Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't get rid of viruses, mem.rootkit.win64.tdss.fa?


  • This topic is locked This topic is locked
33 replies to this topic

#1 carolynskii

carolynskii

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 19 August 2012 - 09:46 PM

I'm running 64 bit so no Gmer log to attach


I ran malwarebytes and superantispyware and still have a virus. I started to run Kaspersky but it found a memory threat and got too scared to go any further for fear of killing the laptop.

So I still have a virus and no updates work. I also can not turn on the firewall. I get an error message when I try to start the firewall service. I also get an error for windows security essentials 0x080070424.

thanks!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 21:27:10 on 2012-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.1974 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
uInternet Settings,ProxyOverride = *.local
BHO: MRI_DISABLED - No File
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - C:\Program Files (x86)\oovootb\auxi\oovooAu.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - C:\Program Files (x86)\kikin\ie_kikin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ooVoo toolbar, powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: MRI_DISABLED - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
dRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A44248A0-D4F5-4171-ACA8-CC3491B0FE80} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A44248A0-D4F5-4171-ACA8-CC3491B0FE80}\2456C6B696E6E233534424 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A44248A0-D4F5-4171-ACA8-CC3491B0FE80}\4496A7A797350727573656 : DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
TCP: Interfaces\{A44248A0-D4F5-4171-ACA8-CC3491B0FE80}\45865684F6573756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A44248A0-D4F5-4171-ACA8-CC3491B0FE80}\54E434F42554148314231383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E878202B-407B-4356-9F27-D0387E19D122} : DhcpNameServer = 168.94.0.15 168.94.0.14
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: MRI_DISABLED - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Updater For ooVoo Toolbar: {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files (x86)\oovootb\auxi\oovooAu.dll
BHO-X64: Updater For ooVoo Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO-X64: ooVoo Toolbar: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
BHO-X64: ooVoo Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: ooVoo Toolbar: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: MRI_DISABLED - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe [2009-12-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-5 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-16 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-31 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-16 135664]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 slsusb;Edge CS/CTS Device Driver;C:\Windows\system32\Drivers\slsusb.sys --> C:\Windows\system32\Drivers\slsusb.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
.
=============== Created Last 30 ================
.
2012-08-19 03:23:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-18 22:26:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-18 22:23:37 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-08-18 22:11:14 20480 ----a-w- C:\Windows\svchost.exe
2012-08-02 01:26:53 -------- d-----w- C:\ProgramData\Skype Extras
2012-07-31 05:22:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 05:22:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-27 19:08:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-27 16:20:44 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B312D44F-4746-4D4F-83B9-B03B87B09374}\mpengine.dll
2012-07-25 12:27:11 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 21:28:15.25 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 19 August 2012 - 10:03 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 19 August 2012 - 11:43 PM

After combofix i got a blue screen.
says windows shut down to prevent damage
PAGE_FAULT_IN_NONPAGED_AREA

if prblem continues remove new hardware or software
If first time you've seen error, reboot so thats what i did and now Im running startup repair




#4 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 19 August 2012 - 11:45 PM

its asking if i want to use an earlier restore point. do i want to do that?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 20 August 2012 - 12:16 AM

go ahead and try that and then rerun combofix again



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 20 August 2012 - 05:39 PM

sorry gringo, i can't get combofix to run. I ran starup repair and the computer started up. I tried to run combofix and got blue screen(looked fake) to check hard drive space. restarted, ran rkill , didn't save processes it stoped because when I started combofix the computer immediately rebooted.

where do we go from here, this is a really nasty virus!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 21 August 2012 - 01:06 PM

Hello carolynskii


Lets see if we can get this one to run


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 August 2012 - 04:57 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 08/21/2012 16:53:51

Bad processes: 2
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Windows\TEMP\CR_6F8B1.tmp\setup.exe -> KILLED [TermProc]

Registry Entries: 12
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Owner\AppData\Local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKUS\.DEFAULT\Software\Classes\.exe\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\S-1-5-18\Software\Classes\.exe\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\.DEFAULT\Software\Classes\exefile\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\S-1-5-18\Software\Classes\exefile\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

Driver: [NOT LOADED]

Infection : ZeroAccess|Rogue.AntiSpy-AH|Root.MBR

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] 6b7de859bb159e4806bfd33e95171e11
[BSP] 52f55c82f73b7db7136f6da2aa0bf8c8 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289292 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592879616 | Size: 15649 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7ae3cdd41cff322c4f32c107a8fc6b76
[BSP] 52f55c82f73b7db7136f6da2aa0bf8c8 : Windows Vista/7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289292 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592879616 | Size: 15649 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt







#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 21 August 2012 - 05:10 PM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 August 2012 - 05:18 PM

i deleted these and have not restarted my computer



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 08/21/2012 17:14:54

Bad processes: 1
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

Registry Entries: 12
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Owner\AppData\Local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\n.) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKUS\.DEFAULT\Software\Classes\.exe\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\S-1-5-18\Software\Classes\.exe\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\.DEFAULT\Software\Classes\exefile\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKUS\S-1-5-18\Software\Classes\exefile\shell\open\command : ("C:\Users\Owner\AppData\Local\eft.exe" -a "%1" %*) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\owner\appdata\local\{d1c382bd-20f0-7f76-df3b-c5c760ebb203}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

Driver: [NOT LOADED]

Infection : ZeroAccess|Rogue.AntiSpy-AH|Root.MBR

HOSTS File:


MBR Check:

+++++ PhysicalDrive0: ST9320423AS ATA Device +++++
--- User ---
[MBR] 6b7de859bb159e4806bfd33e95171e11
[BSP] 52f55c82f73b7db7136f6da2aa0bf8c8 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289292 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592879616 | Size: 15649 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7ae3cdd41cff322c4f32c107a8fc6b76
[BSP] 52f55c82f73b7db7136f6da2aa0bf8c8 : Windows Vista/7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 289292 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 592879616 | Size: 15649 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt







#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 21 August 2012 - 05:44 PM

restart the computer and give me status on the computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 August 2012 - 06:00 PM

restarted, still can't turn on firewall, do you want me to try combo fix?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 21 August 2012 - 07:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 carolynskii

carolynskii
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 August 2012 - 07:41 PM

It rebooted after tdsskiller and computer seems better but security or firewall still won't start.

aswmbr would not download on any of my computers so i couldn't run it. the link doesn't work





19:18:40.0206 5556 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
19:18:40.0618 5556 ============================================================
19:18:40.0618 5556 Current date / time: 2012/08/21 19:18:40.0618
19:18:40.0618 5556 SystemInfo:
19:18:40.0618 5556
19:18:40.0618 5556 OS Version: 6.1.7601 ServicePack: 1.0
19:18:40.0618 5556 Product type: Workstation
19:18:40.0619 5556 ComputerName: OWNER-PC
19:18:40.0619 5556 UserName: Owner
19:18:40.0619 5556 Windows directory: C:\Windows
19:18:40.0619 5556 System windows directory: C:\Windows
19:18:40.0619 5556 Running under WOW64
19:18:40.0619 5556 Processor architecture: Intel x64
19:18:40.0619 5556 Number of processors: 2
19:18:40.0619 5556 Page size: 0x1000
19:18:40.0619 5556 Boot type: Normal boot
19:18:40.0619 5556 ============================================================
19:18:41.0728 5556 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:41.0733 5556 ============================================================
19:18:41.0733 5556 \Device\Harddisk0\DR0:
19:18:41.0733 5556 MBR partitions:
19:18:41.0733 5556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:18:41.0733 5556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23506000
19:18:41.0733 5556 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2356A000, BlocksNum 0x1E90800
19:18:41.0733 5556 ============================================================
19:18:41.0750 5556 C: <-> \Device\Harddisk0\DR0\Partition2
19:18:41.0796 5556 D: <-> \Device\Harddisk0\DR0\Partition3
19:18:41.0797 5556 ============================================================
19:18:41.0797 5556 Initialize success
19:18:41.0797 5556 ============================================================
19:19:11.0731 4856 ============================================================
19:19:11.0731 4856 Scan started
19:19:11.0731 4856 Mode: Manual;
19:19:11.0731 4856 ============================================================
19:19:13.0061 4856 ================ Scan system memory ========================
19:19:13.0061 4856 System memory - ok
19:19:13.0062 4856 ================ Scan services =============================
19:19:13.0156 4856 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:19:13.0162 4856 !SASCORE - ok
19:19:13.0491 4856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:19:13.0498 4856 1394ohci - ok
19:19:13.0531 4856 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:19:13.0533 4856 Accelerometer - ok
19:19:13.0559 4856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:19:13.0568 4856 ACPI - ok
19:19:13.0598 4856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:19:13.0600 4856 AcpiPmi - ok
19:19:13.0741 4856 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:19:13.0748 4856 AdobeFlashPlayerUpdateSvc - ok
19:19:13.0800 4856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:19:13.0818 4856 adp94xx - ok
19:19:13.0856 4856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:19:13.0865 4856 adpahci - ok
19:19:13.0890 4856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:19:13.0895 4856 adpu320 - ok
19:19:13.0931 4856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:19:13.0934 4856 AeLookupSvc - ok
19:19:14.0027 4856 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe
19:19:14.0030 4856 AESTFilters - ok
19:19:14.0099 4856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:19:14.0122 4856 AFD - ok
19:19:14.0168 4856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:19:14.0172 4856 agp440 - ok
19:19:14.0194 4856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:19:14.0197 4856 ALG - ok
19:19:14.0218 4856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:19:14.0219 4856 aliide - ok
19:19:14.0263 4856 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:19:14.0268 4856 AMD External Events Utility - ok
19:19:14.0277 4856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:19:14.0278 4856 amdide - ok
19:19:14.0300 4856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:19:14.0303 4856 AmdK8 - ok
19:19:14.0330 4856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:19:14.0331 4856 AmdPPM - ok
19:19:14.0351 4856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:19:14.0353 4856 amdsata - ok
19:19:14.0382 4856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:19:14.0386 4856 amdsbs - ok
19:19:14.0401 4856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:19:14.0402 4856 amdxata - ok
19:19:14.0447 4856 [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:19:14.0452 4856 ApfiltrService - ok
19:19:14.0492 4856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:19:14.0495 4856 AppID - ok
19:19:14.0514 4856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:19:14.0516 4856 AppIDSvc - ok
19:19:14.0545 4856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:19:14.0547 4856 Appinfo - ok
19:19:14.0663 4856 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:19:14.0667 4856 Apple Mobile Device - ok
19:19:14.0707 4856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:19:14.0709 4856 arc - ok
19:19:14.0717 4856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:19:14.0719 4856 arcsas - ok
19:19:14.0821 4856 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:19:14.0824 4856 aspnet_state - ok
19:19:14.0856 4856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:19:14.0859 4856 AsyncMac - ok
19:19:14.0889 4856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:19:14.0890 4856 atapi - ok
19:19:14.0963 4856 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:19:15.0006 4856 athr - ok
19:19:15.0063 4856 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:19:15.0067 4856 AtiHdmiService - ok
19:19:15.0223 4856 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:19:15.0354 4856 atikmdag - ok
19:19:15.0377 4856 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:19:15.0378 4856 AtiPcie - ok
19:19:15.0466 4856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:19:15.0493 4856 AudioEndpointBuilder - ok
19:19:15.0520 4856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:19:15.0527 4856 AudioSrv - ok
19:19:15.0570 4856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:19:15.0574 4856 AxInstSV - ok
19:19:15.0606 4856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:19:15.0615 4856 b06bdrv - ok
19:19:15.0661 4856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:19:15.0669 4856 b57nd60a - ok
19:19:15.0708 4856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:19:15.0712 4856 BDESVC - ok
19:19:15.0728 4856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:19:15.0730 4856 Beep - ok
19:19:15.0801 4856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:19:15.0827 4856 BFE - ok
19:19:15.0874 4856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:19:15.0877 4856 blbdrive - ok
19:19:15.0958 4856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:19:15.0980 4856 Bonjour Service - ok
19:19:16.0031 4856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:19:16.0035 4856 bowser - ok
19:19:16.0057 4856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:19:16.0060 4856 BrFiltLo - ok
19:19:16.0071 4856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:19:16.0073 4856 BrFiltUp - ok
19:19:16.0119 4856 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
19:19:16.0123 4856 Browser - ok
19:19:16.0144 4856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:19:16.0150 4856 Brserid - ok
19:19:16.0167 4856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:19:16.0169 4856 BrSerWdm - ok
19:19:16.0186 4856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:19:16.0187 4856 BrUsbMdm - ok
19:19:16.0200 4856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:19:16.0202 4856 BrUsbSer - ok
19:19:16.0226 4856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:19:16.0229 4856 BTHMODEM - ok
19:19:16.0261 4856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:19:16.0264 4856 bthserv - ok
19:19:16.0292 4856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:19:16.0295 4856 cdfs - ok
19:19:16.0346 4856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:19:16.0351 4856 cdrom - ok
19:19:16.0395 4856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:19:16.0399 4856 CertPropSvc - ok
19:19:16.0423 4856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:19:16.0426 4856 circlass - ok
19:19:16.0472 4856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:19:16.0488 4856 CLFS - ok
19:19:16.0544 4856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:19:16.0547 4856 clr_optimization_v2.0.50727_32 - ok
19:19:16.0589 4856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:19:16.0593 4856 clr_optimization_v2.0.50727_64 - ok
19:19:16.0672 4856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:19:16.0678 4856 clr_optimization_v4.0.30319_32 - ok
19:19:16.0698 4856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:19:16.0703 4856 clr_optimization_v4.0.30319_64 - ok
19:19:16.0726 4856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:19:16.0728 4856 CmBatt - ok
19:19:16.0745 4856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:19:16.0747 4856 cmdide - ok
19:19:16.0791 4856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:19:16.0799 4856 CNG - ok
19:19:16.0870 4856 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:19:16.0876 4856 Com4QLBEx - ok
19:19:16.0903 4856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:19:16.0904 4856 Compbatt - ok
19:19:16.0946 4856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:19:16.0948 4856 CompositeBus - ok
19:19:16.0958 4856 COMSysApp - ok
19:19:16.0990 4856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:19:16.0991 4856 crcdisk - ok
19:19:17.0029 4856 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:19:17.0033 4856 CryptSvc - ok
19:19:17.0084 4856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:19:17.0110 4856 DcomLaunch - ok
19:19:17.0141 4856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:19:17.0150 4856 defragsvc - ok
19:19:17.0187 4856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:19:17.0190 4856 DfsC - ok
19:19:17.0221 4856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:19:17.0231 4856 Dhcp - ok
19:19:17.0258 4856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:19:17.0260 4856 discache - ok
19:19:17.0280 4856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:19:17.0282 4856 Disk - ok
19:19:17.0321 4856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:19:17.0325 4856 Dnscache - ok
19:19:17.0357 4856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:19:17.0362 4856 dot3svc - ok
19:19:17.0392 4856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:19:17.0396 4856 DPS - ok
19:19:17.0415 4856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:19:17.0418 4856 drmkaud - ok
19:19:17.0463 4856 [ F9F437B39CC0FCACCE8AC7CE422F537F ] DVMIO C:\SPLASH.SYS\config\dvmio.sys
19:19:17.0464 4856 DVMIO - ok
19:19:17.0516 4856 [ 577582D57D90FB64276ACFEE958DBFD3 ] DvmMDES C:\SPLASH.SYS\config\DVMExportService.exe
19:19:17.0528 4856 DvmMDES - ok
19:19:17.0620 4856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:19:17.0654 4856 DXGKrnl - ok
19:19:17.0685 4856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:19:17.0690 4856 EapHost - ok
19:19:17.0793 4856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:19:17.0865 4856 ebdrv - ok
19:19:17.0886 4856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:19:17.0889 4856 EFS - ok
19:19:17.0935 4856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:19:17.0952 4856 ehRecvr - ok
19:19:17.0978 4856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:19:17.0981 4856 ehSched - ok
19:19:18.0007 4856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:19:18.0014 4856 elxstor - ok
19:19:18.0042 4856 [ A9EC08727C64D985678F5B64C03823F0 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
19:19:18.0044 4856 enecir - ok
19:19:18.0055 4856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:19:18.0057 4856 ErrDev - ok
19:19:18.0105 4856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:19:18.0111 4856 EventSystem - ok
19:19:18.0142 4856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:19:18.0146 4856 exfat - ok
19:19:18.0161 4856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:19:18.0165 4856 fastfat - ok
19:19:18.0204 4856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:19:18.0221 4856 Fax - ok
19:19:18.0235 4856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:19:18.0238 4856 fdc - ok
19:19:18.0260 4856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:19:18.0262 4856 fdPHost - ok
19:19:18.0273 4856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:19:18.0275 4856 FDResPub - ok
19:19:18.0290 4856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:19:18.0293 4856 FileInfo - ok
19:19:18.0309 4856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:19:18.0311 4856 Filetrace - ok
19:19:18.0327 4856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:19:18.0329 4856 flpydisk - ok
19:19:18.0361 4856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:19:18.0365 4856 FltMgr - ok
19:19:18.0446 4856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:19:18.0496 4856 FontCache - ok
19:19:18.0688 4856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:19:18.0688 4856 FontCache3.0.0.0 - ok
19:19:18.0698 4856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:19:18.0701 4856 FsDepends - ok
19:19:18.0732 4856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:19:18.0734 4856 Fs_Rec - ok
19:19:18.0776 4856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:19:18.0782 4856 fvevol - ok
19:19:18.0812 4856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:19:18.0816 4856 gagp30kx - ok
19:19:18.0880 4856 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:19:18.0887 4856 GameConsoleService - ok
19:19:18.0936 4856 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:19:18.0938 4856 GEARAspiWDM - ok
19:19:18.0990 4856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:19:19.0019 4856 gpsvc - ok
19:19:19.0096 4856 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:19:19.0101 4856 gupdate - ok
19:19:19.0135 4856 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:19:19.0138 4856 gupdatem - ok
19:19:19.0200 4856 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:19:19.0205 4856 gusvc - ok
19:19:19.0230 4856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:19:19.0232 4856 hcw85cir - ok
19:19:19.0269 4856 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:19:19.0277 4856 HdAudAddService - ok
19:19:19.0301 4856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:19:19.0304 4856 HDAudBus - ok
19:19:19.0316 4856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:19:19.0318 4856 HidBatt - ok
19:19:19.0351 4856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:19:19.0354 4856 HidBth - ok
19:19:19.0367 4856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:19:19.0369 4856 HidIr - ok
19:19:19.0397 4856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:19:19.0401 4856 hidserv - ok
19:19:19.0431 4856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:19:19.0434 4856 HidUsb - ok
19:19:19.0478 4856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:19:19.0483 4856 hkmsvc - ok
19:19:19.0528 4856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:19:19.0537 4856 HomeGroupListener - ok
19:19:19.0571 4856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:19:19.0576 4856 HomeGroupProvider - ok
19:19:19.0620 4856 [ 00B239202F7756695C8CCDF8BAFA7D3D ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:19:19.0624 4856 HP Health Check Service - ok
19:19:19.0660 4856 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:19:19.0662 4856 hpdskflt - ok
19:19:19.0687 4856 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:19:19.0690 4856 HpqKbFiltr - ok
19:19:19.0728 4856 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:19:19.0733 4856 hpqwmiex - ok
19:19:19.0760 4856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:19:19.0762 4856 HpSAMD - ok
19:19:19.0776 4856 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
19:19:19.0779 4856 hpsrv - ok
19:19:19.0834 4856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:19:19.0860 4856 HTTP - ok
19:19:19.0900 4856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:19:19.0902 4856 hwpolicy - ok
19:19:19.0923 4856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:19:19.0927 4856 i8042prt - ok
19:19:19.0949 4856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:19:19.0957 4856 iaStorV - ok
19:19:20.0004 4856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:19:20.0030 4856 idsvc - ok
19:19:20.0176 4856 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:19:20.0329 4856 igfx - ok
19:19:20.0351 4856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:19:20.0351 4856 iirsp - ok
19:19:20.0392 4856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:19:20.0409 4856 IKEEXT - ok
19:19:20.0424 4856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:19:20.0424 4856 intelide - ok
19:19:20.0436 4856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:19:20.0438 4856 intelppm - ok
19:19:20.0463 4856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:19:20.0466 4856 IPBusEnum - ok
19:19:20.0504 4856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:19:20.0507 4856 IpFilterDriver - ok
19:19:20.0523 4856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:19:20.0529 4856 IPMIDRV - ok
19:19:20.0549 4856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:19:20.0552 4856 IPNAT - ok
19:19:20.0630 4856 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:19:20.0664 4856 iPod Service - ok
19:19:20.0685 4856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:19:20.0688 4856 IRENUM - ok
19:19:20.0707 4856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:19:20.0708 4856 isapnp - ok
19:19:20.0732 4856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:19:20.0738 4856 iScsiPrt - ok
19:19:20.0769 4856 [ 02BD12C2EE52F0849A5D6F9A2FA67B4E ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:19:20.0774 4856 JMCR - ok
19:19:20.0790 4856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:19:20.0792 4856 kbdclass - ok
19:19:20.0808 4856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:19:20.0811 4856 kbdhid - ok
19:19:20.0825 4856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:19:20.0826 4856 KeyIso - ok
19:19:20.0862 4856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:19:20.0864 4856 KSecDD - ok
19:19:20.0901 4856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:19:20.0905 4856 KSecPkg - ok
19:19:20.0922 4856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:19:20.0924 4856 ksthunk - ok
19:19:20.0957 4856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:19:20.0965 4856 KtmRm - ok
19:19:21.0005 4856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:19:21.0011 4856 LanmanServer - ok
19:19:21.0047 4856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:19:21.0052 4856 LanmanWorkstation - ok
19:19:21.0092 4856 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:19:21.0095 4856 LightScribeService - ok
19:19:21.0125 4856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:19:21.0128 4856 lltdio - ok
19:19:21.0165 4856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:19:21.0172 4856 lltdsvc - ok
19:19:21.0190 4856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:19:21.0194 4856 lmhosts - ok
19:19:21.0214 4856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:19:21.0217 4856 LSI_FC - ok
19:19:21.0240 4856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:19:21.0243 4856 LSI_SAS - ok
19:19:21.0253 4856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:19:21.0255 4856 LSI_SAS2 - ok
19:19:21.0279 4856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:19:21.0281 4856 LSI_SCSI - ok
19:19:21.0306 4856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:19:21.0309 4856 luafv - ok
19:19:21.0354 4856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:19:21.0357 4856 Mcx2Svc - ok
19:19:21.0379 4856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:19:21.0380 4856 megasas - ok
19:19:21.0400 4856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:19:21.0404 4856 MegaSR - ok
19:19:21.0417 4856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:19:21.0419 4856 MMCSS - ok
19:19:21.0430 4856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:19:21.0432 4856 Modem - ok
19:19:21.0447 4856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:19:21.0447 4856 monitor - ok
19:19:21.0477 4856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:19:21.0479 4856 mouclass - ok
19:19:21.0496 4856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:19:21.0498 4856 mouhid - ok
19:19:21.0534 4856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:19:21.0538 4856 mountmgr - ok
19:19:21.0604 4856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:19:21.0609 4856 MpFilter - ok
19:19:21.0629 4856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:19:21.0633 4856 mpio - ok
19:19:21.0648 4856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:19:21.0651 4856 mpsdrv - ok
19:19:21.0733 4856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:19:21.0768 4856 MpsSvc - ok
19:19:21.0807 4856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:19:21.0812 4856 MRxDAV - ok
19:19:21.0854 4856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:19:21.0859 4856 mrxsmb - ok
19:19:21.0900 4856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:19:21.0908 4856 mrxsmb10 - ok
19:19:21.0946 4856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:19:21.0949 4856 mrxsmb20 - ok
19:19:21.0986 4856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:19:21.0987 4856 msahci - ok
19:19:22.0011 4856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:19:22.0016 4856 msdsm - ok
19:19:22.0037 4856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:19:22.0042 4856 MSDTC - ok
19:19:22.0066 4856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:19:22.0067 4856 Msfs - ok
19:19:22.0089 4856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:19:22.0091 4856 mshidkmdf - ok
19:19:22.0101 4856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:19:22.0102 4856 msisadrv - ok
19:19:22.0134 4856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:19:22.0139 4856 MSiSCSI - ok
19:19:22.0145 4856 msiserver - ok
19:19:22.0166 4856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:19:22.0168 4856 MSKSSRV - ok
19:19:22.0185 4856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:19:22.0187 4856 MSPCLOCK - ok
19:19:22.0200 4856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:19:22.0201 4856 MSPQM - ok
19:19:22.0238 4856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:19:22.0245 4856 MsRPC - ok
19:19:22.0260 4856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:19:22.0262 4856 mssmbios - ok
19:19:22.0274 4856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:19:22.0276 4856 MSTEE - ok
19:19:22.0288 4856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:19:22.0290 4856 MTConfig - ok
19:19:22.0321 4856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:19:22.0323 4856 Mup - ok
19:19:22.0362 4856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:19:22.0380 4856 napagent - ok
19:19:22.0413 4856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:19:22.0419 4856 NativeWifiP - ok
19:19:22.0456 4856 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:19:22.0482 4856 NDIS - ok
19:19:22.0509 4856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:19:22.0512 4856 NdisCap - ok
19:19:22.0528 4856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:19:22.0530 4856 NdisTapi - ok
19:19:22.0571 4856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:19:22.0573 4856 Ndisuio - ok
19:19:22.0604 4856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:19:22.0607 4856 NdisWan - ok
19:19:22.0644 4856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:19:22.0646 4856 NDProxy - ok
19:19:22.0658 4856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:19:22.0660 4856 NetBIOS - ok
19:19:22.0679 4856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:19:22.0684 4856 NetBT - ok
19:19:22.0697 4856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:19:22.0699 4856 Netlogon - ok
19:19:22.0733 4856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:19:22.0740 4856 Netman - ok
19:19:22.0779 4856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:19:22.0782 4856 NetMsmqActivator - ok
19:19:22.0787 4856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:19:22.0788 4856 NetPipeActivator - ok
19:19:22.0823 4856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:19:22.0831 4856 netprofm - ok
19:19:22.0836 4856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:19:22.0838 4856 NetTcpActivator - ok
19:19:22.0843 4856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:19:22.0844 4856 NetTcpPortSharing - ok
19:19:22.0961 4856 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:19:23.0074 4856 netw5v64 - ok
19:19:23.0107 4856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:19:23.0109 4856 nfrd960 - ok
19:19:23.0143 4856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:19:23.0146 4856 NisDrv - ok
19:19:23.0206 4856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:19:23.0211 4856 NisSrv - ok
19:19:23.0256 4856 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:19:23.0262 4856 NlaSvc - ok
19:19:23.0274 4856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:19:23.0274 4856 Npfs - ok
19:19:23.0283 4856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:19:23.0285 4856 nsi - ok
19:19:23.0295 4856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:19:23.0297 4856 nsiproxy - ok
19:19:23.0355 4856 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:19:23.0390 4856 Ntfs - ok
19:19:23.0401 4856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:19:23.0403 4856 Null - ok
19:19:23.0435 4856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:19:23.0438 4856 nvraid - ok
19:19:23.0474 4856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:19:23.0477 4856 nvstor - ok
19:19:23.0499 4856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:19:23.0502 4856 nv_agp - ok
19:19:23.0609 4856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:19:23.0625 4856 odserv - ok
19:19:23.0641 4856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:19:23.0645 4856 ohci1394 - ok
19:19:23.0670 4856 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:19:23.0676 4856 ose - ok
19:19:23.0867 4856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:19:23.0882 4856 p2pimsvc - ok
19:19:24.0050 4856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:19:24.0076 4856 p2psvc - ok
19:19:24.0103 4856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:19:24.0106 4856 Parport - ok
19:19:24.0142 4856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:19:24.0144 4856 partmgr - ok
19:19:24.0164 4856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:19:24.0170 4856 PcaSvc - ok
19:19:24.0183 4856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:19:24.0186 4856 pci - ok
19:19:24.0201 4856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:19:24.0202 4856 pciide - ok
19:19:24.0218 4856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:19:24.0222 4856 pcmcia - ok
19:19:24.0243 4856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:19:24.0245 4856 pcw - ok
19:19:24.0269 4856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:19:24.0286 4856 PEAUTH - ok
19:19:24.0359 4856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:19:24.0362 4856 PerfHost - ok
19:19:24.0422 4856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:19:24.0457 4856 pla - ok
19:19:24.0509 4856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:19:24.0517 4856 PlugPlay - ok
19:19:24.0525 4856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:19:24.0528 4856 PNRPAutoReg - ok
19:19:24.0547 4856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:19:24.0551 4856 PNRPsvc - ok
19:19:24.0573 4856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:19:24.0580 4856 PolicyAgent - ok
19:19:24.0620 4856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:19:24.0624 4856 Power - ok
19:19:24.0656 4856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:19:24.0658 4856 PptpMiniport - ok
19:19:24.0690 4856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:19:24.0693 4856 Processor - ok
19:19:24.0729 4856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:19:24.0734 4856 ProfSvc - ok
19:19:24.0744 4856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:19:24.0745 4856 ProtectedStorage - ok
19:19:24.0791 4856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:19:24.0794 4856 Psched - ok
19:19:24.0840 4856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:19:24.0869 4856 ql2300 - ok
19:19:24.0900 4856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:19:24.0903 4856 ql40xx - ok
19:19:24.0917 4856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:19:24.0922 4856 QWAVE - ok
19:19:24.0947 4856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:19:24.0949 4856 QWAVEdrv - ok
19:19:24.0964 4856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:19:24.0966 4856 RasAcd - ok
19:19:24.0993 4856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:19:24.0995 4856 RasAgileVpn - ok
19:19:25.0005 4856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:19:25.0008 4856 RasAuto - ok
19:19:25.0047 4856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:19:25.0049 4856 Rasl2tp - ok
19:19:25.0082 4856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:19:25.0088 4856 RasMan - ok
19:19:25.0100 4856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:19:25.0103 4856 RasPppoe - ok
19:19:25.0118 4856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:19:25.0121 4856 RasSstp - ok
19:19:25.0137 4856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:19:25.0142 4856 rdbss - ok
19:19:25.0166 4856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:19:25.0168 4856 rdpbus - ok
19:19:25.0184 4856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:19:25.0185 4856 RDPCDD - ok
19:19:25.0206 4856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:19:25.0207 4856 RDPENCDD - ok
19:19:25.0223 4856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:19:25.0225 4856 RDPREFMP - ok
19:19:25.0261 4856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:19:25.0266 4856 RDPWD - ok
19:19:25.0299 4856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:19:25.0303 4856 rdyboost - ok
19:19:25.0329 4856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:19:25.0332 4856 RemoteAccess - ok
19:19:25.0345 4856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:19:25.0349 4856 RemoteRegistry - ok
19:19:25.0412 4856 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:19:25.0417 4856 RichVideo - ok
19:19:25.0437 4856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:19:25.0440 4856 RpcEptMapper - ok
19:19:25.0449 4856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:19:25.0451 4856 RpcLocator - ok
19:19:25.0489 4856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:19:25.0493 4856 RpcSs - ok
19:19:25.0512 4856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:19:25.0515 4856 rspndr - ok
19:19:25.0549 4856 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:19:25.0553 4856 RTL8167 - ok
19:19:25.0561 4856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:19:25.0562 4856 SamSs - ok
19:19:25.0610 4856 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:19:25.0613 4856 SASDIFSV - ok
19:19:25.0635 4856 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:19:25.0638 4856 SASKUTIL - ok
19:19:25.0671 4856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:19:25.0674 4856 sbp2port - ok
19:19:25.0693 4856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:19:25.0698 4856 SCardSvr - ok
19:19:25.0730 4856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:19:25.0732 4856 scfilter - ok
19:19:25.0779 4856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:19:25.0806 4856 Schedule - ok
19:19:25.0842 4856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:19:25.0843 4856 SCPolicySvc - ok
19:19:25.0895 4856 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:19:25.0898 4856 sdbus - ok
19:19:25.0929 4856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:19:25.0934 4856 SDRSVC - ok
19:19:25.0964 4856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:19:25.0966 4856 secdrv - ok
19:19:25.0982 4856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:19:25.0985 4856 seclogon - ok
19:19:25.0994 4856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:19:25.0997 4856 SENS - ok
19:19:26.0011 4856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:19:26.0014 4856 SensrSvc - ok
19:19:26.0027 4856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:19:26.0029 4856 Serenum - ok
19:19:26.0047 4856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:19:26.0050 4856 Serial - ok
19:19:26.0065 4856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:19:26.0068 4856 sermouse - ok
19:19:26.0114 4856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:19:26.0117 4856 SessionEnv - ok
19:19:26.0134 4856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:19:26.0136 4856 sffdisk - ok
19:19:26.0151 4856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:19:26.0153 4856 sffp_mmc - ok
19:19:26.0171 4856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:19:26.0174 4856 sffp_sd - ok
19:19:26.0189 4856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:19:26.0192 4856 sfloppy - ok
19:19:26.0218 4856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:19:26.0226 4856 ShellHWDetection - ok
19:19:26.0239 4856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:19:26.0240 4856 SiSRaid2 - ok
19:19:26.0258 4856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:19:26.0261 4856 SiSRaid4 - ok
19:19:26.0297 4856 [ 2DDE5BC0631EC4FC3706757D65BB60B9 ] slsusb C:\Windows\system32\Drivers\slsusb.sys
19:19:26.0299 4856 slsusb - ok
19:19:26.0317 4856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:19:26.0320 4856 Smb - ok
19:19:26.0369 4856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:19:26.0374 4856 SNMPTRAP - ok
19:19:26.0388 4856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:19:26.0390 4856 spldr - ok
19:19:26.0413 4856 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
19:19:26.0430 4856 Spooler - ok
19:19:26.0546 4856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:19:26.0620 4856 sppsvc - ok
19:19:26.0631 4856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:19:26.0634 4856 sppuinotify - ok
19:19:26.0678 4856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:19:26.0699 4856 srv - ok
19:19:26.0729 4856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:19:26.0746 4856 srv2 - ok
19:19:26.0777 4856 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:19:26.0786 4856 SrvHsfHDA - ok
19:19:26.0856 4856 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:19:26.0911 4856 SrvHsfV92 - ok
19:19:26.0936 4856 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:19:26.0956 4856 SrvHsfWinac - ok
19:19:26.0975 4856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:19:26.0978 4856 srvnet - ok
19:19:27.0004 4856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:19:27.0009 4856 SSDPSRV - ok
19:19:27.0021 4856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:19:27.0025 4856 SstpSvc - ok
19:19:27.0125 4856 [ CAA31EA6BA02FC2013793B07DDE8510C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe
19:19:27.0130 4856 STacSV - ok
19:19:27.0154 4856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:19:27.0155 4856 stexstor - ok
19:19:27.0193 4856 [ 0A98661F2261446EED7A0EB79B286D5C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:19:27.0201 4856 STHDA - ok
19:19:27.0242 4856 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:19:27.0245 4856 StillCam - ok
19:19:27.0289 4856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:19:27.0306 4856 stisvc - ok
19:19:27.0333 4856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:19:27.0335 4856 swenum - ok
19:19:27.0356 4856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:19:27.0374 4856 swprv - ok
19:19:27.0443 4856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:19:27.0478 4856 SysMain - ok
19:19:27.0510 4856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:19:27.0514 4856 TabletInputService - ok
19:19:27.0540 4856 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:19:27.0548 4856 TapiSrv - ok
19:19:27.0559 4856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:19:27.0562 4856 TBS - ok
19:19:27.0622 4856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:19:27.0665 4856 Tcpip - ok
19:19:27.0713 4856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:19:27.0725 4856 TCPIP6 - ok
19:19:27.0767 4856 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:19:27.0769 4856 tcpipreg - ok
19:19:27.0792 4856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:19:27.0794 4856 TDPIPE - ok
19:19:27.0821 4856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:19:27.0823 4856 TDTCP - ok
19:19:27.0855 4856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:19:27.0858 4856 tdx - ok
19:19:27.0873 4856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:19:27.0876 4856 TermDD - ok
19:19:27.0896 4856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:19:27.0913 4856 TermService - ok
19:19:27.0930 4856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:19:27.0933 4856 Themes - ok
19:19:27.0960 4856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:19:27.0961 4856 THREADORDER - ok
19:19:27.0976 4856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:19:27.0980 4856 TrkWks - ok
19:19:28.0034 4856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:19:28.0038 4856 TrustedInstaller - ok
19:19:28.0077 4856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:19:28.0080 4856 tssecsrv - ok
19:19:28.0139 4856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:19:28.0143 4856 TsUsbFlt - ok
19:19:28.0196 4856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:19:28.0201 4856 tunnel - ok
19:19:28.0230 4856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:19:28.0233 4856 uagp35 - ok
19:19:28.0262 4856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:19:28.0269 4856 udfs - ok
19:19:28.0284 4856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:19:28.0288 4856 UI0Detect - ok
19:19:28.0327 4856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:19:28.0330 4856 uliagpkx - ok
19:19:28.0362 4856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:19:28.0364 4856 umbus - ok
19:19:28.0385 4856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:19:28.0387 4856 UmPass - ok
19:19:28.0406 4856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:19:28.0413 4856 upnphost - ok
19:19:28.0455 4856 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:19:28.0457 4856 USBAAPL64 - ok
19:19:28.0474 4856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:19:28.0477 4856 usbccgp - ok
19:19:28.0511 4856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:19:28.0514 4856 usbcir - ok
19:19:28.0527 4856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:19:28.0529 4856 usbehci - ok
19:19:28.0568 4856 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:19:28.0570 4856 usbfilter - ok
19:19:28.0596 4856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:19:28.0602 4856 usbhub - ok
19:19:28.0616 4856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:19:28.0618 4856 usbohci - ok
19:19:28.0641 4856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:19:28.0643 4856 usbprint - ok
19:19:28.0675 4856 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:19:28.0677 4856 usbscan - ok
19:19:28.0694 4856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:19:28.0698 4856 USBSTOR - ok
19:19:28.0709 4856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:19:28.0712 4856 usbuhci - ok
19:19:28.0735 4856 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:19:28.0739 4856 usbvideo - ok
19:19:28.0762 4856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:19:28.0765 4856 UxSms - ok
19:19:28.0778 4856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:19:28.0779 4856 VaultSvc - ok
19:19:28.0804 4856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:19:28.0806 4856 vdrvroot - ok
19:19:28.0850 4856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:19:28.0860 4856 vds - ok
19:19:28.0882 4856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:19:28.0884 4856 vga - ok
19:19:28.0902 4856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:19:28.0904 4856 VgaSave - ok
19:19:28.0922 4856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:19:28.0926 4856 vhdmp - ok
19:19:28.0943 4856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:19:28.0944 4856 viaide - ok
19:19:28.0954 4856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:19:28.0956 4856 volmgr - ok
19:19:28.0995 4856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:19:29.0001 4856 volmgrx - ok
19:19:29.0016 4856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:19:29.0021 4856 volsnap - ok
19:19:29.0201 4856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:19:29.0205 4856 vsmraid - ok
19:19:29.0421 4856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:19:29.0469 4856 VSS - ok
19:19:29.0481 4856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:19:29.0483 4856 vwifibus - ok
19:19:29.0500 4856 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:19:29.0502 4856 vwififlt - ok
19:19:29.0532 4856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:19:29.0539 4856 W32Time - ok
19:19:29.0569 4856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:19:29.0571 4856 WacomPen - ok
19:19:29.0604 4856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:19:29.0607 4856 WANARP - ok
19:19:29.0611 4856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:19:29.0612 4856 Wanarpv6 - ok
19:19:29.0708 4856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:19:29.0760 4856 WatAdminSvc - ok
19:19:29.0827 4856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:19:29.0870 4856 wbengine - ok
19:19:29.0895 4856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:19:29.0902 4856 WbioSrvc - ok
19:19:29.0925 4856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:19:29.0935 4856 wcncsvc - ok
19:19:29.0947 4856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:19:29.0951 4856 WcsPlugInService - ok
19:19:29.0975 4856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:19:29.0976 4856 Wd - ok
19:19:30.0006 4856 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:19:30.0016 4856 Wdf01000 - ok
19:19:30.0029 4856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:19:30.0032 4856 WdiServiceHost - ok
19:19:30.0036 4856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:19:30.0038 4856 WdiSystemHost - ok
19:19:30.0075 4856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:19:30.0081 4856 WebClient - ok
19:19:30.0094 4856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:19:30.0099 4856 Wecsvc - ok
19:19:30.0114 4856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:19:30.0118 4856 wercplsupport - ok
19:19:30.0141 4856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:19:30.0144 4856 WerSvc - ok
19:19:30.0168 4856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:19:30.0170 4856 WfpLwf - ok
19:19:30.0188 4856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:19:30.0190 4856 WIMMount - ok
19:19:30.0226 4856 WinDefend - ok
19:19:30.0255 4856 WinHttpAutoProxySvc - ok
19:19:30.0322 4856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:19:30.0327 4856 Winmgmt - ok
19:19:30.0410 4856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:19:30.0479 4856 WinRM - ok
19:19:30.0534 4856 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:19:30.0536 4856 WinUsb - ok
19:19:30.0565 4856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:19:30.0590 4856 Wlansvc - ok
19:19:30.0734 4856 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:19:30.0795 4856 wlidsvc - ok
19:19:30.0825 4856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:19:30.0826 4856 WmiAcpi - ok
19:19:30.0851 4856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:19:30.0856 4856 wmiApSrv - ok
19:19:30.0898 4856 WMPNetworkSvc - ok
19:19:30.0918 4856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:19:30.0923 4856 WPCSvc - ok
19:19:30.0962 4856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:19:30.0969 4856 WPDBusEnum - ok
19:19:30.0999 4856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:19:31.0002 4856 ws2ifsl - ok
19:19:31.0043 4856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:19:31.0051 4856 wscsvc - ok
19:19:31.0059 4856 WSearch - ok
19:19:31.0115 4856 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:19:31.0119 4856 WudfPf - ok
19:19:31.0171 4856 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:19:31.0177 4856 WUDFRd - ok
19:19:31.0218 4856 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:19:31.0222 4856 wudfsvc - ok
19:19:31.0235 4856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:19:31.0242 4856 WwanSvc - ok
19:19:31.0270 4856 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:19:31.0277 4856 yukonw7 - ok
19:19:31.0282 4856 ================ Scan global ===============================
19:19:31.0302 4856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:19:31.0332 4856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:19:31.0343 4856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:19:31.0362 4856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:19:31.0390 4856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:19:31.0393 4856 [Global] - ok
19:19:31.0394 4856 ================ Scan MBR ==================================
19:19:31.0407 4856 [ C5ADAC2811E29E18E7863335E06800AF ] \Device\Harddisk0\DR0
19:19:31.0408 4856 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:19:31.0460 4856 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:19:31.0460 4856 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:19:31.0461 4856 ================ Scan VBR ==================================
19:19:31.0468 4856 [ 71361F111E3827C24989086094E11D42 ] \Device\Harddisk0\DR0\Partition1
19:19:31.0472 4856 \Device\Harddisk0\DR0\Partition1 - ok
19:19:31.0502 4856 [ 631179E977912F2D7D1E26A7CA9D6453 ] \Device\Harddisk0\DR0\Partition2
19:19:31.0504 4856 \Device\Harddisk0\DR0\Partition2 - ok
19:19:31.0533 4856 [ 2FBA98E681CBEB31273F29AC1109F5EB ] \Device\Harddisk0\DR0\Partition3
19:19:31.0540 4856 \Device\Harddisk0\DR0\Partition3 - ok
19:19:31.0540 4856 ============================================================
19:19:31.0540 4856 Scan finished
19:19:31.0540 4856 ============================================================
19:19:31.0554 4224 Detected object count: 1
19:19:31.0554 4224 Actual detected object count: 1
19:19:41.0264 4224 \Device\Harddisk0\DR0\# - copied to quarantine
19:19:41.0311 4224 \Device\Harddisk0\DR0 - copied to quarantine
19:19:41.0496 4224 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:19:41.0548 4224 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:19:41.0591 4224 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:19:41.0618 4224 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:19:41.0690 4224 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:19:41.0756 4224 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:19:41.0804 4224 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:19:41.0819 4224 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:19:41.0826 4224 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:19:41.0848 4224 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:19:41.0881 4224 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:19:41.0882 4224 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:19:41.0884 4224 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:19:41.0904 4224 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:19:41.0909 4224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:19:41.0933 4224 \Device\Harddisk0\DR0 - ok
19:19:42.0726 4224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:19:50.0448 4800 Deinitialize success

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 AM

Posted 21 August 2012 - 08:09 PM

Now I want you to try combofix for me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users