Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting and Windows Security Center blocked


  • This topic is locked This topic is locked
11 replies to this topic

#1 bumchicken

bumchicken

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 10 August 2012 - 10:06 AM

Hello,

My laptop was recently infected with the Live Security Platinum virus . After following the instructions given on this page (and also here), Windows Security Center still can't be started and some of my google searches are redirecting - at first to scour.com, more recently to seekportal.com. I've performed quite a few scans with Malwarebytes and SUPERantispyware now, and while they do occasionally pick things up, it hasn't resolved the above issues.

Could you kindly have a look and tell me what else I need to do? I have followed all the instructions in the preparation guide.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Laura at 16:02:49 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6175 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{27F2FD24-603A-4170-9C81-709A554C78B6} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{29EDFDFD-D875-43AF-9CE1-162C353A18CF} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8225A1DB-3651-4406-BACE-3254051DD962} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8AC67C29-6DFC-4740-8A58-837B28FE96DC} : DhcpNameServer = 194.168.4.100 194.168.8.100
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 CxUtilSvc;Conexant Utility Service;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2011-10-18 28288]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-18 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-8 655944]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-7-8 230240]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-18 2656280]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MCfilt;MCfilt;C:\Windows\system32\drivers\MCfilt64.sys --> C:\Windows\system32\drivers\MCfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-08-08 20:48:58 -------- d-----w- C:\Users\Laura\AppData\Local\ElevatedDiagnostics
2012-08-08 15:41:57 -------- d-----w- C:\Users\Laura\AppData\Roaming\SUPERAntiSpyware.com
2012-08-08 15:41:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-08 15:41:42 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-08 08:12:11 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes
2012-08-08 08:11:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-08 08:11:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-08 08:11:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-07 23:05:51 63488 ---ha-w- C:\Windows\System32\setupubw64.dll
2012-08-07 23:05:51 57344 ------w- C:\Windows\SysWow64\setupubw.dll
2012-08-07 20:00:27 -------- d-----w- C:\Users\Laura\AppData\Local\{19CEAE6C-B9C5-4617-876A-BCAB95B8EFF4}
2012-08-07 00:25:39 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAD16ED5-A928-40F8-AA14-364380F721D2}\mpengine.dll
2012-08-05 21:09:11 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-04 22:24:10 -------- d-----w- C:\Users\Laura\AppData\Local\{FF90A430-B9BD-4ED2-BFFD-F7305CB3EDA4}
2012-08-04 22:23:47 -------- d-----w- C:\Users\Laura\AppData\Local\{D05CDF3A-4A8C-4B12-B741-C64F4A090D2C}
2012-08-02 20:41:07 -------- d-----w- C:\Users\Laura\USB PEN DRIVE BACKUP 26-11-11
2012-07-30 00:03:42 -------- d-----w- C:\ProgramData\ClubSanDisk
2012-07-25 20:20:59 -------- d-----w- C:\Users\Laura\AppData\Local\{4A67AD5B-3628-4247-80B9-B036C95ABCF7}
2012-07-25 20:20:46 -------- d-----w- C:\Users\Laura\AppData\Local\{0FE0CD76-2419-4F5C-83D7-991D100F4E6F}
2012-07-25 20:20:32 -------- d-----w- C:\Users\Laura\Tracing
2012-07-22 22:31:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-22 22:31:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-22 22:31:55 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-07-22 22:31:55 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-07-22 22:31:54 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-07-22 22:31:53 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-07-22 22:31:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-07-22 22:31:46 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-07-22 22:31:45 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-07-22 20:59:21 -------- d-----w- C:\Users\Laura\AppData\Local\{6523C98B-0CAF-4C3B-8C54-78D695EFE3DF}
2012-07-22 20:59:08 -------- d-----w- C:\Users\Laura\AppData\Local\{170F3E28-36D0-40C2-B6F7-F6B218AA296D}
2012-07-17 18:48:28 -------- d-----w- C:\Users\Laura\AppData\Local\{B08FEFD5-C255-4A12-80F2-5775E5D3518E}
2012-07-17 18:47:48 -------- d-----w- C:\Users\Laura\AppData\Local\{2DF5E93C-A223-42C5-9800-C5E4D9907235}
2012-07-17 18:46:09 -------- d-----w- C:\Users\Laura\AppData\Local\{380E1A4D-524A-401D-B433-82A1137AB5BC}
2012-07-12 05:59:51 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:35:08 -------- d-----w- C:\Users\Laura\AppData\Local\{B4D39016-C4D4-4635-8114-3E171212FF4A}
2012-07-11 19:34:46 -------- d-----w- C:\Users\Laura\AppData\Local\{A4C39CCF-931F-4EA1-A120-101C947246CD}
.
==================== Find3M ====================
.
2012-08-03 16:19:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 16:19:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-08 19:46:24 0 ----a-w- C:\wilogapp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:03:31.55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 14 August 2012 - 01:09 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 17 August 2012 - 10:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 bumchicken

bumchicken
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 18 August 2012 - 02:00 PM

Hi there,

Sorry for the late reply. I followed your instructions and my browser redirecting problem has now resolved, and I can now open security centre. It seems like everything is now in working order! Here is the combofix log anyway:

ComboFix 12-08-13.01 - Laura 08/14/2012 15:29:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6257 [GMT 1:00]
Running from: c:\users\Laura\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\users\Laura\Documents\~WRL2304.tmp
c:\users\Laura\Documents\~WRL3748.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 15:08 . 2012-08-14 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 14:22 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A246A24E-2D2F-4998-B1C2-FDACBAA5820F}\mpengine.dll
2012-08-12 09:27 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-11 23:00 . 2012-08-11 23:00 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2012-08-11 23:00 . 2012-08-11 23:00 -------- d-----w- c:\program files (x86)\Research In Motion
2012-08-08 20:48 . 2012-08-08 20:48 -------- d-----w- c:\users\Laura\AppData\Local\ElevatedDiagnostics
2012-08-08 15:41 . 2012-08-08 15:41 -------- d-----w- c:\users\Laura\AppData\Roaming\SUPERAntiSpyware.com
2012-08-08 15:41 . 2012-08-08 15:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-08 15:41 . 2012-08-08 15:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-08 08:12 . 2012-08-08 08:12 -------- d-----w- c:\users\Laura\AppData\Roaming\Malwarebytes
2012-08-08 08:11 . 2012-08-08 08:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 08:11 . 2012-08-08 08:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 08:11 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 23:05 . 2012-08-07 23:05 63488 ---ha-w- c:\windows\system32\setupubw64.dll
2012-08-07 23:05 . 2012-08-07 23:05 -------- d-----w- c:\windows\Sun
2012-08-02 20:41 . 2012-08-02 20:41 -------- d-----w- c:\users\Laura\USB PEN DRIVE BACKUP 26-11-11
2012-07-30 00:03 . 2012-07-30 00:03 -------- d-----w- c:\programdata\ClubSanDisk
2012-07-25 20:20 . 2012-08-12 01:26 -------- d-----w- c:\users\Laura\Tracing
2012-07-22 22:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-22 22:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-22 22:31 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-07-22 22:31 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-07-22 22:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-22 22:31 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-07-22 22:31 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-07-22 22:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-22 22:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:19 . 2012-04-15 08:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:19 . 2011-10-28 20:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 05:52 . 2011-10-18 19:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-12 05:59 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 19:23 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 19:23 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 19:23 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 19:23 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 19:23 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 19:23 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 19:23 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-28 13:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 13:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-28 13:58 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 13:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 13:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-28 13:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-28 13:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-28 13:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-28 13:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 05:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 05:49 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 05:49 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 05:49 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 05:49 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 05:49 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 05:49 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 05:49 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 05:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 05:49 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 05:49 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 05:49 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 05:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 05:49 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 05:49 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 05:49 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 05:49 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 05:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 05:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 19:23 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 19:23 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 19:23 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 19:23 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 19:23 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 19:23 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 19:23 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 19:23 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 19:23 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-07-08 230240]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-23 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-23 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-03-23 421376]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-18 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2011-05-12 200320]
S2 CxUtilSvc;Conexant Utility Service;c:\program files\Conexant\SA3\CxUtilSvc.exe [2011-06-03 28288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-23 86016]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2010-12-08 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-04-13 207872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:19]
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1201601027-2016382310-1422391412-1000Core.job
- c:\users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29 22:39]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1201601027-2016382310-1422391412-1000UA.job
- c:\users\Laura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-29 22:39]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201601027-2016382310-1422391412-1000Core.job
- c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 16:34]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1201601027-2016382310-1422391412-1000UA.job
- c:\users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 16:34]
.
2012-08-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2604e72f-0001-4731-9408-5a2d7a31d584.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-08 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e215025c-2c91-457f-bfd7-ffbaf7cfa0fe.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 416024]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-06-03 1573504]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1201601027-2016382310-1422391412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*yš7D]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1201601027-2016382310-1422391412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*yš7D\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1201601027-2016382310-1422391412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*m*yš7D]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,4c,61,75,72,61,2f,
44,6f,77,6e,6c,6f,61,64,73,2f,41,70,6f,63,61,6c,79,70,74,69,63,61,25,32,30,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-14 16:34:56
ComboFix-quarantined-files.txt 2012-08-14 15:34
.
Pre-Run: 484,149,866,496 bytes free
Post-Run: 484,255,006,720 bytes free
.
- - End Of File - - 99A335D804A295969D5FCE2EB0ACC92F





Thank you so much for your help!!!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 18 August 2012 - 02:12 PM

Greetings bumchicken

Thank you for getting back to me! I do want to do some deeper checking to make sure nothing is running in the background.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 bumchicken

bumchicken
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 18 August 2012 - 02:35 PM

Here is the TDSSkiller report...

20:33:23.0958 6092 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:33:24.0099 6092 ============================================================
20:33:24.0099 6092 Current date / time: 2012/08/18 20:33:24.0099
20:33:24.0099 6092 SystemInfo:
20:33:24.0099 6092
20:33:24.0099 6092 OS Version: 6.1.7601 ServicePack: 1.0
20:33:24.0099 6092 Product type: Workstation
20:33:24.0099 6092 ComputerName: LAURA-PC
20:33:24.0099 6092 UserName: Laura
20:33:24.0099 6092 Windows directory: C:\Windows
20:33:24.0099 6092 System windows directory: C:\Windows
20:33:24.0099 6092 Running under WOW64
20:33:24.0099 6092 Processor architecture: Intel x64
20:33:24.0099 6092 Number of processors: 4
20:33:24.0099 6092 Page size: 0x1000
20:33:24.0099 6092 Boot type: Normal boot
20:33:24.0099 6092 ============================================================
20:33:24.0879 6092 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:24.0894 6092 ============================================================
20:33:24.0894 6092 \Device\Harddisk0\DR0:
20:33:24.0894 6092 MBR partitions:
20:33:24.0894 6092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:33:24.0894 6092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
20:33:24.0894 6092 ============================================================
20:33:24.0925 6092 C: <-> \Device\Harddisk0\DR0\Partition2
20:33:24.0925 6092 ============================================================
20:33:24.0925 6092 Initialize success
20:33:24.0925 6092 ============================================================
20:33:27.0016 6020 ============================================================
20:33:27.0016 6020 Scan started
20:33:27.0016 6020 Mode: Manual;
20:33:27.0016 6020 ============================================================
20:33:29.0059 6020 ================ Scan services =============================
20:33:29.0278 6020 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:33:29.0278 6020 !SASCORE - ok
20:33:29.0543 6020 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:33:29.0543 6020 1394ohci - ok
20:33:29.0559 6020 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:33:29.0559 6020 ACPI - ok
20:33:29.0574 6020 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:33:29.0590 6020 AcpiPmi - ok
20:33:29.0668 6020 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:33:29.0668 6020 AdobeARMservice - ok
20:33:29.0839 6020 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:33:29.0839 6020 AdobeFlashPlayerUpdateSvc - ok
20:33:29.0886 6020 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:33:29.0902 6020 adp94xx - ok
20:33:29.0917 6020 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:33:29.0933 6020 adpahci - ok
20:33:29.0933 6020 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:33:29.0933 6020 adpu320 - ok
20:33:29.0964 6020 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:33:29.0980 6020 AeLookupSvc - ok
20:33:30.0011 6020 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:33:30.0027 6020 AFD - ok
20:33:30.0042 6020 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:33:30.0042 6020 agp440 - ok
20:33:30.0058 6020 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
20:33:30.0058 6020 ALG - ok
20:33:30.0073 6020 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:33:30.0089 6020 aliide - ok
20:33:30.0089 6020 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
20:33:30.0089 6020 amdide - ok
20:33:30.0089 6020 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:33:30.0089 6020 AmdK8 - ok
20:33:30.0105 6020 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:33:30.0105 6020 AmdPPM - ok
20:33:30.0136 6020 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:33:30.0136 6020 amdsata - ok
20:33:30.0136 6020 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:33:30.0136 6020 amdsbs - ok
20:33:30.0151 6020 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:33:30.0151 6020 amdxata - ok
20:33:30.0214 6020 [ 9921e78bc29634235f4bf5809e7e8cde ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
20:33:30.0214 6020 AMPPAL - ok
20:33:30.0214 6020 [ 9921e78bc29634235f4bf5809e7e8cde ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
20:33:30.0229 6020 AMPPALP - ok
20:33:30.0307 6020 [ 83a0e7ba4ae616d3654e700d9c5ff9db ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:33:30.0323 6020 AMPPALR3 - ok
20:33:30.0354 6020 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
20:33:30.0354 6020 AppID - ok
20:33:30.0370 6020 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:33:30.0370 6020 AppIDSvc - ok
20:33:30.0370 6020 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:33:30.0370 6020 Appinfo - ok
20:33:30.0463 6020 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:33:30.0463 6020 Apple Mobile Device - ok
20:33:30.0495 6020 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
20:33:30.0495 6020 arc - ok
20:33:30.0510 6020 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:33:30.0526 6020 arcsas - ok
20:33:30.0541 6020 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:33:30.0541 6020 AsyncMac - ok
20:33:30.0557 6020 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
20:33:30.0557 6020 atapi - ok
20:33:30.0588 6020 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:33:30.0604 6020 AudioEndpointBuilder - ok
20:33:30.0604 6020 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:33:30.0619 6020 AudioSrv - ok
20:33:30.0619 6020 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:33:30.0619 6020 AxInstSV - ok
20:33:30.0651 6020 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:33:30.0651 6020 b06bdrv - ok
20:33:30.0666 6020 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:33:30.0666 6020 b57nd60a - ok
20:33:30.0697 6020 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:33:30.0697 6020 BDESVC - ok
20:33:30.0713 6020 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:33:30.0713 6020 Beep - ok
20:33:30.0744 6020 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
20:33:30.0775 6020 BFE - ok
20:33:30.0853 6020 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
20:33:30.0978 6020 BITS - ok
20:33:30.0994 6020 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:33:30.0994 6020 blbdrive - ok
20:33:31.0056 6020 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:33:31.0056 6020 Bonjour Service - ok
20:33:31.0119 6020 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:33:31.0119 6020 bowser - ok
20:33:31.0150 6020 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:33:31.0150 6020 BrFiltLo - ok
20:33:31.0165 6020 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:33:31.0165 6020 BrFiltUp - ok
20:33:31.0228 6020 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:33:31.0228 6020 BridgeMP - ok
20:33:31.0290 6020 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
20:33:31.0306 6020 Browser - ok
20:33:31.0321 6020 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:33:31.0337 6020 Brserid - ok
20:33:31.0337 6020 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:33:31.0337 6020 BrSerWdm - ok
20:33:31.0337 6020 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:33:31.0337 6020 BrUsbMdm - ok
20:33:31.0337 6020 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:33:31.0337 6020 BrUsbSer - ok
20:33:31.0384 6020 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:33:31.0399 6020 BthEnum - ok
20:33:31.0399 6020 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:33:31.0399 6020 BTHMODEM - ok
20:33:31.0431 6020 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:33:31.0431 6020 BthPan - ok
20:33:31.0571 6020 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:33:31.0602 6020 BTHPORT - ok
20:33:31.0633 6020 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
20:33:31.0633 6020 bthserv - ok
20:33:31.0696 6020 [ a5b3e8b2b78c7b3da56a0de490e6718c ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:33:31.0696 6020 BTHSSecurityMgr - ok
20:33:31.0758 6020 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:33:31.0774 6020 BTHUSB - ok
20:33:31.0867 6020 [ 40c6fec49d1cc4d112368a2bcd2bcbb7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
20:33:31.0867 6020 btmhsf - ok
20:33:31.0883 6020 catchme - ok
20:33:31.0899 6020 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:33:31.0899 6020 cdfs - ok
20:33:31.0992 6020 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:33:32.0008 6020 cdrom - ok
20:33:32.0055 6020 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
20:33:32.0195 6020 CertPropSvc - ok
20:33:32.0226 6020 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
20:33:32.0226 6020 circlass - ok
20:33:32.0257 6020 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
20:33:32.0257 6020 CLFS - ok
20:33:32.0304 6020 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:32.0320 6020 clr_optimization_v2.0.50727_32 - ok
20:33:32.0351 6020 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:33:32.0351 6020 clr_optimization_v2.0.50727_64 - ok
20:33:32.0523 6020 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:33:32.0538 6020 clr_optimization_v4.0.30319_32 - ok
20:33:32.0647 6020 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:33:32.0647 6020 clr_optimization_v4.0.30319_64 - ok
20:33:32.0679 6020 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:32.0679 6020 CmBatt - ok
20:33:32.0694 6020 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:33:32.0694 6020 cmdide - ok
20:33:32.0741 6020 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
20:33:32.0757 6020 CNG - ok
20:33:32.0819 6020 [ 64aabed297b4a6b14ddfb48565207db1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:33:32.0835 6020 CnxtHdAudService - ok
20:33:32.0866 6020 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:33:32.0866 6020 Compbatt - ok
20:33:32.0881 6020 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:33:32.0881 6020 CompositeBus - ok
20:33:32.0881 6020 COMSysApp - ok
20:33:32.0897 6020 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:33:32.0897 6020 crcdisk - ok
20:33:32.0928 6020 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:33:32.0944 6020 CryptSvc - ok
20:33:32.0975 6020 [ 9f76a6e3a793e386f6b93c2632fe1ea8 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
20:33:32.0975 6020 CxAudMsg - ok
20:33:33.0022 6020 [ 27c433ffaff610c3e18275fbf104be6d ] CxUtilSvc C:\Program Files\Conexant\SA3\CxUtilSvc.exe
20:33:33.0022 6020 CxUtilSvc - ok
20:33:33.0069 6020 [ 7af9dac504fbd047cbc3e64ae52c92bf ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:33:33.0069 6020 dc3d - ok
20:33:33.0100 6020 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:33:33.0100 6020 DcomLaunch - ok
20:33:33.0131 6020 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
20:33:33.0131 6020 defragsvc - ok
20:33:33.0147 6020 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:33:33.0147 6020 DfsC - ok
20:33:33.0256 6020 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
20:33:33.0256 6020 Dhcp - ok
20:33:33.0287 6020 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
20:33:33.0287 6020 discache - ok
20:33:33.0303 6020 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
20:33:33.0303 6020 Disk - ok
20:33:33.0334 6020 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:33:33.0334 6020 Dnscache - ok
20:33:33.0365 6020 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:33:33.0365 6020 dot3svc - ok
20:33:33.0412 6020 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:33:33.0412 6020 Dot4 - ok
20:33:33.0459 6020 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:33:33.0459 6020 Dot4Print - ok
20:33:33.0459 6020 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:33:33.0474 6020 dot4usb - ok
20:33:33.0490 6020 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
20:33:33.0490 6020 DPS - ok
20:33:33.0505 6020 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:33:33.0505 6020 drmkaud - ok
20:33:33.0537 6020 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:33:33.0552 6020 DXGKrnl - ok
20:33:33.0568 6020 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:33:33.0568 6020 EapHost - ok
20:33:33.0615 6020 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:33:33.0677 6020 ebdrv - ok
20:33:33.0724 6020 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
20:33:33.0724 6020 EFS - ok
20:33:33.0771 6020 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:33:33.0786 6020 ehRecvr - ok
20:33:33.0786 6020 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
20:33:33.0786 6020 ehSched - ok
20:33:33.0817 6020 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:33:33.0833 6020 elxstor - ok
20:33:33.0833 6020 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:33:33.0833 6020 ErrDev - ok
20:33:33.0864 6020 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
20:33:33.0864 6020 EventSystem - ok
20:33:33.0942 6020 [ 54fc81b0162478a72a93dbbeafb35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:33:33.0958 6020 EvtEng - ok
20:33:34.0020 6020 [ 334c907536e815e56cd13108a6d5fb9d ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
20:33:34.0020 6020 ewusbmbb - ok
20:33:34.0067 6020 [ 86f7951bbcee4a86e79a97306bd14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:33:34.0067 6020 ew_hwusbdev - ok
20:33:34.0192 6020 [ 55e0eda185869f7ea67ea97fd0655b39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
20:33:34.0192 6020 ew_usbenumfilter - ok
20:33:34.0363 6020 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
20:33:34.0363 6020 exfat - ok
20:33:34.0379 6020 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:33:34.0379 6020 fastfat - ok
20:33:34.0410 6020 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
20:33:34.0426 6020 Fax - ok
20:33:34.0441 6020 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
20:33:34.0441 6020 fdc - ok
20:33:34.0457 6020 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:33:34.0457 6020 fdPHost - ok
20:33:34.0473 6020 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:33:34.0473 6020 FDResPub - ok
20:33:34.0488 6020 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:33:34.0488 6020 FileInfo - ok
20:33:34.0488 6020 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:33:34.0488 6020 Filetrace - ok
20:33:34.0504 6020 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:33:34.0504 6020 flpydisk - ok
20:33:34.0519 6020 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:33:34.0519 6020 FltMgr - ok
20:33:34.0566 6020 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
20:33:34.0582 6020 FontCache - ok
20:33:34.0613 6020 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:33:34.0613 6020 FontCache3.0.0.0 - ok
20:33:34.0613 6020 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:33:34.0613 6020 FsDepends - ok
20:33:34.0660 6020 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:33:34.0660 6020 Fs_Rec - ok
20:33:34.0675 6020 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:33:34.0675 6020 fvevol - ok
20:33:34.0691 6020 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:33:34.0691 6020 gagp30kx - ok
20:33:34.0722 6020 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:33:34.0722 6020 GEARAspiWDM - ok
20:33:34.0769 6020 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
20:33:34.0769 6020 gpsvc - ok
20:33:34.0785 6020 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:33:34.0785 6020 hcw85cir - ok
20:33:34.0816 6020 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:33:34.0816 6020 HdAudAddService - ok
20:33:34.0831 6020 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:33:34.0847 6020 HDAudBus - ok
20:33:34.0847 6020 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:33:34.0863 6020 HidBatt - ok
20:33:34.0863 6020 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:33:34.0863 6020 HidBth - ok
20:33:34.0878 6020 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:33:34.0878 6020 HidIr - ok
20:33:34.0894 6020 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
20:33:34.0894 6020 hidserv - ok
20:33:34.0925 6020 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:33:34.0925 6020 HidUsb - ok
20:33:34.0941 6020 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:33:34.0941 6020 hkmsvc - ok
20:33:34.0956 6020 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:33:34.0956 6020 HomeGroupListener - ok
20:33:34.0972 6020 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:33:34.0972 6020 HomeGroupProvider - ok
20:33:35.0081 6020 [ 5da42d24712e00728cea2342a65009b2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:33:35.0081 6020 hpqcxs08 - ok
20:33:35.0112 6020 [ d86a39bf100069444d026d22d9a6e555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:33:35.0112 6020 hpqddsvc - ok
20:33:35.0128 6020 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:33:35.0128 6020 HpSAMD - ok
20:33:35.0190 6020 [ d4f91cf4de215d6f14a06087d46725e4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:33:35.0206 6020 HPSLPSVC - ok
20:33:35.0237 6020 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:33:35.0253 6020 HTTP - ok
20:33:35.0284 6020 [ 1642c62f1fd5e1ff44608283994a7bb8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:33:35.0284 6020 huawei_enumerator - ok
20:33:35.0346 6020 [ 04d1de1e8ace40ca396502c90524e945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:33:35.0346 6020 hwdatacard - ok
20:33:35.0362 6020 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:33:35.0362 6020 hwpolicy - ok
20:33:35.0377 6020 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:33:35.0393 6020 i8042prt - ok
20:33:35.0424 6020 [ d469b77687e12fe43e344806740b624d ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:33:35.0440 6020 iaStor - ok
20:33:35.0471 6020 [ 983fc69644ddf0486c8dfea262948d1a ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:33:35.0487 6020 IAStorDataMgrSvc - ok
20:33:35.0518 6020 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:33:35.0518 6020 iaStorV - ok
20:33:35.0549 6020 [ fc47f5cf561bf0fd897efd1a9604dccf ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:33:35.0549 6020 iBtFltCoex - ok
20:33:35.0596 6020 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:33:35.0596 6020 idsvc - ok
20:33:35.0799 6020 [ 6383899c5f964d71b0f96b81fbe59bb8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:33:35.0955 6020 igfx - ok
20:33:35.0986 6020 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:33:35.0986 6020 iirsp - ok
20:33:36.0017 6020 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
20:33:36.0033 6020 IKEEXT - ok
20:33:36.0064 6020 [ caddf0927dac63edae48f5c35a61d87d ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
20:33:36.0064 6020 intaud_WaveExtensible - ok
20:33:36.0095 6020 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:33:36.0095 6020 IntcDAud - ok
20:33:36.0111 6020 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
20:33:36.0111 6020 intelide - ok
20:33:36.0126 6020 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:33:36.0142 6020 intelppm - ok
20:33:36.0157 6020 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:33:36.0173 6020 IPBusEnum - ok
20:33:36.0189 6020 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:36.0189 6020 IpFilterDriver - ok
20:33:36.0220 6020 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:33:36.0220 6020 iphlpsvc - ok
20:33:36.0235 6020 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:33:36.0235 6020 IPMIDRV - ok
20:33:36.0235 6020 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:33:36.0251 6020 IPNAT - ok
20:33:36.0391 6020 [ 755e4ba6dce627a2683bb7640553c8d6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:33:36.0391 6020 iPod Service - ok
20:33:36.0438 6020 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:33:36.0438 6020 IRENUM - ok
20:33:36.0438 6020 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:33:36.0438 6020 isapnp - ok
20:33:36.0454 6020 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:33:36.0469 6020 iScsiPrt - ok
20:33:36.0501 6020 [ 716f66336f10885d935b08174dc54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
20:33:36.0501 6020 iwdbus - ok
20:33:36.0516 6020 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:36.0516 6020 kbdclass - ok
20:33:36.0532 6020 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:33:36.0532 6020 kbdhid - ok
20:33:36.0547 6020 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
20:33:36.0547 6020 KeyIso - ok
20:33:36.0579 6020 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:33:36.0579 6020 KSecDD - ok
20:33:36.0594 6020 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:33:36.0594 6020 KSecPkg - ok
20:33:36.0610 6020 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:33:36.0610 6020 ksthunk - ok
20:33:36.0641 6020 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
20:33:36.0641 6020 KtmRm - ok
20:33:36.0672 6020 [ 173666119d217e3739205c169e2bf0e5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:33:36.0672 6020 L1C - ok
20:33:36.0703 6020 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:33:36.0703 6020 LanmanServer - ok
20:33:36.0719 6020 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:33:36.0719 6020 LanmanWorkstation - ok
20:33:36.0735 6020 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:33:36.0735 6020 lltdio - ok
20:33:36.0766 6020 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:33:36.0766 6020 lltdsvc - ok
20:33:36.0766 6020 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:33:36.0781 6020 lmhosts - ok
20:33:36.0828 6020 [ 7f32d4c47a50e7223491e8fb9359907d ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:33:36.0844 6020 LMS - ok
20:33:36.0859 6020 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:33:36.0859 6020 LSI_FC - ok
20:33:36.0859 6020 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:33:36.0859 6020 LSI_SAS - ok
20:33:36.0875 6020 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:33:36.0875 6020 LSI_SAS2 - ok
20:33:36.0875 6020 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:33:36.0875 6020 LSI_SCSI - ok
20:33:36.0891 6020 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
20:33:36.0891 6020 luafv - ok
20:33:36.0953 6020 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:33:36.0953 6020 MBAMProtector - ok
20:33:37.0031 6020 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:33:37.0047 6020 MBAMService - ok
20:33:37.0078 6020 [ 8ff2d95cba49b405c5de27039ff0bf35 ] MCfilt C:\Windows\system32\drivers\MCfilt64.sys
20:33:37.0078 6020 MCfilt - ok
20:33:37.0109 6020 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:33:37.0109 6020 Mcx2Svc - ok
20:33:37.0125 6020 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:33:37.0140 6020 megasas - ok
20:33:37.0140 6020 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:33:37.0140 6020 MegaSR - ok
20:33:37.0187 6020 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:33:37.0187 6020 MEIx64 - ok
20:33:37.0218 6020 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
20:33:37.0218 6020 MMCSS - ok
20:33:37.0359 6020 [ e9de65d713d4ba84d96878be99401228 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
20:33:37.0359 6020 Mobile Broadband HL Service - ok
20:33:37.0374 6020 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:33:37.0390 6020 Modem - ok
20:33:37.0405 6020 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:33:37.0405 6020 monitor - ok
20:33:37.0421 6020 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:33:37.0421 6020 mouclass - ok
20:33:37.0452 6020 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:33:37.0452 6020 mouhid - ok
20:33:37.0483 6020 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:33:37.0483 6020 mountmgr - ok
20:33:37.0530 6020 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:33:37.0530 6020 MpFilter - ok
20:33:37.0546 6020 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:33:37.0546 6020 mpio - ok
20:33:37.0561 6020 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:33:37.0561 6020 mpsdrv - ok
20:33:37.0593 6020 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:33:37.0608 6020 MpsSvc - ok
20:33:37.0608 6020 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:33:37.0624 6020 MRxDAV - ok
20:33:37.0655 6020 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:37.0655 6020 mrxsmb - ok
20:33:37.0671 6020 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:37.0671 6020 mrxsmb10 - ok
20:33:37.0702 6020 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:37.0702 6020 mrxsmb20 - ok
20:33:37.0717 6020 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:33:37.0717 6020 msahci - ok
20:33:37.0733 6020 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:33:37.0733 6020 msdsm - ok
20:33:37.0749 6020 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
20:33:37.0749 6020 MSDTC - ok
20:33:37.0764 6020 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:33:37.0764 6020 Msfs - ok
20:33:37.0780 6020 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:33:37.0780 6020 mshidkmdf - ok
20:33:37.0795 6020 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:33:37.0795 6020 msisadrv - ok
20:33:37.0827 6020 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:33:37.0842 6020 MSiSCSI - ok
20:33:37.0842 6020 msiserver - ok
20:33:37.0858 6020 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:33:37.0858 6020 MSKSSRV - ok
20:33:37.0920 6020 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:33:37.0920 6020 MsMpSvc - ok
20:33:37.0936 6020 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:37.0936 6020 MSPCLOCK - ok
20:33:37.0936 6020 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:33:37.0936 6020 MSPQM - ok
20:33:37.0951 6020 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:33:37.0951 6020 MsRPC - ok
20:33:37.0967 6020 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:33:37.0967 6020 mssmbios - ok
20:33:37.0983 6020 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:33:37.0983 6020 MSTEE - ok
20:33:37.0998 6020 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:33:37.0998 6020 MTConfig - ok
20:33:37.0998 6020 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:33:37.0998 6020 Mup - ok
20:33:38.0045 6020 [ 4bbb9d9c4df259fae2d172c5bb25ddd0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:33:38.0045 6020 MyWiFiDHCPDNS - ok
20:33:38.0076 6020 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
20:33:38.0076 6020 napagent - ok
20:33:38.0092 6020 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:33:38.0107 6020 NativeWifiP - ok
20:33:38.0123 6020 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
20:33:38.0139 6020 NDIS - ok
20:33:38.0170 6020 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:33:38.0170 6020 NdisCap - ok
20:33:38.0185 6020 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:38.0185 6020 NdisTapi - ok
20:33:38.0201 6020 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:38.0201 6020 Ndisuio - ok
20:33:38.0217 6020 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:38.0217 6020 NdisWan - ok
20:33:38.0232 6020 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:33:38.0232 6020 NDProxy - ok
20:33:38.0295 6020 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:33:38.0295 6020 Net Driver HPZ12 - ok
20:33:38.0295 6020 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:33:38.0310 6020 NetBIOS - ok
20:33:38.0326 6020 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:33:38.0326 6020 NetBT - ok
20:33:38.0341 6020 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
20:33:38.0341 6020 Netlogon - ok
20:33:38.0357 6020 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
20:33:38.0373 6020 Netman - ok
20:33:38.0373 6020 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
20:33:38.0388 6020 netprofm - ok
20:33:38.0404 6020 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:33:38.0404 6020 NetTcpPortSharing - ok
20:33:38.0747 6020 [ ac69618de5bcce8747c9ab0aae1003c1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
20:33:38.0872 6020 NETwNs64 - ok
20:33:38.0903 6020 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:33:38.0903 6020 nfrd960 - ok
20:33:38.0965 6020 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:33:38.0965 6020 NisDrv - ok
20:33:39.0012 6020 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:33:39.0012 6020 NisSrv - ok
20:33:39.0043 6020 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:33:39.0043 6020 NlaSvc - ok
20:33:39.0059 6020 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:33:39.0059 6020 Npfs - ok
20:33:39.0075 6020 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:33:39.0075 6020 nsi - ok
20:33:39.0075 6020 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:33:39.0075 6020 nsiproxy - ok
20:33:39.0153 6020 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:33:39.0168 6020 Ntfs - ok
20:33:39.0199 6020 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
20:33:39.0215 6020 NuidFltr - ok
20:33:39.0231 6020 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
20:33:39.0231 6020 Null - ok
20:33:39.0262 6020 [ 01266516e6e88d183a2b58722eeb4443 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:33:39.0277 6020 nusb3hub - ok
20:33:39.0309 6020 [ 5ec04f55cc5f165f21752712437df638 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:33:39.0309 6020 nusb3xhc - ok
20:33:39.0340 6020 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:33:39.0340 6020 nvraid - ok
20:33:39.0355 6020 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:33:39.0355 6020 nvstor - ok
20:33:39.0371 6020 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:33:39.0387 6020 nv_agp - ok
20:33:39.0465 6020 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:39.0480 6020 odserv - ok
20:33:39.0480 6020 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:33:39.0496 6020 ohci1394 - ok
20:33:39.0527 6020 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:39.0527 6020 ose - ok
20:33:39.0558 6020 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:33:39.0558 6020 p2pimsvc - ok
20:33:39.0574 6020 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:33:39.0589 6020 p2psvc - ok
20:33:39.0605 6020 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:33:39.0605 6020 Parport - ok
20:33:39.0636 6020 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:33:39.0636 6020 partmgr - ok
20:33:39.0652 6020 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:33:39.0652 6020 PcaSvc - ok
20:33:39.0667 6020 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
20:33:39.0667 6020 pci - ok
20:33:39.0683 6020 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
20:33:39.0683 6020 pciide - ok
20:33:39.0683 6020 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:33:39.0699 6020 pcmcia - ok
20:33:39.0714 6020 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:33:39.0714 6020 pcw - ok
20:33:39.0761 6020 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:33:39.0777 6020 PEAUTH - ok
20:33:39.0855 6020 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:33:39.0855 6020 PerfHost - ok
20:33:39.0948 6020 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
20:33:39.0979 6020 pla - ok
20:33:40.0073 6020 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:33:40.0073 6020 PlugPlay - ok
20:33:40.0104 6020 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:33:40.0104 6020 Pml Driver HPZ12 - ok
20:33:40.0120 6020 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:33:40.0120 6020 PNRPAutoReg - ok
20:33:40.0135 6020 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:33:40.0135 6020 PNRPsvc - ok
20:33:40.0182 6020 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:33:40.0182 6020 Point64 - ok
20:33:40.0198 6020 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:33:40.0213 6020 PolicyAgent - ok
20:33:40.0245 6020 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
20:33:40.0245 6020 Power - ok
20:33:40.0276 6020 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:33:40.0276 6020 PptpMiniport - ok
20:33:40.0291 6020 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
20:33:40.0291 6020 Processor - ok
20:33:40.0323 6020 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:33:40.0354 6020 ProfSvc - ok
20:33:40.0354 6020 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:33:40.0354 6020 ProtectedStorage - ok
20:33:40.0369 6020 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:33:40.0369 6020 Psched - ok
20:33:40.0416 6020 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:33:40.0463 6020 ql2300 - ok
20:33:40.0463 6020 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:33:40.0479 6020 ql40xx - ok
20:33:40.0494 6020 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
20:33:40.0494 6020 QWAVE - ok
20:33:40.0510 6020 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:33:40.0510 6020 QWAVEdrv - ok
20:33:40.0525 6020 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:33:40.0525 6020 RasAcd - ok
20:33:40.0557 6020 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:33:40.0557 6020 RasAgileVpn - ok
20:33:40.0588 6020 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
20:33:40.0588 6020 RasAuto - ok
20:33:40.0603 6020 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:40.0603 6020 Rasl2tp - ok
20:33:40.0619 6020 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
20:33:40.0619 6020 RasMan - ok
20:33:40.0635 6020 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:40.0635 6020 RasPppoe - ok
20:33:40.0650 6020 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:33:40.0650 6020 RasSstp - ok
20:33:40.0666 6020 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:33:40.0681 6020 rdbss - ok
20:33:40.0697 6020 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:33:40.0697 6020 rdpbus - ok
20:33:40.0713 6020 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:40.0713 6020 RDPCDD - ok
20:33:40.0728 6020 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:33:40.0728 6020 RDPENCDD - ok
20:33:40.0728 6020 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:33:40.0744 6020 RDPREFMP - ok
20:33:40.0775 6020 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:33:40.0775 6020 RDPWD - ok
20:33:40.0791 6020 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:33:40.0806 6020 rdyboost - ok
20:33:40.0884 6020 [ a436f5e7d80bbdbb0826d0f176d5bea8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:33:40.0884 6020 RegSrvc - ok
20:33:40.0915 6020 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:33:40.0915 6020 RemoteAccess - ok
20:33:40.0931 6020 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:33:40.0931 6020 RemoteRegistry - ok
20:33:40.0962 6020 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:33:40.0978 6020 RFCOMM - ok
20:33:41.0009 6020 [ ad42432d22940b4215177be113e4919c ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:33:41.0009 6020 RimUsb - ok
20:33:41.0040 6020 [ 4aafffa67ac4dfa3d9985d78573887e2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
20:33:41.0056 6020 RimVSerPort - ok
20:33:41.0071 6020 [ 388d3dd1a6457280f3badba9f3acd6b1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
20:33:41.0071 6020 ROOTMODEM - ok
20:33:41.0087 6020 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:33:41.0087 6020 RpcEptMapper - ok
20:33:41.0103 6020 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
20:33:41.0103 6020 RpcLocator - ok
20:33:41.0134 6020 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
20:33:41.0134 6020 RpcSs - ok
20:33:41.0149 6020 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:33:41.0149 6020 rspndr - ok
20:33:41.0212 6020 [ 135a64530d7699ad48f29d73a658dd11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:33:41.0227 6020 RSUSBSTOR - ok
20:33:41.0227 6020 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
20:33:41.0227 6020 SamSs - ok
20:33:41.0305 6020 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:33:41.0321 6020 SASDIFSV - ok
20:33:41.0337 6020 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:33:41.0337 6020 SASKUTIL - ok
20:33:41.0337 6020 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:33:41.0352 6020 sbp2port - ok
20:33:41.0368 6020 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:33:41.0383 6020 SCardSvr - ok
20:33:41.0399 6020 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:33:41.0399 6020 scfilter - ok
20:33:41.0430 6020 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
20:33:41.0446 6020 Schedule - ok
20:33:41.0446 6020 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
20:33:41.0461 6020 SCPolicySvc - ok
20:33:41.0461 6020 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:33:41.0477 6020 SDRSVC - ok
20:33:41.0493 6020 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:33:41.0493 6020 secdrv - ok
20:33:41.0493 6020 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
20:33:41.0493 6020 seclogon - ok
20:33:41.0508 6020 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
20:33:41.0508 6020 SENS - ok
20:33:41.0524 6020 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:33:41.0524 6020 SensrSvc - ok
20:33:41.0555 6020 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
20:33:41.0555 6020 Serenum - ok
20:33:41.0571 6020 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
20:33:41.0571 6020 Serial - ok
20:33:41.0586 6020 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:33:41.0586 6020 sermouse - ok
20:33:41.0602 6020 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:33:41.0602 6020 SessionEnv - ok
20:33:41.0602 6020 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:33:41.0602 6020 sffdisk - ok
20:33:41.0602 6020 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:33:41.0602 6020 sffp_mmc - ok
20:33:41.0617 6020 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:33:41.0617 6020 sffp_sd - ok
20:33:41.0617 6020 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:33:41.0617 6020 sfloppy - ok
20:33:41.0649 6020 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:33:41.0649 6020 SharedAccess - ok
20:33:41.0664 6020 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:33:41.0664 6020 ShellHWDetection - ok
20:33:41.0680 6020 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:33:41.0680 6020 SiSRaid2 - ok
20:33:41.0680 6020 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:33:41.0680 6020 SiSRaid4 - ok
20:33:41.0695 6020 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:33:41.0695 6020 Smb - ok
20:33:41.0727 6020 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:33:41.0727 6020 SNMPTRAP - ok
20:33:41.0727 6020 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:33:41.0727 6020 spldr - ok
20:33:41.0867 6020 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:33:41.0898 6020 Spooler - ok
20:33:41.0961 6020 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
20:33:42.0007 6020 sppsvc - ok
20:33:42.0023 6020 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:33:42.0023 6020 sppuinotify - ok
20:33:42.0070 6020 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
20:33:42.0070 6020 srv - ok
20:33:42.0117 6020 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:33:42.0117 6020 srv2 - ok
20:33:42.0163 6020 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:33:42.0179 6020 srvnet - ok
20:33:42.0210 6020 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:33:42.0210 6020 SSDPSRV - ok
20:33:42.0226 6020 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:33:42.0226 6020 SstpSvc - ok
20:33:42.0241 6020 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:33:42.0257 6020 stexstor - ok
20:33:42.0288 6020 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:33:42.0288 6020 StillCam - ok
20:33:42.0304 6020 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
20:33:42.0319 6020 stisvc - ok
20:33:42.0335 6020 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:33:42.0335 6020 swenum - ok
20:33:42.0351 6020 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
20:33:42.0351 6020 swprv - ok
20:33:42.0413 6020 [ aad83760a0887975d8f524b4d2c86060 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:33:42.0444 6020 SynTP - ok
20:33:42.0475 6020 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
20:33:42.0491 6020 SysMain - ok
20:33:42.0507 6020 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:33:42.0507 6020 TabletInputService - ok
20:33:42.0522 6020 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:33:42.0538 6020 TapiSrv - ok
20:33:42.0553 6020 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
20:33:42.0553 6020 TBS - ok
20:33:42.0616 6020 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:33:42.0647 6020 Tcpip - ok
20:33:42.0694 6020 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:33:42.0694 6020 TCPIP6 - ok
20:33:42.0709 6020 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:33:42.0709 6020 tcpipreg - ok
20:33:42.0725 6020 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:33:42.0725 6020 TDPIPE - ok
20:33:42.0756 6020 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:33:42.0756 6020 TDTCP - ok
20:33:42.0756 6020 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:33:42.0772 6020 tdx - ok
20:33:42.0787 6020 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:33:42.0787 6020 TermDD - ok
20:33:42.0819 6020 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
20:33:42.0834 6020 TermService - ok
20:33:42.0834 6020 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
20:33:42.0834 6020 Themes - ok
20:33:42.0850 6020 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
20:33:42.0850 6020 THREADORDER - ok
20:33:42.0865 6020 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
20:33:42.0865 6020 TrkWks - ok
20:33:42.0897 6020 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:33:42.0897 6020 TrustedInstaller - ok
20:33:42.0912 6020 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:42.0912 6020 tssecsrv - ok
20:33:42.0943 6020 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:33:42.0943 6020 TsUsbFlt - ok
20:33:42.0959 6020 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:33:42.0959 6020 TsUsbGD - ok
20:33:42.0975 6020 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:33:42.0975 6020 tunnel - ok
20:33:42.0990 6020 [ fd24f98d2898be093fe926604be7db99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
20:33:42.0990 6020 TurboB - ok
20:33:43.0053 6020 [ 600b406a04d90f577fea8a88d7379f08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:33:43.0053 6020 TurboBoost - ok
20:33:43.0068 6020 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:33:43.0068 6020 uagp35 - ok
20:33:43.0084 6020 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:33:43.0099 6020 udfs - ok
20:33:43.0115 6020 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:33:43.0115 6020 UI0Detect - ok
20:33:43.0131 6020 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:33:43.0131 6020 uliagpkx - ok
20:33:43.0162 6020 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:33:43.0162 6020 umbus - ok
20:33:43.0177 6020 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
20:33:43.0177 6020 UmPass - ok
20:33:43.0505 6020 [ 2c16648a12999ae69a9ebf41974b0ba2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:33:43.0583 6020 UNS - ok
20:33:43.0630 6020 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
20:33:43.0645 6020 upnphost - ok
20:33:43.0677 6020 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:33:43.0677 6020 USBAAPL64 - ok
20:33:43.0723 6020 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:33:43.0723 6020 usbaudio - ok
20:33:43.0755 6020 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:43.0755 6020 usbccgp - ok
20:33:43.0786 6020 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:33:43.0786 6020 usbcir - ok
20:33:43.0817 6020 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:33:43.0817 6020 usbehci - ok
20:33:43.0879 6020 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:33:43.0879 6020 usbhub - ok
20:33:43.0911 6020 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:33:43.0926 6020 usbohci - ok
20:33:43.0957 6020 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:33:43.0957 6020 usbprint - ok
20:33:43.0989 6020 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:33:43.0989 6020 usbscan - ok
20:33:44.0004 6020 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:44.0004 6020 USBSTOR - ok
20:33:44.0020 6020 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:33:44.0020 6020 usbuhci - ok
20:33:44.0067 6020 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:33:44.0067 6020 usbvideo - ok
20:33:44.0082 6020 [ 70d05ee263568a742d14e1876df80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:33:44.0082 6020 usb_rndisx - ok
20:33:44.0113 6020 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
20:33:44.0113 6020 UxSms - ok
20:33:44.0129 6020 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
20:33:44.0145 6020 VaultSvc - ok
20:33:44.0176 6020 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:33:44.0176 6020 vdrvroot - ok
20:33:44.0191 6020 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
20:33:44.0191 6020 vds - ok
20:33:44.0207 6020 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:44.0207 6020 vga - ok
20:33:44.0223 6020 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
20:33:44.0223 6020 VgaSave - ok
20:33:44.0238 6020 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:33:44.0238 6020 vhdmp - ok
20:33:44.0254 6020 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:33:44.0254 6020 viaide - ok
20:33:44.0269 6020 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:33:44.0269 6020 volmgr - ok
20:33:44.0285 6020 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:33:44.0285 6020 volmgrx - ok
20:33:44.0301 6020 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:33:44.0301 6020 volsnap - ok
20:33:44.0316 6020 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:33:44.0332 6020 vsmraid - ok
20:33:44.0363 6020 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
20:33:44.0394 6020 VSS - ok
20:33:44.0394 6020 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:33:44.0394 6020 vwifibus - ok
20:33:44.0410 6020 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:33:44.0410 6020 vwififlt - ok
20:33:44.0410 6020 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:33:44.0425 6020 vwifimp - ok
20:33:44.0441 6020 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
20:33:44.0441 6020 W32Time - ok
20:33:44.0457 6020 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:33:44.0472 6020 WacomPen - ok
20:33:44.0488 6020 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:33:44.0488 6020 WANARP - ok
20:33:44.0488 6020 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:33:44.0488 6020 Wanarpv6 - ok
20:33:44.0581 6020 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:33:44.0613 6020 WatAdminSvc - ok
20:33:44.0644 6020 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
20:33:44.0675 6020 wbengine - ok
20:33:44.0691 6020 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:33:44.0706 6020 WbioSrvc - ok
20:33:44.0706 6020 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:33:44.0722 6020 wcncsvc - ok
20:33:44.0737 6020 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:33:44.0737 6020 WcsPlugInService - ok
20:33:44.0753 6020 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
20:33:44.0753 6020 Wd - ok
20:33:44.0769 6020 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:33:44.0784 6020 Wdf01000 - ok
20:33:44.0800 6020 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:33:44.0800 6020 WdiServiceHost - ok
20:33:44.0800 6020 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:33:44.0800 6020 WdiSystemHost - ok
20:33:44.0815 6020 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:33:44.0831 6020 WebClient - ok
20:33:44.0831 6020 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:33:44.0847 6020 Wecsvc - ok
20:33:44.0847 6020 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:33:44.0862 6020 wercplsupport - ok
20:33:44.0878 6020 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:33:44.0878 6020 WerSvc - ok
20:33:44.0893 6020 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:33:44.0909 6020 WfpLwf - ok
20:33:44.0909 6020 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:33:44.0925 6020 WIMMount - ok
20:33:44.0925 6020 WinDefend - ok
20:33:44.0925 6020 WinHttpAutoProxySvc - ok
20:33:45.0003 6020 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:33:45.0003 6020 Winmgmt - ok
20:33:45.0034 6020 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
20:33:45.0065 6020 WinRM - ok
20:33:45.0127 6020 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:33:45.0127 6020 WinUsb - ok
20:33:45.0143 6020 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
20:33:45.0159 6020 Wlansvc - ok
20:33:45.0876 6020 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:33:45.0970 6020 wlidsvc - ok
20:33:46.0001 6020 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:33:46.0017 6020 WmiAcpi - ok
20:33:46.0032 6020 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:33:46.0032 6020 wmiApSrv - ok
20:33:46.0048 6020 WMPNetworkSvc - ok
20:33:46.0079 6020 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:33:46.0079 6020 WPCSvc - ok
20:33:46.0095 6020 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:33:46.0110 6020 WPDBusEnum - ok
20:33:46.0110 6020 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:33:46.0110 6020 ws2ifsl - ok
20:33:46.0126 6020 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
20:33:46.0126 6020 wscsvc - ok
20:33:46.0173 6020 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:33:46.0173 6020 WSDPrintDevice - ok
20:33:46.0173 6020 WSearch - ok
20:33:46.0235 6020 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:33:46.0282 6020 wuauserv - ok
20:33:46.0297 6020 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:33:46.0297 6020 WudfPf - ok
20:33:46.0313 6020 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:46.0313 6020 WUDFRd - ok
20:33:46.0329 6020 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:33:46.0329 6020 wudfsvc - ok
20:33:46.0344 6020 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
20:33:46.0344 6020 WwanSvc - ok
20:33:46.0375 6020 ================ Scan global ===============================
20:33:46.0391 6020 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
20:33:46.0422 6020 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:33:46.0438 6020 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
20:33:46.0453 6020 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
20:33:46.0469 6020 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
20:33:46.0485 6020 [Global] - ok
20:33:46.0485 6020 ================ Scan MBR ==================================
20:33:46.0485 6020 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:33:49.0839 6020 \Device\Harddisk0\DR0 - ok
20:33:49.0839 6020 ================ Scan VBR ==================================
20:33:49.0870 6020 Boot (0x1200) (2569a2aa93e487c551388772437426fe) \Device\Harddisk0\DR0\Partition1
20:33:49.0885 6020 \Device\Harddisk0\DR0\Partition1 - ok
20:33:49.0901 6020 Boot (0x1200) (afe73cddb77276c92fbd8581c5f6b10e) \Device\Harddisk0\DR0\Partition2
20:33:49.0917 6020 \Device\Harddisk0\DR0\Partition2 - ok
20:33:49.0917 6020 ============================================================
20:33:49.0917 6020 Scan finished
20:33:49.0917 6020 ============================================================
20:33:49.0917 2144 Detected object count: 0
20:33:49.0917 2144 Actual detected object count: 0


Next one coming up!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 18 August 2012 - 02:49 PM

I will be waiting for it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 bumchicken

bumchicken
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 18 August 2012 - 03:07 PM

Here you go!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 20:35:47
-----------------------------
20:35:47.710 OS Version: Windows x64 6.1.7601 Service Pack 1
20:35:47.710 Number of processors: 4 586 0x2A07
20:35:47.710 ComputerName: LAURA-PC UserName: Laura
20:35:54.060 Initialize success
20:36:44.470 AVAST engine defs: 12081800
20:37:36.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:37:36.138 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
20:37:36.153 Disk 0 MBR read successfully
20:37:36.153 Disk 0 MBR scan
20:37:36.169 Disk 0 Windows 7 default MBR code
20:37:36.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:37:36.200 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
20:37:36.247 Disk 0 scanning C:\Windows\system32\drivers
20:37:49.148 Service scanning
20:38:14.561 Modules scanning
20:38:14.561 Disk 0 trace - called modules:
20:38:14.561 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:38:14.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009070060]
20:38:14.561 3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> [0xfffffa80071b5b20]
20:38:14.576 5 ACPI.sys[fffff88000faa7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071bb050]
20:38:29.677 AVAST engine scan C:\Windows
20:38:33.873 AVAST engine scan C:\Windows\system32
20:41:23.385 AVAST engine scan C:\Windows\system32\drivers
20:41:38.960 AVAST engine scan C:\Users\Laura
21:00:23.851 AVAST engine scan C:\ProgramData
21:03:54.468 Scan finished successfully
21:07:04.737 Disk 0 MBR has been saved successfully to "C:\Users\Laura\Desktop\MBR.dat"
21:07:04.737 The log file has been saved successfully to "C:\Users\Laura\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 18 August 2012 - 03:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 21 August 2012 - 12:30 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 23 August 2012 - 11:30 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 AM

Posted 26 August 2012 - 11:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users