0565 2988 Mode: Manual;
21:38:34.0565 2988 ============================================================
21:38:36.0316 2988 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:38:36.0320 2988 !SASCORE - ok
21:38:36.0553 2988 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:38:36.0557 2988 1394ohci - ok
21:38:36.0614 2988 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:38:36.0619 2988 ACPI - ok
21:38:36.0727 2988 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:38:36.0729 2988 AcpiPmi - ok
21:38:36.0809 2988 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:38:36.0812 2988 AdobeARMservice - ok
21:38:36.0900 2988 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:38:36.0905 2988 AdobeFlashPlayerUpdateSvc - ok
21:38:37.0010 2988 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:38:37.0018 2988 adp94xx - ok
21:38:37.0052 2988 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:38:37.0059 2988 adpahci - ok
21:38:37.0089 2988 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:38:37.0094 2988 adpu320 - ok
21:38:37.0160 2988 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:38:37.0162 2988 AeLookupSvc - ok
21:38:37.0224 2988 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:38:37.0231 2988 AFD - ok
21:38:37.0281 2988 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:38:37.0283 2988 agp440 - ok
21:38:37.0327 2988 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:38:37.0330 2988 aic78xx - ok
21:38:37.0378 2988 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:38:37.0380 2988 ALG - ok
21:38:37.0401 2988 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:38:37.0402 2988 aliide - ok
21:38:37.0414 2988 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:38:37.0416 2988 amdagp - ok
21:38:37.0458 2988 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:38:37.0458 2988 amdide - ok
21:38:37.0513 2988 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:38:37.0514 2988 AmdK8 - ok
21:38:37.0550 2988 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:38:37.0552 2988 AmdPPM - ok
21:38:37.0603 2988 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
21:38:37.0605 2988 amdsata - ok
21:38:37.0645 2988 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:38:37.0649 2988 amdsbs - ok
21:38:37.0741 2988 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
21:38:37.0742 2988 amdxata - ok
21:38:37.0804 2988 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
21:38:37.0806 2988 androidusb - ok
21:38:37.0819 2988 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:38:37.0822 2988 AppID - ok
21:38:37.0857 2988 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:38:37.0859 2988 AppIDSvc - ok
21:38:37.0896 2988 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
21:38:37.0898 2988 Appinfo - ok
21:38:37.0992 2988 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:38:37.0997 2988 Apple Mobile Device - ok
21:38:38.0032 2988 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:38:38.0036 2988 AppMgmt - ok
21:38:38.0081 2988 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:38:38.0083 2988 arc - ok
21:38:38.0103 2988 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:38:38.0106 2988 arcsas - ok
21:38:38.0285 2988 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:38:38.0304 2988 aspnet_state - ok
21:38:38.0345 2988 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:38.0347 2988 AsyncMac - ok
21:38:38.0376 2988 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:38:38.0377 2988 atapi - ok
21:38:38.0458 2988 Ati External Event Utility (8eb7658b655713347c0127526e8f7941) C:\Windows\system32\Ati2evxx.exe
21:38:38.0472 2988 Ati External Event Utility - ok
21:38:38.0744 2988 atikmdag (3f785fe4b890ebc17e1f4df684da060d) C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:38.0832 2988 atikmdag - ok
21:38:38.0979 2988 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:38:38.0991 2988 AudioEndpointBuilder - ok
21:38:39.0011 2988 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:38:39.0017 2988 Audiosrv - ok
21:38:39.0133 2988 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
21:38:39.0136 2988 AxInstSV - ok
21:38:39.0242 2988 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:38:39.0250 2988 b06bdrv - ok
21:38:39.0306 2988 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:38:39.0314 2988 b57nd60x - ok
21:38:39.0616 2988 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:38:39.0637 2988 BCM43XX - ok
21:38:39.0798 2988 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:38:39.0800 2988 BDESVC - ok
21:38:39.0893 2988 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:38:39.0894 2988 Beep - ok
21:38:39.0910 2988 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:38:39.0912 2988 blbdrive - ok
21:38:40.0084 2988 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:38:40.0093 2988 Bonjour Service - ok
21:38:40.0151 2988 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:38:40.0153 2988 bowser - ok
21:38:40.0195 2988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:38:40.0196 2988 BrFiltLo - ok
21:38:40.0228 2988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:38:40.0230 2988 BrFiltUp - ok
21:38:40.0267 2988 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
21:38:40.0270 2988 Browser - ok
21:38:40.0338 2988 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:38:40.0344 2988 Brserid - ok
21:38:40.0358 2988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:40.0360 2988 BrSerWdm - ok
21:38:40.0367 2988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:40.0369 2988 BrUsbMdm - ok
21:38:40.0378 2988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:40.0379 2988 BrUsbSer - ok
21:38:40.0393 2988 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:40.0395 2988 BTHMODEM - ok
21:38:40.0439 2988 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:38:40.0442 2988 bthserv - ok
21:38:40.0628 2988 Cam5607 (d8ba0e0ffbce2dd5de110c5146c438b4) C:\Windows\system32\Drivers\BisonC07.sys
21:38:40.0635 2988 Cam5607 - ok
21:38:40.0690 2988 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:38:40.0692 2988 cdfs - ok
21:38:40.0729 2988 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:38:40.0731 2988 cdrom - ok
21:38:40.0791 2988 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:38:40.0792 2988 CertPropSvc - ok
21:38:40.0808 2988 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:38:40.0810 2988 circlass - ok
21:38:40.0844 2988 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:38:40.0850 2988 CLFS - ok
21:38:41.0227 2988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:41.0232 2988 clr_optimization_v2.0.50727_32 - ok
21:38:41.0321 2988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:41.0387 2988 clr_optimization_v4.0.30319_32 - ok
21:38:41.0426 2988 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:38:41.0427 2988 CmBatt - ok
21:38:41.0448 2988 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:38:41.0450 2988 cmdide - ok
21:38:41.0512 2988 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:38:41.0520 2988 CNG - ok
21:38:41.0551 2988 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:38:41.0552 2988 Compbatt - ok
21:38:41.0596 2988 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:38:41.0597 2988 CompositeBus - ok
21:38:41.0639 2988 COMSysApp - ok
21:38:41.0665 2988 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:38:41.0666 2988 crcdisk - ok
21:38:41.0724 2988 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
21:38:41.0728 2988 CryptSvc - ok
21:38:41.0794 2988 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:38:41.0801 2988 CSC - ok
21:38:41.0865 2988 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
21:38:41.0875 2988 CscService - ok
21:38:41.0968 2988 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:38:42.0125 2988 DcomLaunch - ok
21:38:42.0171 2988 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:38:42.0176 2988 defragsvc - ok
21:38:42.0314 2988 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
21:38:42.0316 2988 DfsC - ok
21:38:42.0371 2988 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
21:38:42.0376 2988 Dhcp - ok
21:38:42.0416 2988 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:38:42.0417 2988 discache - ok
21:38:42.0468 2988 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:38:42.0469 2988 Disk - ok
21:38:42.0520 2988 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
21:38:42.0523 2988 Dnscache - ok
21:38:42.0585 2988 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
21:38:42.0590 2988 dot3svc - ok
21:38:42.0660 2988 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:38:42.0663 2988 Dot4 - ok
21:38:42.0685 2988 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:38:42.0686 2988 Dot4Print - ok
21:38:42.0725 2988 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:38:42.0727 2988 dot4usb - ok
21:38:42.0756 2988 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
21:38:42.0761 2988 DPS - ok
21:38:42.0807 2988 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:38:42.0809 2988 drmkaud - ok
21:38:42.0878 2988 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
21:38:42.0884 2988 DXGKrnl - ok
21:38:42.0938 2988 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:38:42.0941 2988 EapHost - ok
21:38:43.0215 2988 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:38:43.0270 2988 ebdrv - ok
21:38:43.0427 2988 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
21:38:43.0430 2988 EFS - ok
21:38:43.0535 2988 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
21:38:43.0545 2988 ehRecvr - ok
21:38:43.0577 2988 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:38:43.0582 2988 ehSched - ok
21:38:43.0682 2988 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:38:43.0691 2988 elxstor - ok
21:38:43.0778 2988 EMSCR (8efd7f0094b2015d836d9dd87f77dc44) C:\Windows\system32\DRIVERS\EMS7SK.sys
21:38:43.0780 2988 EMSCR - ok
21:38:43.0815 2988 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:38:43.0816 2988 ErrDev - ok
21:38:43.0856 2988 ESMCR (a18ad596fc91a05ea61945d856dd86dc) C:\Windows\system32\DRIVERS\ESM7SK.sys
21:38:43.0858 2988 ESMCR - ok
21:38:43.0933 2988 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:38:43.0940 2988 EventSystem - ok
21:38:43.0973 2988 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:38:43.0977 2988 exfat - ok
21:38:44.0013 2988 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:38:44.0017 2988 fastfat - ok
21:38:44.0070 2988 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
21:38:44.0080 2988 Fax - ok
21:38:44.0089 2988 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:38:44.0091 2988 fdc - ok
21:38:44.0123 2988 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:38:44.0125 2988 fdPHost - ok
21:38:44.0135 2988 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:38:44.0138 2988 FDResPub - ok
21:38:44.0187 2988 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:38:44.0188 2988 FileInfo - ok
21:38:44.0220 2988 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:38:44.0221 2988 Filetrace - ok
21:38:44.0228 2988 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:38:44.0230 2988 flpydisk - ok
21:38:44.0284 2988 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:38:44.0288 2988 FltMgr - ok
21:38:44.0385 2988 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
21:38:44.0401 2988 FontCache - ok
21:38:44.0512 2988 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:44.0542 2988 FontCache3.0.0.0 - ok
21:38:44.0560 2988 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:38:44.0562 2988 FsDepends - ok
21:38:44.0591 2988 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
21:38:44.0592 2988 Fs_Rec - ok
21:38:44.0646 2988 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
21:38:44.0650 2988 fvevol - ok
21:38:44.0708 2988 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:38:44.0709 2988 gagp30kx - ok
21:38:44.0746 2988 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:38:44.0747 2988 GEARAspiWDM - ok
21:38:44.0808 2988 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
21:38:44.0820 2988 gpsvc - ok
21:38:44.0976 2988 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:44.0979 2988 gupdate - ok
21:38:44.0987 2988 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:38:44.0989 2988 gupdatem - ok
21:38:45.0049 2988 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:38:45.0053 2988 hcw85cir - ok
21:38:45.0117 2988 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:38:45.0123 2988 HdAudAddService - ok
21:38:45.0185 2988 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:38:45.0188 2988 HDAudBus - ok
21:38:45.0196 2988 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:38:45.0198 2988 HidBatt - ok
21:38:45.0212 2988 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:38:45.0215 2988 HidBth - ok
21:38:45.0245 2988 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:38:45.0247 2988 HidIr - ok
21:38:45.0297 2988 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:38:45.0299 2988 hidserv - ok
21:38:45.0354 2988 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:38:45.0355 2988 HidUsb - ok
21:38:45.0382 2988 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
21:38:45.0385 2988 hkmsvc - ok
21:38:45.0426 2988 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
21:38:45.0431 2988 HomeGroupListener - ok
21:38:45.0485 2988 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
21:38:45.0491 2988 HomeGroupProvider - ok
21:38:45.0702 2988 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:38:45.0708 2988 hpqcxs08 - ok
21:38:45.0740 2988 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:38:45.0744 2988 hpqddsvc - ok
21:38:45.0784 2988 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:38:45.0786 2988 HpSAMD - ok
21:38:45.0899 2988 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:38:45.0916 2988 HSF_DPV - ok
21:38:45.0963 2988 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:38:45.0967 2988 HSXHWAZL - ok
21:38:46.0037 2988 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:38:46.0051 2988 HTTP - ok
21:38:46.0070 2988 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:38:46.0071 2988 hwpolicy - ok
21:38:46.0101 2988 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:38:46.0104 2988 i8042prt - ok
21:38:46.0189 2988 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
21:38:46.0197 2988 iaStorV - ok
21:38:46.0320 2988 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:46.0337 2988 idsvc - ok
21:38:46.0404 2988 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:38:46.0406 2988 iirsp - ok
21:38:46.0495 2988 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
21:38:46.0507 2988 IKEEXT - ok
21:38:46.0528 2988 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:38:46.0530 2988 intelide - ok
21:38:46.0567 2988 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:38:46.0570 2988 intelppm - ok
21:38:46.0587 2988 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:38:46.0591 2988 IPBusEnum - ok
21:38:46.0601 2988 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:46.0604 2988 IpFilterDriver - ok
21:38:46.0612 2988 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:38:46.0616 2988 IPMIDRV - ok
21:38:46.0629 2988 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:38:46.0642 2988 IPNAT - ok
21:38:46.0753 2988 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:38:46.0770 2988 iPod Service - ok
21:38:46.0807 2988 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:38:46.0808 2988 IRENUM - ok
21:38:46.0854 2988 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:38:46.0856 2988 isapnp - ok
21:38:46.0963 2988 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:38:46.0968 2988 iScsiPrt - ok
21:38:47.0061 2988 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:38:47.0062 2988 kbdclass - ok
21:38:47.0126 2988 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:38:47.0137 2988 kbdhid - ok
21:38:47.0172 2988 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:38:47.0174 2988 KeyIso - ok
21:38:47.0211 2988 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:38:47.0225 2988 KSecDD - ok
21:38:47.0251 2988 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:38:47.0255 2988 KSecPkg - ok
21:38:47.0569 2988 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:38:47.0605 2988 KtmRm - ok
21:38:47.0907 2988 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
21:38:47.0914 2988 LanmanServer - ok
21:38:47.0946 2988 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
21:38:47.0958 2988 LanmanWorkstation - ok
21:38:48.0068 2988 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:38:48.0069 2988 lltdio - ok
21:38:48.0125 2988 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:38:48.0130 2988 lltdsvc - ok
21:38:48.0148 2988 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:38:48.0150 2988 lmhosts - ok
21:38:48.0189 2988 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:38:48.0193 2988 LSI_FC - ok
21:38:48.0224 2988 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:38:48.0227 2988 LSI_SAS - ok
21:38:48.0254 2988 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:38:48.0257 2988 LSI_SAS2 - ok
21:38:48.0326 2988 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:38:48.0329 2988 LSI_SCSI - ok
21:38:48.0371 2988 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:38:48.0375 2988 luafv - ok
21:38:48.0507 2988 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
21:38:48.0524 2988 LVRS - ok
21:38:49.0262 2988 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
21:38:49.0412 2988 LVUVC - ok
21:38:49.0857 2988 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
21:38:49.0859 2988 MBAMProtector - ok
21:38:50.0064 2988 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:38:50.0077 2988 MBAMService - ok
21:38:50.0113 2988 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
21:38:50.0125 2988 mcdbus - ok
21:38:50.0160 2988 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
21:38:50.0164 2988 Mcx2Svc - ok
21:38:50.0227 2988 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:38:50.0228 2988 mdmxsdk - ok
21:38:50.0258 2988 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:38:50.0260 2988 megasas - ok
21:38:50.0298 2988 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:38:50.0304 2988 MegaSR - ok
21:38:50.0359 2988 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:38:50.0362 2988 MMCSS - ok
21:38:50.0397 2988 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:38:50.0398 2988 Modem - ok
21:38:50.0446 2988 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:38:50.0447 2988 monitor - ok
21:38:50.0481 2988 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:38:50.0484 2988 mouclass - ok
21:38:50.0755 2988 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:38:50.0757 2988 mouhid - ok
21:38:50.0789 2988 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:38:50.0790 2988 mountmgr - ok
21:38:51.0117 2988 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:38:51.0121 2988 MozillaMaintenance - ok
21:38:51.0161 2988 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:38:51.0165 2988 mpio - ok
21:38:51.0257 2988 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:38:51.0259 2988 mpsdrv - ok
21:38:51.0309 2988 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:38:51.0317 2988 MRxDAV - ok
21:38:51.0372 2988 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:51.0375 2988 mrxsmb - ok
21:38:51.0432 2988 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:51.0437 2988 mrxsmb10 - ok
21:38:51.0459 2988 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:51.0462 2988 mrxsmb20 - ok
21:38:51.0495 2988 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:38:51.0496 2988 msahci - ok
21:38:51.0553 2988 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:38:51.0557 2988 msdsm - ok
21:38:51.0666 2988 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:38:51.0727 2988 MSDTC - ok
21:38:51.0795 2988 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:38:51.0796 2988 Msfs - ok
21:38:51.0839 2988 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:38:51.0841 2988 mshidkmdf - ok
21:38:51.0851 2988 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:38:51.0852 2988 msisadrv - ok
21:38:51.0895 2988 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:38:51.0899 2988 MSiSCSI - ok
21:38:51.0905 2988 msiserver - ok
21:38:52.0000 2988 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:38:52.0000 2988 MSKSSRV - ok
21:38:52.0030 2988 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:52.0031 2988 MSPCLOCK - ok
21:38:52.0045 2988 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:38:52.0047 2988 MSPQM - ok
21:38:52.0135 2988 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:38:52.0138 2988 MsRPC - ok
21:38:52.0169 2988 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:38:52.0170 2988 mssmbios - ok
21:38:52.0376 2988 MSSQL$SQLEXPRESS - ok
21:38:52.0501 2988 MSSQL$XACTWARE - ok
21:38:52.0815 2988 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:38:52.0818 2988 MSSQLServerADHelper100 - ok
21:38:52.0849 2988 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:38:52.0851 2988 MSTEE - ok
21:38:52.0870 2988 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:38:52.0871 2988 MTConfig - ok
21:38:52.0909 2988 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:38:52.0910 2988 Mup - ok
21:38:53.0041 2988 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
21:38:53.0048 2988 napagent - ok
21:38:53.0094 2988 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:38:53.0100 2988 NativeWifiP - ok
21:38:53.0301 2988 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:38:53.0313 2988 NDIS - ok
21:38:53.0358 2988 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:38:53.0360 2988 NdisCap - ok
21:38:53.0381 2988 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:53.0383 2988 NdisTapi - ok
21:38:53.0395 2988 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:53.0399 2988 Ndisuio - ok
21:38:53.0537 2988 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:53.0540 2988 NdisWan - ok
21:38:53.0665 2988 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:38:53.0666 2988 NDProxy - ok
21:38:53.0715 2988 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
21:38:53.0717 2988 Net Driver HPZ12 - ok
21:38:53.0753 2988 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:38:53.0755 2988 NetBIOS - ok
21:38:53.0793 2988 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:38:53.0798 2988 NetBT - ok
21:38:53.0839 2988 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:38:53.0841 2988 Netlogon - ok
21:38:54.0076 2988 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:38:54.0109 2988 Netman - ok
21:38:54.0370 2988 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:54.0375 2988 NetMsmqActivator - ok
21:38:54.0382 2988 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:54.0386 2988 NetPipeActivator - ok
21:38:54.0556 2988 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:38:54.0565 2988 netprofm - ok
21:38:54.0573 2988 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:54.0576 2988 NetTcpActivator - ok
21:38:54.0583 2988 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:54.0588 2988 NetTcpPortSharing - ok
21:38:54.0639 2988 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:38:54.0641 2988 nfrd960 - ok
21:38:54.0673 2988 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
21:38:54.0680 2988 NlaSvc - ok
21:38:54.0713 2988 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:38:54.0715 2988 Npfs - ok
21:38:54.0759 2988 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:38:54.0762 2988 nsi - ok
21:38:54.0780 2988 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:38:54.0781 2988 nsiproxy - ok
21:38:55.0015 2988 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
21:38:55.0037 2988 Ntfs - ok
21:38:55.0090 2988 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:38:55.0091 2988 Null - ok
21:38:55.0127 2988 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
21:38:55.0131 2988 nvraid - ok
21:38:55.0182 2988 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
21:38:55.0186 2988 nvstor - ok
21:38:55.0233 2988 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:38:55.0236 2988 nv_agp - ok
21:38:55.0247 2988 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:38:55.0250 2988 ohci1394 - ok
21:38:55.0309 2988 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:38:55.0318 2988 p2pimsvc - ok
21:38:55.0371 2988 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:38:55.0379 2988 p2psvc - ok
21:38:55.0435 2988 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:38:55.0438 2988 Parport - ok
21:38:55.0495 2988 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
21:38:55.0496 2988 partmgr - ok
21:38:55.0594 2988 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:38:55.0619 2988 Parvdm - ok
21:38:55.0853 2988 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:38:55.0859 2988 PcaSvc - ok
21:38:55.0890 2988 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:38:55.0893 2988 pci - ok
21:38:55.0915 2988 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:38:55.0916 2988 pciide - ok
21:38:55.0941 2988 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:38:55.0945 2988 pcmcia - ok
21:38:55.0960 2988 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:38:55.0961 2988 pcw - ok
21:38:56.0117 2988 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:38:56.0128 2988 PEAUTH - ok
21:38:56.0403 2988 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:38:56.0481 2988 PeerDistSvc - ok
21:38:56.0918 2988 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
21:38:56.0947 2988 pla - ok
21:38:57.0640 2988 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
21:38:57.0649 2988 PlugPlay - ok
21:38:57.0722 2988 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
21:38:57.0725 2988 Pml Driver HPZ12 - ok
21:38:57.0749 2988 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:38:57.0754 2988 PNRPAutoReg - ok
21:38:57.0791 2988 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:38:57.0795 2988 PNRPsvc - ok
21:38:57.0852 2988 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
21:38:57.0899 2988 PolicyAgent - ok
21:38:58.0134 2988 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
21:38:58.0140 2988 Power - ok
21:38:58.0262 2988 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:38:58.0264 2988 PptpMiniport - ok
21:38:58.0287 2988 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:38:58.0290 2988 Processor - ok
21:38:58.0340 2988 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
21:38:58.0345 2988 ProfSvc - ok
21:38:58.0374 2988 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:38:58.0375 2988 ProtectedStorage - ok
21:38:58.0411 2988 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:38:58.0414 2988 Psched - ok
21:38:58.0839 2988 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:38:58.0898 2988 ql2300 - ok
21:38:59.0210 2988 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:38:59.0213 2988 ql40xx - ok
21:38:59.0268 2988 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:38:59.0275 2988 QWAVE - ok
21:38:59.0303 2988 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:38:59.0305 2988 QWAVEdrv - ok
21:38:59.0326 2988 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:38:59.0328 2988 RasAcd - ok
21:38:59.0375 2988 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:38:59.0377 2988 RasAgileVpn - ok
21:38:59.0442 2988 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:38:59.0447 2988 RasAuto - ok
21:38:59.0492 2988 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:59.0494 2988 Rasl2tp - ok
21:38:59.0568 2988 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
21:38:59.0576 2988 RasMan - ok
21:38:59.0613 2988 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:59.0615 2988 RasPppoe - ok
21:38:59.0696 2988 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:38:59.0707 2988 RasSstp - ok
21:39:00.0125 2988 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:00.0129 2988 rdbss - ok
21:39:00.0182 2988 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:39:00.0183 2988 rdpbus - ok
21:39:00.0202 2988 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:00.0203 2988 RDPCDD - ok
21:39:00.0335 2988 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:39:00.0338 2988 RDPDR - ok
21:39:00.0374 2988 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:39:00.0375 2988 RDPENCDD - ok
21:39:00.0415 2988 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:39:00.0418 2988 RDPREFMP - ok
21:39:00.0490 2988 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
21:39:00.0495 2988 RDPWD - ok
21:39:00.0577 2988 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:39:00.0581 2988 rdyboost - ok
21:39:00.0630 2988 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:39:00.0634 2988 RemoteAccess - ok
21:39:01.0211 2988 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:39:01.0216 2988 RemoteRegistry - ok
21:39:01.0338 2988 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:39:01.0350 2988 RpcEptMapper - ok
21:39:01.0383 2988 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:39:01.0386 2988 RpcLocator - ok
21:39:01.0530 2988 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:39:01.0537 2988 RpcSs - ok
21:39:02.0073 2988 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
21:39:02.0079 2988 RsFx0103 - ok
21:39:02.0134 2988 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:02.0136 2988 rspndr - ok
21:39:02.0229 2988 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:39:02.0231 2988 RTL8023xp - ok
21:39:02.0260 2988 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:39:02.0261 2988 s3cap - ok
21:39:02.0330 2988 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:39:02.0332 2988 SamSs - ok
21:39:02.0498 2988 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:39:02.0498 2988 SASDIFSV - ok
21:39:02.0611 2988 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:39:02.0612 2988 SASKUTIL - ok
21:39:02.0646 2988 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:39:02.0649 2988 sbp2port - ok
21:39:02.0734 2988 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:39:02.0739 2988 SCardSvr - ok
21:39:02.0760 2988 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:02.0762 2988 scfilter - ok
21:39:02.0924 2988 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
21:39:02.0949 2988 Schedule - ok
21:39:03.0132 2988 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:39:03.0134 2988 SCPolicySvc - ok
21:39:03.0178 2988 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
21:39:03.0181 2988 sdbus - ok
21:39:03.0219 2988 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
21:39:03.0224 2988 SDRSVC - ok
21:39:03.0262 2988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:39:03.0264 2988 secdrv - ok
21:39:03.0271 2988 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:39:03.0275 2988 seclogon - ok
21:39:03.0301 2988 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:39:03.0314 2988 SENS - ok
21:39:03.0326 2988 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:39:03.0331 2988 SensrSvc - ok
21:39:03.0366 2988 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:39:03.0368 2988 Serenum - ok
21:39:03.0378 2988 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:39:03.0383 2988 Serial - ok
21:39:03.0459 2988 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:39:03.0461 2988 sermouse - ok
21:39:03.0559 2988 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
21:39:03.0564 2988 SessionEnv - ok
21:39:03.0627 2988 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:39:03.0629 2988 sffdisk - ok
21:39:03.0635 2988 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:39:03.0637 2988 sffp_mmc - ok
21:39:03.0647 2988 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:39:03.0650 2988 sffp_sd - ok
21:39:03.0660 2988 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:39:03.0661 2988 sfloppy - ok
21:39:03.0957 2988 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
21:39:03.0967 2988 ShellHWDetection - ok
21:39:04.0057 2988 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:39:04.0059 2988 sisagp - ok
21:39:04.0096 2988 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:39:04.0098 2988 SiSRaid2 - ok
21:39:04.0322 2988 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:39:04.0353 2988 SiSRaid4 - ok
21:39:04.0511 2988 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
21:39:04.0515 2988 SkypeUpdate - ok
21:39:04.0554 2988 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:39:04.0557 2988 Smb - ok
21:39:04.0622 2988 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:39:04.0625 2988 SNMPTRAP - ok
21:39:04.0647 2988 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:39:04.0648 2988 spldr - ok
21:39:04.0657 2988 Spooler - ok
21:39:06.0941 2988 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
21:39:07.0066 2988 sppsvc - ok
21:39:07.0782 2988 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
21:39:07.0787 2988 sppuinotify - ok
21:39:08.0276 2988 SpyHunter 4 Service (f9ec94e35f5019a8e82665e1ef4b4d02) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
21:39:08.0312 2988 SpyHunter 4 Service - ok
21:39:08.0533 2988 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:39:08.0541 2988 SQLAgent$SQLEXPRESS - ok
21:39:09.0398 2988 SQLAgent$XACTWARE (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE
21:39:09.0446 2988 SQLAgent$XACTWARE - ok
21:39:09.0543 2988 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:39:09.0550 2988 SQLBrowser - ok
21:39:09.0614 2988 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:39:09.0617 2988 SQLWriter - ok
21:39:10.0869 2988 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:39:10.0886 2988 srv - ok
21:39:10.0917 2988 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:39:10.0924 2988 srv2 - ok
21:39:11.0408 2988 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:39:11.0413 2988 SrvHsfHDA - ok
21:39:11.0705 2988 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:39:11.0722 2988 SrvHsfV92 - ok
21:39:11.0828 2988 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:39:11.0856 2988 SrvHsfWinac - ok
21:39:11.0903 2988 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:11.0906 2988 srvnet - ok
21:39:11.0964 2988 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
21:39:11.0972 2988 ssadbus - ok
21:39:12.0029 2988 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:39:12.0031 2988 ssadmdfl - ok
21:39:12.0100 2988 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:39:12.0104 2988 ssadmdm - ok
21:39:12.0527 2988 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:39:12.0553 2988 SSDPSRV - ok
21:39:12.0608 2988 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:39:12.0612 2988 SstpSvc - ok
21:39:12.0653 2988 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:39:12.0656 2988 stexstor - ok
21:39:12.0726 2988 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
21:39:12.0738 2988 StiSvc - ok
21:39:12.0760 2988 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:39:12.0761 2988 storflt - ok
21:39:12.0872 2988 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:39:12.0888 2988 storvsc - ok
21:39:12.0911 2988 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:39:12.0912 2988 swenum - ok
21:39:14.0015 2988 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:39:14.0035 2988 swprv - ok
21:39:15.0652 2988 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
21:39:15.0699 2988 SysMain - ok
21:39:15.0773 2988 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
21:39:15.0784 2988 TabletInputService - ok
21:39:15.0815 2988 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
21:39:15.0822 2988 TapiSrv - ok
21:39:15.0839 2988 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:39:15.0843 2988 TBS - ok
21:39:16.0840 2988 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
21:39:16.0916 2988 Tcpip - ok
21:39:16.0946 2988 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:16.0957 2988 TCPIP6 - ok
21:39:17.0006 2988 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:39:17.0010 2988 tcpipreg - ok
21:39:17.0071 2988 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:39:17.0073 2988 TDPIPE - ok
21:39:17.0129 2988 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
21:39:17.0131 2988 TDTCP - ok
21:39:17.0174 2988 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:39:17.0177 2988 tdx - ok
21:39:17.0231 2988 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:39:17.0232 2988 TermDD - ok
21:39:17.0411 2988 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
21:39:17.0446 2988 TermService - ok
21:39:17.0481 2988 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:39:17.0485 2988 Themes - ok
21:39:17.0542 2988 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:39:17.0544 2988 THREADORDER - ok
21:39:17.0623 2988 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:39:17.0626 2988 TrkWks - ok
21:39:17.0698 2988 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
21:39:17.0702 2988 TrustedInstaller - ok
21:39:17.0743 2988 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:17.0749 2988 tssecsrv - ok
21:39:17.0789 2988 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:17.0791 2988 tunnel - ok
21:39:17.0853 2988 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:39:17.0856 2988 uagp35 - ok
21:39:17.0907 2988 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:39:17.0912 2988 udfs - ok
21:39:18.0007 2988 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:39:18.0011 2988 UI0Detect - ok
21:39:18.0078 2988 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:39:18.0081 2988 uliagpkx - ok
21:39:18.0200 2988 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:39:18.0201 2988 umbus - ok
21:39:18.0241 2988 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:39:18.0242 2988 UmPass - ok
21:39:18.0294 2988 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
21:39:18.0302 2988 UmRdpService - ok
21:39:18.0844 2988 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:39:18.0853 2988 UMVPFSrv - ok
21:39:18.0895 2988 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:39:18.0914 2988 upnphost - ok
21:39:19.0017 2988 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:39:19.0039 2988 USBAAPL - ok
21:39:19.0089 2988 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:39:19.0092 2988 usbaudio - ok
21:39:19.0123 2988 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:19.0125 2988 usbccgp - ok
21:39:19.0159 2988 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:39:19.0193 2988 usbcir - ok
21:39:19.0210 2988 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
21:39:19.0212 2988 usbehci - ok
21:39:19.0255 2988 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:19.0260 2988 usbhub - ok
21:39:19.0275 2988 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:39:19.0276 2988 usbohci - ok
21:39:19.0302 2988 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:19.0304 2988 usbprint - ok
21:39:19.0340 2988 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:39:19.0342 2988 usbscan - ok
21:39:19.0409 2988 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:19.0411 2988 USBSTOR - ok
21:39:19.0450 2988 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:39:19.0451 2988 usbuhci - ok
21:39:19.0540 2988 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
21:39:19.0543 2988 usbvideo - ok
21:39:19.0574 2988 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:39:19.0579 2988 UxSms - ok
21:39:19.0620 2988 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:39:19.0622 2988 VaultSvc - ok
21:39:19.0666 2988 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:39:19.0668 2988 vdrvroot - ok
21:39:20.0135 2988 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
21:39:20.0146 2988 vds - ok
21:39:20.0209 2988 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:20.0213 2988 vga - ok
21:39:20.0237 2988 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:39:20.0238 2988 VgaSave - ok
21:39:20.0272 2988 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:39:20.0276 2988 vhdmp - ok
21:39:20.0393 2988 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:39:20.0395 2988 viaagp - ok
21:39:20.0451 2988 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:39:20.0453 2988 ViaC7 - ok
21:39:20.0501 2988 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:39:20.0503 2988 viaide - ok
21:39:20.0532 2988 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:39:20.0536 2988 vmbus - ok
21:39:20.0544 2988 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:39:20.0547 2988 VMBusHID - ok
21:39:20.0571 2988 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:39:20.0572 2988 volmgr - ok
21:39:21.0030 2988 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:39:21.0072 2988 volmgrx - ok
21:39:21.0094 2988 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:39:21.0099 2988 volsnap - ok
21:39:21.0176 2988 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:39:21.0206 2988 vsmraid - ok
21:39:22.0080 2988 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
21:39:22.0133 2988 VSS - ok
21:39:22.0155 2988 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:22.0156 2988 vwifibus - ok
21:39:22.0188 2988 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:22.0190 2988 vwififlt - ok
21:39:22.0220 2988 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:39:22.0221 2988 vwifimp - ok
21:39:22.0934 2988 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:39:22.0942 2988 W32Time - ok
21:39:22.0974 2988 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:39:22.0976 2988 WacomPen - ok
21:39:23.0047 2988 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:23.0049 2988 WANARP - ok
21:39:23.0063 2988 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:23.0064 2988 Wanarpv6 - ok
21:39:23.0678 2988 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
21:39:23.0744 2988 wbengine - ok
21:39:23.0782 2988 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:39:23.0804 2988 WbioSrvc - ok
21:39:24.0166 2988 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
21:39:24.0190 2988 wcncsvc - ok
21:39:24.0304 2988 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:39:24.0308 2988 WcsPlugInService - ok
21:39:24.0386 2988 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:39:24.0390 2988 Wd - ok
21:39:24.0429 2988 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:39:24.0437 2988 Wdf01000 - ok
21:39:24.0505 2988 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:39:24.0509 2988 WdiServiceHost - ok
21:39:24.0515 2988 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:39:24.0519 2988 WdiSystemHost - ok
21:39:24.0950 2988 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
21:39:24.0979 2988 WebClient - ok
21:39:25.0054 2988 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:39:25.0060 2988 Wecsvc - ok
21:39:25.0111 2988 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:39:25.0115 2988 wercplsupport - ok
21:39:25.0162 2988 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:39:25.0166 2988 WerSvc - ok
21:39:25.0216 2988 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:25.0218 2988 WfpLwf - ok
21:39:25.0287 2988 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:39:25.0295 2988 WIMMount - ok
21:39:25.0375 2988 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:39:25.0387 2988 winachsf - ok
21:39:25.0415 2988 WinHttpAutoProxySvc - ok
21:39:25.0608 2988 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:39:25.0612 2988 Winmgmt - ok
21:39:26.0025 2988 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
21:39:26.0084 2988 WinRM - ok
21:39:26.0289 2988 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:39:26.0307 2988 Wlansvc - ok
21:39:26.0406 2988 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:39:26.0407 2988 WmiAcpi - ok
21:39:26.0864 2988 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:39:26.0868 2988 wmiApSrv - ok
21:39:27.0064 2988 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:39:27.0091 2988 WMPNetworkSvc - ok
21:39:27.0143 2988 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:39:27.0147 2988 WPCSvc - ok
21:39:27.0222 2988 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
21:39:27.0227 2988 WPDBusEnum - ok
21:39:27.0344 2988 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:27.0354 2988 ws2ifsl - ok
21:39:27.0368 2988 WSearch - ok
21:39:27.0490 2988 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:39:27.0493 2988 WudfPf - ok
21:39:27.0535 2988 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:27.0539 2988 WUDFRd - ok
21:39:27.0637 2988 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
21:39:27.0642 2988 wudfsvc - ok
21:39:27.0678 2988 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:39:27.0687 2988 WwanSvc - ok
21:39:27.0733 2988 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:39:27.0734 2988 XAudio - ok
21:39:27.0809 2988 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
21:39:27.0833 2988 XAudioService - ok
21:39:28.0114 2988 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:39:28.0126 2988 YahooAUService - ok
21:39:28.0283 2988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:39:28.0372 2988 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:39:28.0372 2988 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:39:28.0380 2988 Boot (0x1200) (6827750e65b65b5ee2e27d314ddba366) \Device\Harddisk0\DR0\Partition0
21:39:28.0382 2988 \Device\Harddisk0\DR0\Partition0 - ok
21:39:28.0414 2988 Boot (0x1200) (4899ce11c485043c62cebe776110a164) \Device\Harddisk0\DR0\Partition1
21:39:28.0416 2988 \Device\Harddisk0\DR0\Partition1 - ok
21:39:28.0421 2988 ============================================================
21:39:28.0421 2988 Scan finished
21:39:28.0421 2988 ============================================================
21:39:28.0440 3340 Detected object count: 1
21:39:28.0440 3340 Actual detected object count: 1
21:39:35.0569 3340 \Device\Harddisk0\DR0\# - copied to quarantine
21:39:35.0570 3340 \Device\Harddisk0\DR0 - copied to quarantine
21:39:35.0619 3340 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:39:35.0627 3340 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:39:35.0634 3340 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:39:35.0640 3340 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:39:35.0645 3340 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:39:35.0655 3340 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:39:35.0662 3340 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:39:35.0664 3340 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:39:35.0665 3340 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:39:35.0666 3340 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:39:35.0669 3340 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:39:35.0671 3340 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:39:35.0699 3340 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:39:35.0701 3340 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:39:35.0713 3340 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:39:35.0715 3340 \Device\Harddisk0\DR0 - ok
21:39:35.0724 3340 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:39:42.0673 3828 Deinitialize success

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 29 July 2012 - 09:48 PM

that removed the rootkit go ahead and see if combofix will now run



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 July 2012 - 10:17 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 21:46:26
-----------------------------
21:46:26.701 OS Version: Windows 6.1.7600
21:46:26.701 Number of processors: 2 586 0x4802
21:46:26.703 ComputerName: MIKE-PC UserName: Mike
21:46:43.445 Initialize success
21:48:21.047 AVAST engine defs: 12072901
21:48:27.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:48:27.784 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC70P Size: 152627MB BusType: 3
21:48:27.798 Disk 0 MBR read successfully
21:48:27.803 Disk 0 MBR scan
21:48:27.809 Disk 0 Windows 7 default MBR code
21:48:27.821 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:48:27.840 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
21:48:27.850 Disk 0 scanning sectors +312578048
21:48:27.915 Disk 0 scanning C:\Windows\system32\drivers
21:48:41.212 Service scanning
21:49:27.064 Modules scanning
21:49:39.767 Disk 0 trace - called modules:
21:49:39.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:49:39.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85488990]
21:49:39.824 3 CLASSPNP.SYS[8839a59e] -> nt!IofCallDriver -> [0x85372918]
21:49:39.832 5 ACPI.sys[87e193b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x846e2908]
21:49:42.053 AVAST engine scan C:\Windows
21:49:44.254 AVAST engine scan C:\Windows\system32
21:52:08.008 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:53:51.293 AVAST engine scan C:\Windows\system32\drivers
21:54:06.517 AVAST engine scan C:\Users\Mike
21:58:17.646 AVAST engine scan C:\ProgramData
21:59:06.625 Scan finished successfully
22:16:08.462 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
22:16:08.471 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

I just posted that other log,I will try to run Combo fix now.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 29 July 2012 - 10:31 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mcompton1973

mcompton1973
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 29 July 2012 - 10:44 PM

ComboFix 12-07-29.02 - Mike 07/29/2012 22:29:26.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1790.931 [GMT -5:00]
Running from: C:\Users\Mike\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Mike\g2mdlhlpx.exe
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\L\00000004.@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\L\1afb2d56
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\L\201d3dde
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\U\00000004.@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\U\00000008.@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\U\000000cb.@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\U\80000000.@
C:\Windows\Installer\{4d86acad-8bd4-d705-74bc-cecb6e82ea9f}\U\80000032.@

Infected copy of C:\Windows\system32\Services.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b!services.exe


((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))


2012-07-30 03:37:02 . 2012-07-30 03:37:02 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-30 02:39:35 . 2012-07-30 02:39:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 05:03:59 . 2012-07-20 05:04:00 -------- d-----w- C:\Program Files\AVG
2012-07-20 04:54:21 . 2012-07-20 04:54:21 -------- d-----w- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2012-07-20 04:53:15 . 2012-07-20 05:04:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-20 04:53:15 . 2012-07-20 04:53:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-20 04:53:13 . 2012-07-20 13:06:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-20 04:53:13 . 2012-07-20 04:53:22 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-07-20 04:48:13 . 2012-07-22 03:49:52 -------- d-----w- C:\ProgramData\MFAData
2012-07-20 04:48:13 . 2012-07-20 04:48:13 -------- d--h--w- C:\ProgramData\Common Files
2012-07-18 16:30:57 . 2012-07-18 16:31:41 883616 ----a-w- C:\FixExec.exe
2012-07-18 16:26:01 . 2012-07-18 16:26:01 110080 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe
2012-07-18 16:26:01 . 2012-07-18 16:26:01 110080 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe
2012-07-18 16:26:01 . 2012-07-18 16:26:01 110080 ----a-r- C:\Users\Mike\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe
2012-07-18 16:25:59 . 2012-07-18 16:26:13 -------- d-----w- C:\sh4ldr
2012-07-18 16:25:59 . 2012-07-18 16:25:59 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-18 16:25:41 . 2012-07-18 16:26:05 -------- d-----w- C:\Windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-18 16:25:36 . 2012-07-18 16:25:36 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2012-07-18 15:19:50 . 2012-07-18 15:19:50 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes
2012-07-18 15:19:25 . 2012-07-18 15:19:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-18 15:19:24 . 2012-07-18 15:19:33 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-18 15:19:24 . 2012-07-03 18:46:44 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-07-18 14:48:56 . 2012-07-18 14:48:56 -------- d-sh--w- C:\Windows\system32\%APPDATA%
2012-07-18 14:44:42 . 2012-07-18 14:44:42 -------- d-----w- C:\Users\Mike\AppData\Local\{A3A15572-D0E6-11E1-8270-B8AC6F996F26}
2012-07-18 14:41:30 . 2012-07-18 14:41:30 -------- d-----w- C:\Users\Mike\AppData\Local\{A3A121B0-D0E6-11E1-8270-B8AC6F996F26}
2012-07-18 14:41:25 . 2012-07-18 14:43:19 -------- d-----w- C:\ProgramData\036E190F000905D602BA85A64F147C45
2012-07-12 03:24:29 . 2012-07-12 03:24:29 -------- d-----w- C:\Windows\BisonC07
2012-07-11 08:34:46 . 2009-09-10 05:52:05 257024 ----a-w- C:\Windows\system32\msv1_0.dll
2012-07-11 08:08:22 . 2012-06-18 08:14:40 6762896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFF33AF4-AABD-46A6-9487-E6B33789B089}\mpengine.dll
2012-07-11 07:55:00 . 2012-03-01 05:53:27 19312 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-07-11 07:55:00 . 2012-03-01 05:49:05 172544 ----a-w- C:\Windows\system32\wintrust.dll
2012-07-11 07:55:00 . 2012-03-01 05:45:05 158720 ----a-w- C:\Windows\system32\imagehlp.dll
2012-07-11 07:55:00 . 2012-03-01 05:40:44 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-07-11 07:48:27 . 2012-07-11 07:48:27 -------- d-----w- C:\Program Files\MSXML 4.0
2012-07-11 07:46:16 . 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-07-11 07:46:16 . 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-07-11 07:46:12 . 2011-03-03 05:29:23 132608 ----a-w- C:\Windows\system32\dnsrslvr.dll
2012-07-11 07:46:12 . 2011-03-03 05:27:30 28672 ----a-w- C:\Windows\system32\dnscacheugc.exe
2012-07-11 07:46:01 . 2011-12-16 07:59:17 690688 ----a-w- C:\Windows\system32\msvcrt.dll
2012-07-11 07:46:00 . 2011-02-19 05:32:08 34304 ----a-w- C:\Windows\system32\atmlib.dll
2012-07-11 07:46:00 . 2011-02-19 03:37:02 294912 ----a-w- C:\Windows\system32\atmfd.dll
2012-07-11 07:44:59 . 2011-04-29 02:57:21 309760 ----a-w- C:\Windows\system32\drivers\srv2.sys
2012-07-11 07:43:54 . 2011-02-12 05:30:49 191488 ----a-w- C:\Windows\system32\FXSCOVER.exe
2012-07-11 07:43:52 . 2011-08-27 04:43:07 571904 ----a-w- C:\Windows\system32\oleaut32.dll
2012-07-11 07:43:52 . 2011-08-27 04:43:06 233472 ----a-w- C:\Windows\system32\oleacc.dll
2012-07-11 07:43:49 . 2011-11-19 14:06:13 67072 ----a-w- C:\Windows\system32\packager.dll
2012-07-11 07:43:42 . 2009-10-19 14:10:06 70656 ----a-w- C:\Windows\system32\fontsub.dll
2012-07-11 07:43:39 . 2011-10-01 04:43:24 708608 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-07-11 07:43:36 . 2009-08-29 06:57:31 34816 ----a-w- C:\Windows\system32\msasn1.dll
2012-07-11 07:43:33 . 2012-03-17 07:20:17 56688 ----a-w- C:\Windows\system32\drivers\partmgr.sys
2012-07-11 07:43:02 . 2010-03-05 07:42:42 67584 ----a-w- C:\Windows\system32\asycfilt.dll
2012-07-11 07:41:59 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll
2012-07-11 07:40:56 . 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\system32\poqexec.exe
2012-07-11 07:40:06 . 2006-11-25 07:17:42 792368 ----a-w- C:\Windows\system32\drivers\BisonC07.sys
2012-07-11 07:40:06 . 2006-11-17 03:33:14 176128 ----a-w- C:\Windows\system32\BisonR07.dll
2012-07-11 07:40:06 . 2005-01-14 18:47:48 180224 ----a-w- C:\Windows\system\StillDrv.dll
2012-07-11 07:40:05 . 2012-07-11 07:40:05 -------- d-----w- C:\Windows\Options
2012-07-11 07:40:05 . 2006-11-10 23:57:16 131072 ----a-w- C:\Windows\system\BisonC07.dll
2012-07-11 07:40:05 . 2006-11-10 23:57:16 106496 ----a-w- C:\Windows\system\BisonV07.dll
2012-07-11 07:39:59 . 2012-07-11 07:39:59 -------- d-----w- C:\Users\Mike\AppData\Roaming\InstallShield
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-12 05:56:11 . 2012-06-01 20:17:50 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-07-12 05:56:11 . 2011-11-02 03:53:19 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19:33 . 2012-06-21 03:23:29 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:33 . 2012-06-21 03:23:29 45080 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:32 . 2012-06-21 03:23:16 35864 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:23 . 2012-06-21 03:23:16 577048 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:19:17 . 2012-06-21 03:23:27 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:12:32 . 2012-06-21 03:23:28 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:12:13 . 2012-06-21 03:23:16 88576 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-02 20:19:42 . 2012-06-21 03:22:58 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 20:12:20 . 2012-06-21 03:22:58 33792 ----a-w- C:\Windows\system32\wuapp.exe
2012-05-31 17:25:14 . 2011-10-31 23:24:33 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-06-14 22:20:49 . 2011-11-04 04:32:44 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-08-21 05:32:37 . D1BB750EB51694DE183E08B9C33BE5B2 . 316928 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[7] 2010-08-20 04:25:14 . 2FB4CE429488156B19C0D8E5C4552043 . 316928 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[7] 2009-07-14 01:14:41 . 49B6DD6AB3715B7A67965F17194E98A9 . 316416 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe

C:\Windows\System32\spoolsv.exe ... is missing !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 19:06:06 254696]
"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 20:08:06 205336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\Windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10:42 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28:32 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-02 03:27:39 136176 ----atw- C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 21:13:18 54576 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09:24 421736 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 18:46:44 462920 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 06:18:08 6276408 ----a-w- C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33:24 17418928 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31:16 2144088 --sha-r- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-07-20 05:04:43 3905408 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41:43 8192 ----a-w- C:\Program Files\Xvid\CheckUpdate.exe

R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [x]
R4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R4 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [x]
R4 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [x]
R4 UMVPFSrv;UMVPFSrv;C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\Program Files\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\sqlservr.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-07-30 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 20:17:50 . 2012-07-12 05:56:12]

2012-07-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-19 02:42:21 . 2012-02-19 02:42:18]

2012-07-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-19 02:42:21 . 2012-02-19 02:42:18]

2012-07-29 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093611839-2576436060-3906054045-1000Core.job
- C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 03:27:40 . 2011-11-02 03:27:39]

2012-07-30 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4093611839-2576436060-3906054045-1000UA.job
- C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02 03:27:40 . 2011-11-02 03:27:39]

2012-07-30 C:\Windows\Tasks\HP Photo Creations Communicator.job
- C:\ProgramData\HP Photo Creations\Communicator.exe [2012-06-13 19:28:40 . 2012-06-13 19:28:40]


------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ypjg4yhc.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG_TRAY - C:\Program Files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-Facebook Update - C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-vProt - C:\Program Files\AVG Secure Search\vprot.exe

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:15 PM

Posted 29 July 2012 - 10:46 PM

greetings


That looks like only half the report can you verify if that is the whole report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users