Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer crashes/restarts in a loop


  • This topic is locked This topic is locked
18 replies to this topic

#1 jyreardo

jyreardo

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 09 August 2012 - 12:18 PM

My laptop will work for about 25 minutes, then I get a blue screen, it crashes and restarts. I've run Malbyes with no success on stopping whatever is taking place. I got a RunDLL error at start up. This has been going on for a week or so. BestBuy said to post my log here.

This is the photo of the screen I get. Its the same as another guy I saw in the forum.





.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Yale at 13:35:49 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2476 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.espn.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\7A01B2~1.LNK - C:\Windows\System32\rundll32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4EBE9DB6-A34F-4C52-B61A-69B3A0C58A34} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8017F22D-3EE3-47B0-A5C2-D1305FBC71F5} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8017F22D-3EE3-47B0-A5C2-D1305FBC71F5}\2456C6B696E6F5E413F5034314630314 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8017F22D-3EE3-47B0-A5C2-D1305FBC71F5}\2556162746F6E6E45677 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8017F22D-3EE3-47B0-A5C2-D1305FBC71F5}\2656C6B696E6E233439373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8017F22D-3EE3-47B0-A5C2-D1305FBC71F5}\6636475736B65627 : DhcpNameServer = 64.132.94.250 216.136.95.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Notify: hretywa - C:\Windows\system32\config\systemprofile\AppData\Local\hretywa.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yale\AppData\Roaming\Mozilla\Firefox\Profiles\mhdnagza.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;C:\Windows\system32\drivers\FixTDSS.sys --> C:\Windows\system32\drivers\FixTDSS.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-16 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-08 17:05:13 -------- d-----w- C:\ProgramData\Geek Squad
2012-08-08 14:02:40 -------- d-----w- C:\Users\Yale\AppData\Local\adaware
2012-08-08 14:01:15 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-08-08 14:01:13 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-08-08 14:01:13 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-08-08 14:01:10 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-08 14:00:34 -------- d-----w- C:\Users\Yale\AppData\Local\Downloaded Installations
2012-08-08 13:59:06 -------- d-----w- C:\Users\Yale\AppData\Local\adawarebp
2012-08-08 13:59:06 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-08 13:59:04 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-08-08 13:59:00 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-08-08 13:58:27 -------- d-----w- C:\Users\Yale\AppData\Roaming\Ad-Aware Antivirus
2012-08-08 13:48:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-08-08 13:48:50 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-08-08 13:48:50 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-08-08 13:48:50 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-08-08 13:48:49 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-08-08 13:48:49 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-08-08 13:48:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-08-08 13:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-08-08 13:48:49 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-08-08 02:53:36 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-08-08 02:53:36 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-08-08 02:53:34 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-08-08 02:53:34 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-08-08 02:52:21 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-08 02:52:15 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-08 02:46:24 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-08-04 21:13:09 -------- d-----w- C:\6fc7f7c5fe8cd19128542472efdfd31b
2012-08-04 01:15:50 -------- d-----w- C:\Users\Yale\AppData\Local\ElevatedDiagnostics
2012-08-03 11:52:22 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-03 11:52:22 -------- d-----w- C:\Program Files\AVAST Software
2012-08-03 03:10:30 -------- d-----w- C:\Users\Yale\AppData\Roaming\TestApp
2012-08-03 03:10:30 -------- d-----w- C:\ProgramData\PC Tools
2012-07-16 20:56:39 -------- d-----w- C:\Netgear
.
==================== Find3M ====================
.
2012-06-28 23:38:01 27256 ----a-w- C:\Windows\System32\drivers\FixTDSS.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:38:45.56 ===============

Attached Files


Edited by hamluis, 09 August 2012 - 01:57 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 10 August 2012 - 08:57 AM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 10 August 2012 - 12:24 PM

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 13:12:35
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Yale\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Yale\...\Run: [WDMStreaming] "C:\Users\Yale\AppData\Local\WDM\WDMStreaming.exe" /x [70112 2012-05-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs:
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\7A01B2F0-3817-39F8-0783-5994AD660CE6.lnk
ShortcutTarget: 7A01B2F0-3817-39F8-0783-5994AD660CE6.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

========================== Drivers (Whitelisted) =============

0 FixTDSS; C:\Windows\System32\Drivers\FixTDSS.sys [27256 2012-06-28] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-10 09:01 - 2012-08-10 09:02 - 00000000 ____D C:\Users\Yale\Desktop\usb
2012-08-10 09:00 - 2012-08-10 09:00 - 01439703 ____A (Farbar) C:\Users\Yale\Desktop\FRST64.exe
2012-08-10 09:00 - 2012-08-10 09:00 - 00894526 ____A (Farbar) C:\Users\Yale\Desktop\FRST.exe
2012-08-09 09:10 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-09 09:10 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-09 09:10 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-09 09:10 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-09 09:10 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-09 09:10 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-09 09:10 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-09 09:10 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-09 09:10 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-08 09:05 - 2012-08-08 09:05 - 00000000 ____D C:\Users\All Users\Geek Squad
2012-08-08 06:01 - 2012-08-09 13:02 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-08 06:01 - 2012-08-08 06:01 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-08-08 05:59 - 2012-08-08 05:59 - 00000000 ____D C:\Users\Yale\AppData\Local\adawarebp
2012-08-08 05:58 - 2012-08-08 09:05 - 00000000 ____D C:\Users\Yale\AppData\Roaming\Ad-Aware Antivirus
2012-08-08 05:39 - 2012-08-08 05:39 - 00277008 ____A C:\Windows\Minidump\080812-18517-01.dmp
2012-08-08 04:59 - 2012-08-08 04:59 - 00277008 ____A C:\Windows\Minidump\080812-18392-01.dmp
2012-08-08 04:18 - 2012-08-08 04:18 - 00277008 ____A C:\Windows\Minidump\080812-18205-01.dmp
2012-08-08 03:37 - 2012-08-08 03:37 - 00277008 ____A C:\Windows\Minidump\080812-18688-01.dmp
2012-08-08 02:56 - 2012-08-08 02:56 - 00277008 ____A C:\Windows\Minidump\080812-20092-01.dmp
2012-08-08 02:16 - 2012-08-08 02:16 - 00277016 ____A C:\Windows\Minidump\080812-20560-01.dmp
2012-08-08 02:01 - 2012-08-08 02:01 - 00277016 ____A C:\Windows\Minidump\080812-19734-01.dmp
2012-08-08 01:46 - 2012-08-08 01:46 - 00277008 ____A C:\Windows\Minidump\080812-20529-01.dmp
2012-08-08 01:16 - 2012-08-08 01:16 - 00277008 ____A C:\Windows\Minidump\080812-22354-01.dmp
2012-08-08 00:35 - 2012-08-08 00:35 - 00277008 ____A C:\Windows\Minidump\080812-25771-01.dmp
2012-08-07 23:55 - 2012-08-07 23:55 - 00277016 ____A C:\Windows\Minidump\080812-30794-01.dmp
2012-08-07 23:40 - 2012-08-07 23:40 - 00272000 ____A C:\Windows\Minidump\080812-21715-01.dmp
2012-08-07 19:35 - 2012-08-07 19:35 - 00004008 ____A C:\Users\Yale\Documents\cc_20120807_233504.reg
2012-08-07 19:30 - 2012-08-09 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-07 19:30 - 2012-08-07 19:30 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 19:30 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-07 19:28 - 2012-08-08 05:39 - 298482515 ____A C:\Windows\MEMORY.DMP
2012-08-07 19:28 - 2012-08-07 19:28 - 00277024 ____A C:\Windows\Minidump\080712-29094-01.dmp
2012-08-07 18:54 - 2012-08-07 18:55 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Yale\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-07 18:53 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-07 18:53 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-07 18:53 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-07 18:53 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-07 18:53 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-07 18:53 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-07 18:48 - 2012-08-10 09:05 - 00001858 ____A C:\Windows\setupact.log
2012-08-07 18:48 - 2012-08-07 18:48 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 18:46 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-07 18:45 - 2012-08-07 18:45 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-08-07 18:42 - 2012-07-02 23:19 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-07 18:41 - 2012-08-07 18:41 - 00898344 ____A C:\Users\Yale\Documents\cc_20120807_224108.reg
2012-08-07 18:39 - 2012-08-07 18:39 - 00000000 ____D C:\Program Files\CCleaner
2012-08-07 18:39 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-07 18:39 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-07 18:39 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-07 18:39 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-07 18:39 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-07 18:39 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-07 18:39 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-07 18:39 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-07 18:39 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-07 18:39 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-07 18:39 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-07 18:39 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-07 18:39 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-07 18:39 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-07 18:39 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-07 18:39 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-07 18:39 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-07 18:39 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-07 18:39 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-07 18:39 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-07 18:39 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-07 18:39 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-07 18:39 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-07 18:39 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-07 18:39 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-07 18:39 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-07 18:39 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-07 18:39 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-04 13:13 - 2012-08-07 18:32 - 00000000 ____D C:\6fc7f7c5fe8cd19128542472efdfd31b
2012-08-03 20:19 - 2012-08-03 20:19 - 00000000 ____A C:\Users\Yale\Desktop\New Text Document.txt
2012-08-03 03:52 - 2012-08-03 03:52 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-03 03:52 - 2012-08-03 03:52 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-02 19:10 - 2012-08-02 19:10 - 00000000 ____D C:\Users\Yale\AppData\Roaming\TestApp
2012-08-02 19:10 - 2012-08-02 19:10 - 00000000 ____D C:\Users\All Users\PC Tools
2012-08-01 10:11 - 2012-08-08 05:39 - 00000000 ____D C:\Windows\Minidump
2012-07-16 12:56 - 2012-08-07 18:32 - 00000000 ____D C:\Netgear


============ 3 Months Modified Files ========================

2012-08-10 09:05 - 2012-08-07 18:48 - 00001858 ____A C:\Windows\setupact.log
2012-08-10 09:05 - 2011-12-03 19:31 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-10 09:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 09:02 - 2011-09-30 07:19 - 01459236 ____A C:\Windows\WindowsUpdate.log
2012-08-10 09:02 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 09:01 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 09:01 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 09:00 - 2012-08-10 09:00 - 01439703 ____A (Farbar) C:\Users\Yale\Desktop\FRST64.exe
2012-08-10 09:00 - 2012-08-10 09:00 - 00894526 ____A (Farbar) C:\Users\Yale\Desktop\FRST.exe
2012-08-08 05:49 - 2011-12-03 19:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-08 05:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At20.job
2012-08-08 05:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At19.job
2012-08-08 05:39 - 2012-08-08 05:39 - 00277008 ____A C:\Windows\Minidump\080812-18517-01.dmp
2012-08-08 05:39 - 2012-08-07 19:28 - 298482515 ____A C:\Windows\MEMORY.DMP
2012-08-08 04:59 - 2012-08-08 04:59 - 00277008 ____A C:\Windows\Minidump\080812-18392-01.dmp
2012-08-08 04:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At18.job
2012-08-08 04:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At17.job
2012-08-08 04:18 - 2012-08-08 04:18 - 00277008 ____A C:\Windows\Minidump\080812-18205-01.dmp
2012-08-08 03:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At16.job
2012-08-08 03:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At15.job
2012-08-08 03:37 - 2012-08-08 03:37 - 00277008 ____A C:\Windows\Minidump\080812-18688-01.dmp
2012-08-08 02:56 - 2012-08-08 02:56 - 00277008 ____A C:\Windows\Minidump\080812-20092-01.dmp
2012-08-08 02:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At14.job
2012-08-08 02:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At13.job
2012-08-08 02:16 - 2012-08-08 02:16 - 00277016 ____A C:\Windows\Minidump\080812-20560-01.dmp
2012-08-08 02:01 - 2012-08-08 02:01 - 00277016 ____A C:\Windows\Minidump\080812-19734-01.dmp
2012-08-08 01:46 - 2012-08-08 01:46 - 00277008 ____A C:\Windows\Minidump\080812-20529-01.dmp
2012-08-08 01:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At12.job
2012-08-08 01:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At11.job
2012-08-08 01:16 - 2012-08-08 01:16 - 00277008 ____A C:\Windows\Minidump\080812-22354-01.dmp
2012-08-08 00:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At10.job
2012-08-08 00:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At9.job
2012-08-08 00:35 - 2012-08-08 00:35 - 00277008 ____A C:\Windows\Minidump\080812-25771-01.dmp
2012-08-07 23:55 - 2012-08-07 23:55 - 00277016 ____A C:\Windows\Minidump\080812-30794-01.dmp
2012-08-07 23:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At8.job
2012-08-07 23:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At7.job
2012-08-07 23:40 - 2012-08-07 23:40 - 00272000 ____A C:\Windows\Minidump\080812-21715-01.dmp
2012-08-07 19:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At48.job
2012-08-07 19:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At47.job
2012-08-07 19:35 - 2012-08-07 19:35 - 00004008 ____A C:\Users\Yale\Documents\cc_20120807_233504.reg
2012-08-07 19:30 - 2012-08-07 19:30 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 19:28 - 2012-08-07 19:28 - 00277024 ____A C:\Windows\Minidump\080712-29094-01.dmp
2012-08-07 18:55 - 2012-08-07 18:54 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Yale\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-07 18:48 - 2012-08-07 18:48 - 00000000 ____A C:\Windows\setuperr.log
2012-08-07 18:48 - 2009-07-13 20:45 - 00412872 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-07 18:45 - 2012-08-07 18:45 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-08-07 18:42 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At46.job
2012-08-07 18:42 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At45.job
2012-08-07 18:41 - 2012-08-07 18:41 - 00898344 ____A C:\Users\Yale\Documents\cc_20120807_224108.reg
2012-08-03 20:19 - 2012-08-03 20:19 - 00000000 ____A C:\Users\Yale\Desktop\New Text Document.txt
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At6.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At42.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At40.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At4.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At38.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At36.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At34.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At32.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At30.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At28.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At26.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At24.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At22.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At2.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At5.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At41.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At39.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At37.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At35.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At33.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At31.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At3.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At29.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At27.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At25.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At23.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At21.job
2012-07-13 16:50 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At1.job
2012-07-12 17:44 - 2011-12-08 08:30 - 00000352 ____A C:\Windows\Tasks\At44.job
2012-07-12 17:44 - 2011-12-08 08:30 - 00000350 ____A C:\Windows\Tasks\At43.job
2012-07-10 13:48 - 2012-07-10 13:48 - 00004156 ____A C:\Users\Yale\Desktop\Auto.lnk
2012-07-03 09:46 - 2012-08-07 19:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 23:19 - 2012-08-07 18:42 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-28 15:38 - 2012-06-28 15:38 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2012-06-11 19:02 - 2012-08-07 18:46 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-08-07 18:53 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-08-07 18:53 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-08-07 18:53 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-08-07 18:53 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-08-07 18:53 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-08-07 18:53 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-23 18:22 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 18:22 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 18:22 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 18:22 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 18:22 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 18:22 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 18:22 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 18:22 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 18:22 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-08-07 18:39 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-08-07 18:39 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-08-07 18:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-08-07 18:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-08-07 18:39 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-08-07 18:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-08-07 18:39 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-08-07 18:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-08-07 18:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-08-07 18:39 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-08-07 18:39 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-08-07 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-08-07 18:39 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-08-07 18:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-08-07 18:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-08-07 18:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-08-07 18:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-08-07 18:39 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-08-07 18:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-08-07 18:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-08-07 18:39 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-08-07 18:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-08-07 18:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-08-07 18:39 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-08-07 18:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-08-07 18:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-08-07 18:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-08-07 18:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-08-09 09:10 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-08-09 09:10 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-08-09 09:10 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-08-09 09:10 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-08-09 09:10 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-08-09 09:10 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-08-09 09:10 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-08-09 09:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-08-09 09:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 14:08 - 2012-05-30 14:08 - 00000833 ____A C:\Windows\System32\Drivers\etc\Hosts.txt
2012-05-16 07:31 - 2012-05-16 07:29 - 13336289 ____A C:\Users\Yale\Documents\U + Me = Us (Calculus).flv
2012-05-16 06:45 - 2012-05-16 06:42 - 25194641 ____A C:\Users\Yale\Documents\Whoa! Rub One Out Music Video _ PV.flv
2012-05-16 06:32 - 2012-05-16 06:27 - 14838349 ____A C:\Users\Yale\Documents\Kanye West - Lost In The World (Tiësto Remix).flv
2012-05-15 18:42 - 2012-05-15 18:38 - 12777853 ____A C:\Users\Yale\Documents\Lil Wayne ft. Fabolous & Juelz Santana - You Aint Got Nothin.flv
2012-05-15 10:55 - 2012-05-15 10:52 - 17351114 ____A C:\Users\Yale\Documents\_NEW 2011_ Lil' Wayne Ft. Cascada & Drake - One More Night (PROD. BY THE TRAK ADDICTS).flv

ZeroAccess:
c:\Windows\System32\consrv.dll

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: 3UP <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 4056.36 MB
Available physical RAM: 3227.96 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3220.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:157.71 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 124 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 124 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT Removable 124 MB Healthy

==================================================================================

Last Boot: 2012-08-08 00:24

======================= End Of Log ==========================




Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 13:14:28
Running from G:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows.old\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\system64\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 10 August 2012 - 01:26 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
cmd: del /a/f/q c:\windows\tasks\at*.job
c:\Windows\System32\consrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
TDL4: custom:26000022 <===== ATTENTION!
HKLM\...\.exe: 3UP <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 11 August 2012 - 05:20 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-11 17:34:36 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .

========= del /a/f/q c:\windows\tasks\at*.job =========


========= End of CMD: =========

C:\Windows\System32\consrv.dll moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

The operation completed successfully.
The operation completed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\Default value was restored successfully.

==== End of Fixlog ====









ComboFix 12-08-10.02 - Yale 08/11/2012 17:45:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2792 [GMT -4:00]
Running from: c:\users\Yale\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2663352711
c:\programdata\7A01B2F0-3817-39F8-0783-5994AD660CE6.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Yale\AppData\Local\dplayx.dll
c:\users\Yale\AppData\Local\TempDIR
c:\windows\SysWow64\7A01B2F0-3817-39F8-0783-5994AD660CE6.avi
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-10 21:12 . 2012-08-10 21:12 -------- d-----w- C:\FRST
2012-08-08 17:05 . 2012-08-08 17:05 -------- d-----w- c:\programdata\Geek Squad
2012-08-08 14:01 . 2012-08-08 14:01 -------- d-----w- c:\programdata\Lavasoft
2012-08-08 14:01 . 2012-08-09 21:02 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-08 13:59 . 2012-08-08 13:59 -------- d-----w- c:\users\Yale\AppData\Local\adawarebp
2012-08-08 13:58 . 2012-08-08 17:05 -------- d-----w- c:\users\Yale\AppData\Roaming\Ad-Aware Antivirus
2012-08-08 03:30 . 2012-08-09 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 03:30 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 02:53 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-08-08 02:53 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-08-08 02:53 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-08-08 02:53 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-08-08 02:53 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-08-08 02:52 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-08 02:52 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-08 02:46 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-08-08 02:42 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-08-04 21:13 . 2012-08-08 02:32 -------- d-----w- C:\6fc7f7c5fe8cd19128542472efdfd31b
2012-08-04 01:15 . 2012-08-04 21:14 -------- d-----w- c:\users\Yale\AppData\Local\ElevatedDiagnostics
2012-08-03 11:52 . 2012-08-03 11:52 -------- d-----w- c:\programdata\AVAST Software
2012-08-03 11:52 . 2012-08-03 11:52 -------- d-----w- c:\program files\AVAST Software
2012-08-03 03:10 . 2012-08-03 03:10 -------- d-----w- c:\users\Yale\AppData\Roaming\TestApp
2012-08-03 03:10 . 2012-08-03 03:10 -------- d-----w- c:\programdata\PC Tools
2012-07-16 20:56 . 2012-08-08 02:32 -------- d-----w- C:\Netgear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 23:38 . 2012-06-28 23:38 27256 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-06-02 22:19 . 2012-06-24 02:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 02:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 02:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 02:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 02:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 02:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 02:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 02:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-24 02:22 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"WDMStreaming"="c:\users\Yale\AppData\Local\WDM\WDMStreaming.exe" [2012-05-14 70112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
7A01B2F0-3817-39F8-0783-5994AD660CE6.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hretywa]
2011-12-10 07:56 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\hretywa.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1255736]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2012-06-28 27256]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 03:31]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-04 03:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.espn.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Yale\AppData\Roaming\Mozilla\Firefox\Profiles\mhdnagza.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.espn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-08-11 18:18:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 22:18
.
Pre-Run: 168,928,280,576 bytes free
Post-Run: 168,462,987,264 bytes free
.
- - End Of File - - 8D05645FC9573F5AD526CFD9C261B22E

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 12 August 2012 - 08:00 AM

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 13 August 2012 - 11:24 AM

I was able to run MalwareBytes but the other ETESCAN would take too long and my computer would crash everytime before the scan would finish. Here is the Malwarebytes log.




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Yale :: YALE-PC [administrator]

Protection: Enabled

8/13/2012 11:28:18 AM
mbam-log-2012-08-13 (11-28-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194577
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 13 August 2012 - 11:38 AM

are you using AVAST as your antivirus

is it working properly?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 13 August 2012 - 01:02 PM

I'm not using really any antivirus right now. I was using AdAware but deleted it. I thought MakBytes was my antivirus.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 13 August 2012 - 01:21 PM

MalwareBytes is an AntiMalware product which is different from an antivirus

please download Microsoft Security Essentials, it is excellent and free

install it and run it, let me know if it finds anything that isn't already in quarantine:

http://www.microsoft.com/security_essentials/

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 August 2012 - 11:30 AM

I ran Avast and it found some malware. I tried then running it during bootup and it would get about 92% done and then the blue screen showed up.

I got the Micosoft Security Essentials and it ran but found nothing. No matter what I do, I still get the blue screen about every 15-25 minutes when my computer is running. I dont know whats going on or how to stop it.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 14 August 2012 - 11:54 AM

we need to see what it says

please do the following:

Please download BlueScreenView (in zip file)
  • Extract (right-click > Extract all) the contents of bluescreenview.zip.
  • Double-click on the BlueScreenView.exe file, to run the program. (No installation is required.)
  • When scanning is done (usually complete by the time the interface appears), go …
  • Edit > Select All
  • File > Save Selected Items, and save the report to your Desktop as BSOD.txt.
  • Close the BlueScreenView window... ... …
  • Open BSOD.txt using Notepad and go ... .... ..
  • Edit > Select All
  • Edit > Copy, and then paste the entire contents of the text file into your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 August 2012 - 12:04 PM

==================================================
Dump File : 081412-20248-01.dmp
Crash Time : 8/14/2012 12:43:39 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95dce4fa
Parameter 2 : b3b7465e`e85b1d30
Parameter 3 : fffff800`00bc282c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-20248-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 081412-20779-01.dmp
Crash Time : 8/14/2012 12:14:59 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`959bd547
Parameter 2 : b3b7465e`e81a0d7d
Parameter 3 : fffff800`00bab82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-20779-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 081412-21543-01.dmp
Crash Time : 8/14/2012 11:44:59 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`959ad8df
Parameter 2 : b3b7465e`e8191115
Parameter 3 : fffff800`00ba182c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-21543-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 081412-27019-01.dmp
Crash Time : 8/14/2012 11:16:20 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`9560a622
Parameter 2 : b3b7465e`e7dede58
Parameter 3 : fffff800`00bb182c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-27019-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 081412-32105-01.dmp
Crash Time : 8/14/2012 11:01:32 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`96347782
Parameter 2 : b3b7465e`e8b2afb8
Parameter 3 : fffff800`00baa82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-32105-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 081412-27300-01.dmp
Crash Time : 8/14/2012 10:20:45 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95e48566
Parameter 2 : b3b7465e`e862bd9c
Parameter 3 : fffff800`00b9b82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081412-27300-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 081312-20498-01.dmp
Crash Time : 8/13/2012 11:10:38 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`962e4b64
Parameter 2 : b3b7465e`e8ac839a
Parameter 3 : fffff800`00bc582c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\081312-20498-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 272,064
==================================================

==================================================
Dump File : 080812-18517-01.dmp
Crash Time : 8/8/2012 9:39:57 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95b4c50a
Parameter 2 : b3b7465e`e832fd40
Parameter 3 : fffff800`00ba882c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-18517-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-18392-01.dmp
Crash Time : 8/8/2012 8:59:06 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95bee4e8
Parameter 2 : b3b7465e`e83d1d1e
Parameter 3 : fffff800`00bd382c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-18392-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-18205-01.dmp
Crash Time : 8/8/2012 8:18:21 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95a8f644
Parameter 2 : b3b7465e`e8272e7a
Parameter 3 : fffff800`00bb682c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-18205-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-18688-01.dmp
Crash Time : 8/8/2012 7:37:37 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95b764e8
Parameter 2 : b3b7465e`e8359d1e
Parameter 3 : fffff800`00ba282c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-18688-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-20092-01.dmp
Crash Time : 8/8/2012 6:56:53 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`95bbe554
Parameter 2 : b3b7465e`e83a1d8a
Parameter 3 : fffff800`00bc682c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-20092-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-20560-01.dmp
Crash Time : 8/8/2012 6:16:10 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`9565a62f
Parameter 2 : b3b7465e`e7e3de65
Parameter 3 : fffff800`00b9b82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-20560-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 080812-19734-01.dmp
Crash Time : 8/8/2012 6:01:19 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`958e36fc
Parameter 2 : b3b7465e`e80c6f32
Parameter 3 : fffff800`00bcb82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-19734-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 080812-20529-01.dmp
Crash Time : 8/8/2012 5:46:31 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`9593778d
Parameter 2 : b3b7465e`e811afc3
Parameter 3 : fffff800`00bb182c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-20529-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-22354-01.dmp
Crash Time : 8/8/2012 5:16:33 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`97271765
Parameter 2 : b3b7465e`e9a54fab
Parameter 3 : fffff800`00bc082c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-22354-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-25771-01.dmp
Crash Time : 8/8/2012 4:35:52 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`98019996
Parameter 2 : b3b7465e`ea7fd1cc
Parameter 3 : fffff800`00baf82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-25771-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,008
==================================================

==================================================
Dump File : 080812-30794-01.dmp
Crash Time : 8/8/2012 3:55:13 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`962475d8
Parameter 2 : b3b7465e`e8a2ae0e
Parameter 3 : fffff800`00b9a82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-30794-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,016
==================================================

==================================================
Dump File : 080812-21715-01.dmp
Crash Time : 8/8/2012 3:40:06 AM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`962576da
Parameter 2 : b3b7465e`e8a3af10
Parameter 3 : fffff800`00bd482c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080812-21715-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 272,000
==================================================

==================================================
Dump File : 080712-29094-01.dmp
Crash Time : 8/7/2012 11:28:24 PM
Bug Check String :
Bug Check Code : 0x00000109
Parameter 1 : a3a039d8`980467cf
Parameter 2 : b3b7465e`ea82a005
Parameter 3 : fffff800`00baa82c
Parameter 4 : 00000000`00000001
Caused By Driver : kdcom.dll
Caused By Address : kdcom.dll+182c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\080712-29094-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,024
==================================================

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:58 PM

Posted 14 August 2012 - 12:24 PM

please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT


  • Go to Start and type in cmd
  • Right-click on the cmd icon above, and click Run As Administrator
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 jyreardo

jyreardo
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 14 August 2012 - 01:13 PM

14:08:22.0279 4064 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:08:24.0291 4064 ============================================================
14:08:24.0291 4064 Current date / time: 2012/08/14 14:08:24.0291
14:08:24.0291 4064 SystemInfo:
14:08:24.0291 4064
14:08:24.0291 4064 OS Version: 6.1.7600 ServicePack: 0.0
14:08:24.0291 4064 Product type: Workstation
14:08:24.0291 4064 ComputerName: YALE-PC
14:08:24.0291 4064 UserName: Yale
14:08:24.0291 4064 Windows directory: C:\Windows
14:08:24.0291 4064 System windows directory: C:\Windows
14:08:24.0291 4064 Running under WOW64
14:08:24.0291 4064 Processor architecture: Intel x64
14:08:24.0291 4064 Number of processors: 2
14:08:24.0291 4064 Page size: 0x1000
14:08:24.0291 4064 Boot type: Normal boot
14:08:24.0291 4064 ============================================================
14:08:26.0194 4064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:26.0210 4064 ============================================================
14:08:26.0210 4064 \Device\Harddisk0\DR0:
14:08:26.0210 4064 MBR partitions:
14:08:26.0210 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:08:26.0210 4064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
14:08:26.0210 4064 ============================================================
14:08:26.0241 4064 C: <-> \Device\Harddisk0\DR0\Partition2
14:08:26.0241 4064 ============================================================
14:08:26.0241 4064 Initialize success
14:08:26.0241 4064 ============================================================
14:08:45.0351 3716 ============================================================
14:08:45.0351 3716 Scan started
14:08:45.0351 3716 Mode: Manual; TDLFS;
14:08:45.0351 3716 ============================================================
14:08:45.0913 3716 ================ Scan services =============================
14:08:46.0069 3716 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:08:46.0084 3716 1394ohci - ok
14:08:46.0131 3716 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:08:46.0131 3716 ACPI - ok
14:08:46.0147 3716 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:08:46.0147 3716 AcpiPmi - ok
14:08:46.0303 3716 [ c245e08ec469a52a622efdc9787a0dcc ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
14:08:46.0318 3716 AdobeActiveFileMonitor10.0 - ok
14:08:46.0428 3716 [ 11a52cf7b265631deeb24c6149309eff ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:08:46.0428 3716 AdobeARMservice - ok
14:08:46.0490 3716 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:08:46.0506 3716 adp94xx - ok
14:08:46.0552 3716 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:08:46.0552 3716 adpahci - ok
14:08:46.0568 3716 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:08:46.0584 3716 adpu320 - ok
14:08:46.0599 3716 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:08:46.0615 3716 AeLookupSvc - ok
14:08:46.0677 3716 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
14:08:46.0693 3716 AFD - ok
14:08:46.0740 3716 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:08:46.0740 3716 agp440 - ok
14:08:46.0755 3716 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:08:46.0755 3716 ALG - ok
14:08:46.0771 3716 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:08:46.0771 3716 aliide - ok
14:08:46.0786 3716 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:08:46.0802 3716 amdide - ok
14:08:46.0849 3716 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:08:46.0849 3716 AmdK8 - ok
14:08:46.0864 3716 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:08:46.0864 3716 AmdPPM - ok
14:08:46.0927 3716 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:08:46.0927 3716 amdsata - ok
14:08:46.0974 3716 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:08:46.0989 3716 amdsbs - ok
14:08:47.0005 3716 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:08:47.0005 3716 amdxata - ok
14:08:47.0052 3716 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:08:47.0052 3716 AppID - ok
14:08:47.0098 3716 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:08:47.0098 3716 AppIDSvc - ok
14:08:47.0114 3716 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
14:08:47.0114 3716 Appinfo - ok
14:08:47.0192 3716 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:08:47.0192 3716 Apple Mobile Device - ok
14:08:47.0239 3716 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
14:08:47.0239 3716 arc - ok
14:08:47.0254 3716 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:08:47.0254 3716 arcsas - ok
14:08:47.0286 3716 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:47.0286 3716 AsyncMac - ok
14:08:47.0301 3716 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:08:47.0301 3716 atapi - ok
14:08:47.0348 3716 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:08:47.0379 3716 AudioEndpointBuilder - ok
14:08:47.0395 3716 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:08:47.0395 3716 AudioSrv - ok
14:08:47.0442 3716 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:08:47.0442 3716 AxInstSV - ok
14:08:47.0488 3716 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:08:47.0520 3716 b06bdrv - ok
14:08:47.0566 3716 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:08:47.0566 3716 b57nd60a - ok
14:08:47.0660 3716 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:08:47.0707 3716 BCM43XX - ok
14:08:47.0738 3716 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:08:47.0738 3716 BDESVC - ok
14:08:47.0800 3716 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:08:47.0800 3716 Beep - ok
14:08:47.0863 3716 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
14:08:47.0878 3716 BFE - ok
14:08:47.0925 3716 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
14:08:47.0956 3716 BITS - ok
14:08:48.0003 3716 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:08:48.0003 3716 blbdrive - ok
14:08:48.0097 3716 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:08:48.0128 3716 Bonjour Service - ok
14:08:48.0175 3716 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:08:48.0175 3716 bowser - ok
14:08:48.0190 3716 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:08:48.0190 3716 BrFiltLo - ok
14:08:48.0206 3716 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:08:48.0206 3716 BrFiltUp - ok
14:08:48.0222 3716 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:08:48.0222 3716 BridgeMP - ok
14:08:48.0253 3716 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
14:08:48.0268 3716 Browser - ok
14:08:48.0284 3716 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:08:48.0284 3716 Brserid - ok
14:08:48.0315 3716 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:08:48.0315 3716 BrSerWdm - ok
14:08:48.0315 3716 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:08:48.0315 3716 BrUsbMdm - ok
14:08:48.0331 3716 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:08:48.0346 3716 BrUsbSer - ok
14:08:48.0362 3716 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:08:48.0362 3716 BTHMODEM - ok
14:08:48.0378 3716 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:08:48.0393 3716 bthserv - ok
14:08:48.0409 3716 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:08:48.0409 3716 cdfs - ok
14:08:48.0471 3716 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:08:48.0471 3716 cdrom - ok
14:08:48.0518 3716 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
14:08:48.0518 3716 CertPropSvc - ok
14:08:48.0549 3716 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:08:48.0549 3716 circlass - ok
14:08:48.0580 3716 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
14:08:48.0580 3716 CLFS - ok
14:08:48.0643 3716 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:48.0705 3716 clr_optimization_v2.0.50727_32 - ok
14:08:48.0752 3716 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:48.0783 3716 clr_optimization_v2.0.50727_64 - ok
14:08:48.0892 3716 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:48.0892 3716 clr_optimization_v4.0.30319_32 - ok
14:08:48.0924 3716 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:48.0924 3716 clr_optimization_v4.0.30319_64 - ok
14:08:48.0970 3716 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:48.0970 3716 CmBatt - ok
14:08:48.0986 3716 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:08:48.0986 3716 cmdide - ok
14:08:49.0048 3716 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:08:49.0048 3716 CNG - ok
14:08:49.0095 3716 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:08:49.0095 3716 Compbatt - ok
14:08:49.0126 3716 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:08:49.0126 3716 CompositeBus - ok
14:08:49.0158 3716 COMSysApp - ok
14:08:49.0189 3716 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:08:49.0189 3716 crcdisk - ok
14:08:49.0236 3716 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:08:49.0236 3716 CryptSvc - ok
14:08:49.0298 3716 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:08:49.0314 3716 DcomLaunch - ok
14:08:49.0360 3716 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:08:49.0360 3716 defragsvc - ok
14:08:49.0423 3716 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:08:49.0423 3716 DfsC - ok
14:08:49.0470 3716 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
14:08:49.0470 3716 Dhcp - ok
14:08:49.0501 3716 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:08:49.0501 3716 discache - ok
14:08:49.0548 3716 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:08:49.0563 3716 Disk - ok
14:08:49.0610 3716 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:08:49.0610 3716 Dnscache - ok
14:08:49.0626 3716 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
14:08:49.0641 3716 dot3svc - ok
14:08:49.0657 3716 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
14:08:49.0672 3716 DPS - ok
14:08:49.0719 3716 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:08:49.0719 3716 drmkaud - ok
14:08:49.0782 3716 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:08:49.0782 3716 DXGKrnl - ok
14:08:49.0828 3716 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:08:49.0828 3716 EapHost - ok
14:08:49.0953 3716 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:08:50.0047 3716 ebdrv - ok
14:08:50.0094 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
14:08:50.0094 3716 EFS - ok
14:08:50.0156 3716 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:08:50.0250 3716 ehRecvr - ok
14:08:50.0281 3716 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:08:50.0328 3716 ehSched - ok
14:08:50.0390 3716 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:08:50.0406 3716 elxstor - ok
14:08:50.0421 3716 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:08:50.0421 3716 ErrDev - ok
14:08:50.0468 3716 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:08:50.0468 3716 EventSystem - ok
14:08:50.0484 3716 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:08:50.0499 3716 exfat - ok
14:08:50.0515 3716 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:08:50.0515 3716 fastfat - ok
14:08:50.0577 3716 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
14:08:50.0593 3716 Fax - ok
14:08:50.0608 3716 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:08:50.0608 3716 fdc - ok
14:08:50.0640 3716 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:08:50.0655 3716 fdPHost - ok
14:08:50.0671 3716 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:08:50.0671 3716 FDResPub - ok
14:08:50.0686 3716 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:08:50.0686 3716 FileInfo - ok
14:08:50.0702 3716 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:08:50.0702 3716 Filetrace - ok
14:08:50.0764 3716 [ 00940c5e43282206994659d16b4ac412 ] FixTDSS C:\Windows\system32\drivers\FixTDSS.sys
14:08:50.0764 3716 FixTDSS - ok
14:08:50.0780 3716 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:50.0780 3716 flpydisk - ok
14:08:50.0811 3716 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:08:50.0811 3716 FltMgr - ok
14:08:50.0874 3716 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
14:08:50.0905 3716 FontCache - ok
14:08:50.0952 3716 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:50.0983 3716 FontCache3.0.0.0 - ok
14:08:50.0998 3716 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:08:50.0998 3716 FsDepends - ok
14:08:51.0030 3716 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:08:51.0030 3716 Fs_Rec - ok
14:08:51.0108 3716 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:08:51.0108 3716 fvevol - ok
14:08:51.0154 3716 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:08:51.0170 3716 gagp30kx - ok
14:08:51.0217 3716 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:51.0217 3716 GEARAspiWDM - ok
14:08:51.0248 3716 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
14:08:51.0279 3716 gpsvc - ok
14:08:51.0357 3716 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:51.0357 3716 gupdate - ok
14:08:51.0357 3716 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:51.0373 3716 gupdatem - ok
14:08:51.0373 3716 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:08:51.0388 3716 hcw85cir - ok
14:08:51.0451 3716 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:51.0451 3716 HdAudAddService - ok
14:08:51.0498 3716 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:08:51.0498 3716 HDAudBus - ok
14:08:51.0513 3716 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:08:51.0513 3716 HidBatt - ok
14:08:51.0529 3716 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:08:51.0544 3716 HidBth - ok
14:08:51.0544 3716 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:08:51.0560 3716 HidIr - ok
14:08:51.0591 3716 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
14:08:51.0591 3716 hidserv - ok
14:08:51.0622 3716 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:08:51.0622 3716 HidUsb - ok
14:08:51.0654 3716 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:08:51.0669 3716 hkmsvc - ok
14:08:51.0685 3716 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:08:51.0700 3716 HomeGroupListener - ok
14:08:51.0732 3716 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:08:51.0732 3716 HomeGroupProvider - ok
14:08:51.0747 3716 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:08:51.0763 3716 HpSAMD - ok
14:08:51.0810 3716 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:08:51.0841 3716 HTTP - ok
14:08:51.0856 3716 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:08:51.0856 3716 hwpolicy - ok
14:08:51.0919 3716 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:08:51.0919 3716 i8042prt - ok
14:08:51.0950 3716 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:08:51.0966 3716 iaStorV - ok
14:08:52.0012 3716 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:08:52.0106 3716 idsvc - ok
14:08:52.0309 3716 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:08:52.0465 3716 igfx - ok
14:08:52.0496 3716 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:08:52.0496 3716 iirsp - ok
14:08:52.0558 3716 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
14:08:52.0590 3716 IKEEXT - ok
14:08:52.0605 3716 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:08:52.0621 3716 intelide - ok
14:08:52.0652 3716 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:08:52.0652 3716 intelppm - ok
14:08:52.0668 3716 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:08:52.0668 3716 IPBusEnum - ok
14:08:52.0683 3716 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:08:52.0699 3716 IpFilterDriver - ok
14:08:52.0746 3716 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:08:52.0761 3716 iphlpsvc - ok
14:08:52.0777 3716 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:08:52.0777 3716 IPMIDRV - ok
14:08:52.0839 3716 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:08:52.0839 3716 IPNAT - ok
14:08:52.0917 3716 [ 755e4ba6dce627a2683bb7640553c8d6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:08:52.0948 3716 iPod Service - ok
14:08:52.0980 3716 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:08:52.0980 3716 IRENUM - ok
14:08:53.0011 3716 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:08:53.0011 3716 isapnp - ok
14:08:53.0026 3716 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:08:53.0042 3716 iScsiPrt - ok
14:08:53.0089 3716 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:08:53.0089 3716 kbdclass - ok
14:08:53.0120 3716 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:08:53.0120 3716 kbdhid - ok
14:08:53.0151 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
14:08:53.0151 3716 KeyIso - ok
14:08:53.0182 3716 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:08:53.0182 3716 KSecDD - ok
14:08:53.0229 3716 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:08:53.0229 3716 KSecPkg - ok
14:08:53.0245 3716 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:08:53.0260 3716 ksthunk - ok
14:08:53.0307 3716 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:08:53.0338 3716 KtmRm - ok
14:08:53.0401 3716 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:08:53.0416 3716 LanmanServer - ok
14:08:53.0432 3716 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:08:53.0448 3716 LanmanWorkstation - ok
14:08:53.0494 3716 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:08:53.0494 3716 lltdio - ok
14:08:53.0526 3716 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:08:53.0526 3716 lltdsvc - ok
14:08:53.0541 3716 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:08:53.0541 3716 lmhosts - ok
14:08:53.0588 3716 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:08:53.0604 3716 LSI_FC - ok
14:08:53.0604 3716 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:08:53.0619 3716 LSI_SAS - ok
14:08:53.0635 3716 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:08:53.0635 3716 LSI_SAS2 - ok
14:08:53.0650 3716 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:08:53.0650 3716 LSI_SCSI - ok
14:08:53.0666 3716 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:08:53.0682 3716 luafv - ok
14:08:53.0760 3716 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:08:53.0760 3716 MBAMProtector - ok
14:08:53.0853 3716 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:08:53.0869 3716 MBAMService - ok
14:08:53.0916 3716 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:08:53.0916 3716 Mcx2Svc - ok
14:08:53.0931 3716 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:08:53.0931 3716 megasas - ok
14:08:53.0962 3716 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:08:53.0962 3716 MegaSR - ok
14:08:54.0040 3716 Microsoft SharePoint Workspace Audit Service - ok
14:08:54.0072 3716 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:08:54.0072 3716 MMCSS - ok
14:08:54.0103 3716 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:08:54.0103 3716 Modem - ok
14:08:54.0134 3716 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:08:54.0134 3716 monitor - ok
14:08:54.0181 3716 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:08:54.0181 3716 mouclass - ok
14:08:54.0228 3716 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:08:54.0228 3716 mouhid - ok
14:08:54.0243 3716 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:08:54.0243 3716 mountmgr - ok
14:08:54.0337 3716 [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:08:54.0337 3716 MozillaMaintenance - ok
14:08:54.0399 3716 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:08:54.0399 3716 MpFilter - ok
14:08:54.0446 3716 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:08:54.0446 3716 mpio - ok
14:08:54.0462 3716 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:08:54.0462 3716 mpsdrv - ok
14:08:54.0524 3716 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:08:54.0524 3716 MRxDAV - ok
14:08:54.0571 3716 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:08:54.0571 3716 mrxsmb - ok
14:08:54.0586 3716 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:08:54.0586 3716 mrxsmb10 - ok
14:08:54.0633 3716 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:08:54.0633 3716 mrxsmb20 - ok
14:08:54.0664 3716 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:08:54.0664 3716 msahci - ok
14:08:54.0680 3716 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:08:54.0680 3716 msdsm - ok
14:08:54.0711 3716 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:08:54.0711 3716 MSDTC - ok
14:08:54.0727 3716 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:08:54.0742 3716 Msfs - ok
14:08:54.0774 3716 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:08:54.0774 3716 mshidkmdf - ok
14:08:54.0789 3716 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:08:54.0789 3716 msisadrv - ok
14:08:54.0820 3716 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:08:54.0820 3716 MSiSCSI - ok
14:08:54.0820 3716 msiserver - ok
14:08:54.0852 3716 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:08:54.0852 3716 MSKSSRV - ok
14:08:54.0961 3716 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:08:54.0961 3716 MsMpSvc - ok
14:08:54.0992 3716 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:54.0992 3716 MSPCLOCK - ok
14:08:55.0023 3716 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:08:55.0023 3716 MSPQM - ok
14:08:55.0039 3716 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:08:55.0039 3716 MsRPC - ok
14:08:55.0070 3716 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:08:55.0070 3716 mssmbios - ok
14:08:55.0086 3716 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:08:55.0086 3716 MSTEE - ok
14:08:55.0101 3716 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:08:55.0101 3716 MTConfig - ok
14:08:55.0132 3716 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:08:55.0132 3716 Mup - ok
14:08:55.0179 3716 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
14:08:55.0195 3716 napagent - ok
14:08:55.0242 3716 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:08:55.0257 3716 NativeWifiP - ok
14:08:55.0320 3716 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
14:08:55.0351 3716 NDIS - ok
14:08:55.0398 3716 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:55.0398 3716 NdisCap - ok
14:08:55.0413 3716 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:55.0429 3716 NdisTapi - ok
14:08:55.0444 3716 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:55.0444 3716 Ndisuio - ok
14:08:55.0460 3716 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:55.0460 3716 NdisWan - ok
14:08:55.0476 3716 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:08:55.0476 3716 NDProxy - ok
14:08:55.0522 3716 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:08:55.0522 3716 NetBIOS - ok
14:08:55.0538 3716 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:08:55.0538 3716 NetBT - ok
14:08:55.0554 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
14:08:55.0554 3716 Netlogon - ok
14:08:55.0600 3716 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:08:55.0616 3716 Netman - ok
14:08:55.0632 3716 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:08:55.0663 3716 netprofm - ok
14:08:55.0678 3716 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:08:55.0725 3716 NetTcpPortSharing - ok
14:08:55.0772 3716 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:08:55.0772 3716 nfrd960 - ok
14:08:55.0803 3716 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:08:55.0819 3716 NisDrv - ok
14:08:55.0850 3716 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:08:55.0866 3716 NisSrv - ok
14:08:55.0912 3716 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:08:55.0912 3716 NlaSvc - ok
14:08:55.0928 3716 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:08:55.0928 3716 Npfs - ok
14:08:55.0944 3716 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:08:55.0944 3716 nsi - ok
14:08:55.0959 3716 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:08:55.0975 3716 nsiproxy - ok
14:08:56.0053 3716 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:08:56.0100 3716 Ntfs - ok
14:08:56.0115 3716 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:08:56.0115 3716 Null - ok
14:08:56.0146 3716 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:08:56.0146 3716 nvraid - ok
14:08:56.0162 3716 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:08:56.0162 3716 nvstor - ok
14:08:56.0209 3716 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:08:56.0224 3716 nv_agp - ok
14:08:56.0240 3716 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:08:56.0240 3716 ohci1394 - ok
14:08:56.0318 3716 [ 4965b005492cba7719e82b71e3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:56.0318 3716 ose64 - ok
14:08:56.0536 3716 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:08:56.0583 3716 osppsvc - ok
14:08:56.0614 3716 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:08:56.0630 3716 p2pimsvc - ok
14:08:56.0661 3716 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:08:56.0677 3716 p2psvc - ok
14:08:56.0708 3716 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:08:56.0739 3716 Parport - ok
14:08:56.0817 3716 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:08:56.0864 3716 partmgr - ok
14:08:56.0973 3716 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:08:56.0989 3716 PcaSvc - ok
14:08:57.0004 3716 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
14:08:57.0004 3716 pci - ok
14:08:57.0020 3716 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:08:57.0020 3716 pciide - ok
14:08:57.0051 3716 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:08:57.0051 3716 pcmcia - ok
14:08:57.0067 3716 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:08:57.0067 3716 pcw - ok
14:08:57.0098 3716 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:08:57.0114 3716 PEAUTH - ok
14:08:57.0207 3716 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:08:57.0207 3716 PerfHost - ok
14:08:57.0285 3716 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
14:08:57.0332 3716 pla - ok
14:08:57.0394 3716 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:08:57.0426 3716 PlugPlay - ok
14:08:57.0426 3716 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:08:57.0441 3716 PNRPAutoReg - ok
14:08:57.0457 3716 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:08:57.0457 3716 PNRPsvc - ok
14:08:57.0504 3716 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:08:57.0519 3716 PolicyAgent - ok
14:08:57.0566 3716 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:08:57.0566 3716 Power - ok
14:08:57.0613 3716 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:08:57.0628 3716 PptpMiniport - ok
14:08:57.0644 3716 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:08:57.0644 3716 Processor - ok
14:08:57.0675 3716 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
14:08:57.0691 3716 ProfSvc - ok
14:08:57.0706 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:08:57.0706 3716 ProtectedStorage - ok
14:08:57.0753 3716 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:08:57.0753 3716 Psched - ok
14:08:57.0816 3716 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:08:57.0816 3716 PxHlpa64 - ok
14:08:57.0894 3716 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:08:57.0940 3716 ql2300 - ok
14:08:57.0956 3716 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:08:57.0972 3716 ql40xx - ok
14:08:58.0003 3716 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:08:58.0003 3716 QWAVE - ok
14:08:58.0018 3716 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:08:58.0018 3716 QWAVEdrv - ok
14:08:58.0034 3716 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:08:58.0034 3716 RasAcd - ok
14:08:58.0081 3716 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:08:58.0096 3716 RasAgileVpn - ok
14:08:58.0112 3716 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:08:58.0112 3716 RasAuto - ok
14:08:58.0128 3716 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:58.0128 3716 Rasl2tp - ok
14:08:58.0159 3716 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
14:08:58.0159 3716 RasMan - ok
14:08:58.0174 3716 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:58.0190 3716 RasPppoe - ok
14:08:58.0237 3716 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:08:58.0237 3716 RasSstp - ok
14:08:58.0252 3716 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:08:58.0268 3716 rdbss - ok
14:08:58.0268 3716 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:58.0284 3716 rdpbus - ok
14:08:58.0284 3716 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:58.0299 3716 RDPCDD - ok
14:08:58.0330 3716 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:08:58.0330 3716 RDPENCDD - ok
14:08:58.0362 3716 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:08:58.0362 3716 RDPREFMP - ok
14:08:58.0408 3716 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:08:58.0408 3716 RDPWD - ok
14:08:58.0440 3716 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:08:58.0440 3716 rdyboost - ok
14:08:58.0502 3716 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:08:58.0518 3716 RemoteAccess - ok
14:08:58.0549 3716 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:08:58.0549 3716 RemoteRegistry - ok
14:08:58.0564 3716 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:08:58.0564 3716 RpcEptMapper - ok
14:08:58.0596 3716 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:08:58.0596 3716 RpcLocator - ok
14:08:58.0627 3716 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
14:08:58.0642 3716 RpcSs - ok
14:08:58.0658 3716 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:08:58.0658 3716 rspndr - ok
14:08:58.0674 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
14:08:58.0674 3716 SamSs - ok
14:08:58.0689 3716 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:08:58.0705 3716 sbp2port - ok
14:08:58.0720 3716 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:08:58.0720 3716 SCardSvr - ok
14:08:58.0736 3716 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:08:58.0752 3716 scfilter - ok
14:08:58.0814 3716 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
14:08:58.0845 3716 Schedule - ok
14:08:58.0876 3716 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:08:58.0876 3716 SCPolicySvc - ok
14:08:58.0892 3716 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:08:58.0908 3716 SDRSVC - ok
14:08:58.0954 3716 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:08:58.0954 3716 secdrv - ok
14:08:58.0970 3716 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
14:08:58.0970 3716 seclogon - ok
14:08:59.0001 3716 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
14:08:59.0001 3716 SENS - ok
14:08:59.0001 3716 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:08:59.0017 3716 SensrSvc - ok
14:08:59.0048 3716 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:08:59.0048 3716 Serenum - ok
14:08:59.0079 3716 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:08:59.0079 3716 Serial - ok
14:08:59.0095 3716 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:08:59.0095 3716 sermouse - ok
14:08:59.0126 3716 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
14:08:59.0142 3716 SessionEnv - ok
14:08:59.0157 3716 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:08:59.0173 3716 sffdisk - ok
14:08:59.0188 3716 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:08:59.0188 3716 sffp_mmc - ok
14:08:59.0204 3716 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:08:59.0204 3716 sffp_sd - ok
14:08:59.0220 3716 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:59.0220 3716 sfloppy - ok
14:08:59.0282 3716 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:08:59.0298 3716 SharedAccess - ok
14:08:59.0313 3716 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:08:59.0329 3716 ShellHWDetection - ok
14:08:59.0360 3716 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:59.0360 3716 SiSRaid2 - ok
14:08:59.0376 3716 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:59.0391 3716 SiSRaid4 - ok
14:08:59.0422 3716 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:08:59.0422 3716 Smb - ok
14:08:59.0469 3716 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:08:59.0469 3716 SNMPTRAP - ok
14:08:59.0485 3716 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:08:59.0485 3716 spldr - ok
14:08:59.0547 3716 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
14:08:59.0563 3716 Spooler - ok
14:08:59.0672 3716 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
14:08:59.0766 3716 sppsvc - ok
14:08:59.0766 3716 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:08:59.0782 3716 sppuinotify - ok
14:08:59.0829 3716 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:08:59.0829 3716 srv - ok
14:08:59.0891 3716 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:08:59.0891 3716 srv2 - ok
14:08:59.0938 3716 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:08:59.0938 3716 srvnet - ok
14:08:59.0985 3716 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:08:59.0985 3716 SSDPSRV - ok
14:09:00.0001 3716 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:09:00.0016 3716 SstpSvc - ok
14:09:00.0047 3716 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:09:00.0047 3716 stexstor - ok
14:09:00.0110 3716 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
14:09:00.0125 3716 stisvc - ok
14:09:00.0157 3716 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:09:00.0157 3716 swenum - ok
14:09:00.0172 3716 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:09:00.0203 3716 swprv - ok
14:09:00.0266 3716 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
14:09:00.0313 3716 SysMain - ok
14:09:00.0344 3716 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:00.0344 3716 TabletInputService - ok
14:09:00.0375 3716 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
14:09:00.0375 3716 TapiSrv - ok
14:09:00.0406 3716 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:09:00.0406 3716 TBS - ok
14:09:00.0484 3716 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:09:00.0547 3716 Tcpip - ok
14:09:00.0640 3716 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:09:00.0671 3716 TCPIP6 - ok
14:09:00.0703 3716 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:09:00.0703 3716 tcpipreg - ok
14:09:00.0718 3716 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:09:00.0718 3716 TDPIPE - ok
14:09:00.0765 3716 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:09:00.0765 3716 TDTCP - ok
14:09:00.0781 3716 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:09:00.0797 3716 tdx - ok
14:09:00.0813 3716 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:09:00.0813 3716 TermDD - ok
14:09:00.0844 3716 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
14:09:00.0875 3716 TermService - ok
14:09:00.0891 3716 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:09:00.0891 3716 Themes - ok
14:09:00.0906 3716 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:09:00.0922 3716 THREADORDER - ok
14:09:00.0922 3716 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:09:00.0938 3716 TrkWks - ok
14:09:00.0984 3716 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:00.0984 3716 TrustedInstaller - ok
14:09:01.0000 3716 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:01.0000 3716 tssecsrv - ok
14:09:01.0047 3716 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:09:01.0062 3716 tunnel - ok
14:09:01.0078 3716 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:09:01.0078 3716 uagp35 - ok
14:09:01.0109 3716 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:09:01.0109 3716 udfs - ok
14:09:01.0125 3716 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:09:01.0140 3716 UI0Detect - ok
14:09:01.0172 3716 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:09:01.0172 3716 uliagpkx - ok
14:09:01.0218 3716 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:09:01.0218 3716 umbus - ok
14:09:01.0218 3716 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:09:01.0218 3716 UmPass - ok
14:09:01.0265 3716 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:09:01.0281 3716 upnphost - ok
14:09:01.0343 3716 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:09:01.0343 3716 USBAAPL64 - ok
14:09:01.0374 3716 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:01.0374 3716 usbccgp - ok
14:09:01.0421 3716 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:09:01.0421 3716 usbcir - ok
14:09:01.0452 3716 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:09:01.0452 3716 usbehci - ok
14:09:01.0499 3716 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:09:01.0499 3716 usbhub - ok
14:09:01.0530 3716 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:09:01.0530 3716 usbohci - ok
14:09:01.0546 3716 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:09:01.0546 3716 usbprint - ok
14:09:01.0593 3716 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:01.0593 3716 USBSTOR - ok
14:09:01.0608 3716 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:09:01.0608 3716 usbuhci - ok
14:09:01.0655 3716 [ d501e12614b00a3252073101d6a1a74b ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:09:01.0655 3716 usbvideo - ok
14:09:01.0686 3716 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:09:01.0702 3716 UxSms - ok
14:09:01.0702 3716 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
14:09:01.0702 3716 VaultSvc - ok
14:09:01.0749 3716 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:09:01.0749 3716 vdrvroot - ok
14:09:01.0780 3716 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
14:09:01.0812 3716 vds - ok
14:09:01.0828 3716 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:01.0828 3716 vga - ok
14:09:01.0843 3716 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:09:01.0843 3716 VgaSave - ok
14:09:01.0875 3716 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:09:01.0875 3716 vhdmp - ok
14:09:01.0906 3716 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:09:01.0906 3716 viaide - ok
14:09:01.0921 3716 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:09:01.0921 3716 volmgr - ok
14:09:01.0953 3716 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:09:01.0968 3716 volmgrx - ok
14:09:02.0015 3716 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:09:02.0015 3716 volsnap - ok
14:09:02.0062 3716 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:09:02.0062 3716 vsmraid - ok
14:09:02.0124 3716 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
14:09:02.0171 3716 VSS - ok
14:09:02.0187 3716 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:09:02.0187 3716 vwifibus - ok
14:09:02.0233 3716 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:09:02.0233 3716 vwififlt - ok
14:09:02.0280 3716 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:09:02.0280 3716 vwifimp - ok
14:09:02.0311 3716 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:09:02.0327 3716 W32Time - ok
14:09:02.0358 3716 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:09:02.0358 3716 WacomPen - ok
14:09:02.0405 3716 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:09:02.0421 3716 WANARP - ok
14:09:02.0436 3716 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:09:02.0436 3716 Wanarpv6 - ok
14:09:02.0514 3716 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:09:03.0077 3716 WatAdminSvc - ok
14:09:03.0170 3716 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
14:09:03.0217 3716 wbengine - ok
14:09:03.0233 3716 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:09:03.0248 3716 WbioSrvc - ok
14:09:03.0295 3716 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:09:03.0311 3716 wcncsvc - ok
14:09:03.0326 3716 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:03.0326 3716 WcsPlugInService - ok
14:09:03.0358 3716 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:09:03.0358 3716 Wd - ok
14:09:03.0404 3716 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:09:03.0420 3716 Wdf01000 - ok
14:09:03.0436 3716 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:09:03.0436 3716 WdiServiceHost - ok
14:09:03.0451 3716 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:09:03.0451 3716 WdiSystemHost - ok
14:09:03.0498 3716 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
14:09:03.0514 3716 WebClient - ok
14:09:03.0529 3716 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:09:03.0545 3716 Wecsvc - ok
14:09:03.0576 3716 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:09:03.0576 3716 wercplsupport - ok
14:09:03.0623 3716 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:09:03.0623 3716 WerSvc - ok
14:09:03.0685 3716 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:03.0685 3716 WfpLwf - ok
14:09:03.0701 3716 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:09:03.0701 3716 WIMMount - ok
14:09:03.0732 3716 WinDefend - ok
14:09:03.0732 3716 WinHttpAutoProxySvc - ok
14:09:03.0810 3716 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:09:03.0810 3716 Winmgmt - ok
14:09:03.0888 3716 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:09:03.0950 3716 WinRM - ok
14:09:04.0044 3716 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:04.0044 3716 WinUsb - ok
14:09:04.0091 3716 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:09:04.0122 3716 Wlansvc - ok
14:09:04.0153 3716 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:09:04.0153 3716 WmiAcpi - ok
14:09:04.0200 3716 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:09:04.0247 3716 wmiApSrv - ok
14:09:04.0262 3716 WMPNetworkSvc - ok
14:09:04.0278 3716 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:09:04.0294 3716 WPCSvc - ok
14:09:04.0309 3716 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:09:04.0309 3716 WPDBusEnum - ok
14:09:04.0340 3716 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:09:04.0340 3716 ws2ifsl - ok
14:09:04.0372 3716 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll
14:09:04.0387 3716 wscsvc - ok
14:09:04.0387 3716 WSearch - ok
14:09:04.0496 3716 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:09:04.0559 3716 wuauserv - ok
14:09:04.0590 3716 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:09:04.0590 3716 WudfPf - ok
14:09:04.0637 3716 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:04.0637 3716 WUDFRd - ok
14:09:04.0668 3716 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:09:04.0668 3716 wudfsvc - ok
14:09:04.0684 3716 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:09:04.0699 3716 WwanSvc - ok
14:09:04.0746 3716 [ b3eeacf62445e24fbb2cd4b0fb4db026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:09:04.0762 3716 yukonw7 - ok
14:09:04.0777 3716 ================ Scan global ===============================
14:09:04.0808 3716 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:09:04.0855 3716 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
14:09:04.0871 3716 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
14:09:04.0902 3716 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:09:04.0949 3716 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:09:04.0949 3716 [Global] - ok
14:09:04.0949 3716 ================ Scan MBR ==================================
14:09:04.0964 3716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:09:05.0027 3716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:09:05.0027 3716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:09:05.0089 3716 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:09:05.0089 3716 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:09:05.0089 3716 ================ Scan VBR ==================================
14:09:05.0089 3716 Boot (0x1200) (b8c31708298aaae20662e4b1e64f4614) \Device\Harddisk0\DR0\Partition1
14:09:05.0089 3716 \Device\Harddisk0\DR0\Partition1 - ok
14:09:05.0120 3716 Boot (0x1200) (6795eea55059f8c7e5814bd005e7948a) \Device\Harddisk0\DR0\Partition2
14:09:05.0120 3716 \Device\Harddisk0\DR0\Partition2 - ok
14:09:05.0120 3716 ============================================================
14:09:05.0120 3716 Scan finished
14:09:05.0120 3716 ============================================================
14:09:05.0152 1620 Detected object count: 2
14:09:05.0152 1620 Actual detected object count: 2
14:09:25.0837 1620 \Device\Harddisk0\DR0\# - copied to quarantine
14:09:26.0227 1620 \Device\Harddisk0\DR0 - copied to quarantine
14:09:28.0427 1620 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:09:28.0489 1620 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:09:28.0536 1620 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:09:28.0552 1620 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:09:28.0614 1620 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:09:30.0283 1620 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:09:30.0299 1620 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:09:30.0299 1620 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:09:30.0315 1620 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:09:30.0517 1620 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:09:30.0549 1620 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:09:30.0564 1620 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:09:30.0580 1620 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:09:30.0783 1620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:09:30.0783 1620 \Device\Harddisk0\DR0 - ok
14:09:30.0798 1620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:09:30.0798 1620 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:09:30.0798 1620 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:09:34.0636 1516 Deinitialize success




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users