Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown trojan / backdoor


  • This topic is locked This topic is locked
34 replies to this topic

#1 FrostedBytes

FrostedBytes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 21 August 2012 - 04:06 PM

a few weeks ago i got a zeroaccess infection. thought i managed to clean it up. recently, windows booted into Test Mode, and i did not make this change myself. i believe an unknown backdoor is infecting my PC now because i've noticed newly created .sys and .exe files with jumbled names, and i notice scrambled named .exes in task manager.

windows firewall is also disabled or missing now because of the zeroaccess infection. please help me get this backdoor removed ASAP. i have valuable data here which i can't move anytime within the next month.
running win7 x64, if you need any more logs please tell me.



DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_32
Run by Frost at 16:00:36 on 2012-08-21
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - F:\PApps\PortableApps\SpybotPortable\App\Spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [PlayNC Launcher]
uRun: [Hyperdesktop] C:\Users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
uRun: [ribreanaxqix] C:\Users\Frost\ribreanaxqix.exe
StartupFolder: C:\Users\Frost\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGO.lnk - C:\Windows\Setup\scripts\LOGO.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - F:\PApps\PortableApps\SpybotPortable\App\Spybot\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{B31DA159-C834-4F48-AAC2-05188391B354} : NameServer = 8.8.8.8,8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - F:\PApps\PortableApps\SpybotPortable\App\Spybot\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frost\AppData\Roaming\Mozilla\Firefox\Profiles\ezt5nhne.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Frost\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-08-21 16:01:14 104896 ----a-w- C:\Users\Frost\ribreanaxqix.exe
2012-08-20 14:31:48 -------- d-----w- C:\Users\Frost\AppData\Roaming\LimeWire
2012-08-20 14:31:41 -------- d-----w- C:\Program Files (x86)\LimeWire
2012-08-17 08:48:19 -------- d-----w- C:\Program Files (x86)\Activision
2012-08-11 08:48:45 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-10 13:25:40 -------- d-----w- C:\Program Files (x86)\YAMB
2012-08-10 10:46:14 -------- d-----w- C:\Users\Frost\AppData\Local\Dxtory Software
2012-08-10 10:46:11 3673600 ----a-w- C:\Windows\System32\DxtoryCodec64.dll
2012-08-10 10:46:11 3166720 ----a-w- C:\Windows\SysWow64\DxtoryCodec.dll
2012-08-10 10:46:11 -------- d-----w- C:\Program Files (x86)\Dxtory Software
2012-08-08 16:14:11 -------- d-----w- C:\Users\Frost\AppData\Roaming\DVD Flick
2012-08-08 16:13:59 662288 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2012-08-08 16:13:59 40960 ----a-w- C:\Windows\SysWow64\ssubtmr6.dll
2012-08-08 16:13:59 36864 ----a-w- C:\Windows\SysWow64\trayicon_handler.ocx
2012-08-08 16:13:59 28672 ----a-w- C:\Windows\SysWow64\mousewheel.ocx
2012-08-08 16:13:59 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2012-08-08 16:13:59 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
2012-08-08 16:13:59 -------- d-----w- C:\Program Files (x86)\DVD Flick
2012-08-07 00:39:04 -------- d-----w- C:\Users\Frost\AppData\Local\Locktime
2012-08-07 00:37:56 -------- d-----w- C:\ProgramData\Locktime
2012-08-07 00:37:56 -------- d-----w- C:\Program Files\NetLimiter 3
2012-08-01 09:11:09 -------- d-----w- C:\Users\Frost\AppData\Local\Sony
2012-08-01 09:11:09 -------- d-----w- C:\Program Files\Sony
2012-08-01 09:11:09 -------- d-----w- C:\Program Files (x86)\Sony
2012-07-31 10:43:04 -------- d-----w- C:\Program Files (x86)\DOA Online
2012-07-31 01:48:42 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-07-31 01:48:42 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-07-31 01:48:40 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-07-31 01:45:20 -------- d-----w- C:\Riot Games
2012-07-31 00:40:56 -------- d-----w- C:\Users\Frost\AppData\Local\PMB Files
2012-07-31 00:40:55 -------- d-----w- C:\ProgramData\PMB Files
.
==================== Find3M ====================
.
2012-07-17 18:52:03 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 18:52:03 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:39:07 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 23:30:10 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-09 07:27:18 2169664 ----a-w- C:\XSplit.Core.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 16:03:39.31 ===============

Edited by FrostedBytes, 21 August 2012 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 22 August 2012 - 11:44 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 06:59 AM

"Repair Your Computer" is missing from the Advanced Boot Options when attempting to startup via F8.
When I inserted my installation CD (the exact same one I used to install Windows on this computer) and clicked on Repair my computer, I was told my version of the CD didn't match Windows Recovery, and could not proceed. After booting back, I ran a reagentc/info and found this. I have done nothing else.

Posted Image

is there anything I can do that doesn't involve restarting my PC often? every time I reboot, the problem seems to get worse.

Edited by FrostedBytes, 23 August 2012 - 07:22 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 07:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 07:46 AM

After clicking "I Agree", combofix began to run, but closed and did nothing after reaching 100% on the progress bar.

EDIT: 10 minutes after posting this, combofix is now running a blue command prompt. will report back shortly after it has completed.

Edited by FrostedBytes, 23 August 2012 - 07:54 AM.


#6 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 08:17 AM

combofix completed successfully. here is the log. Test Mode has been disabled (i'm assuming combofix did this), but now i'm worried about a PEV.exe and a ribreanaxqix.exe found in my task manager.



ComboFix 12-08-22.03 - Frost 08/23/2012 7:56.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2103 [GMT -5:00]
Running from: c:\users\Frost\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\msnmsgr.exe
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\@
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\n
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\U\00000001.@
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\U\80000000.@
c:\users\Frost\AppData\Local\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\U\800000cb.@
c:\users\Frost\AppData\Local\assembly\tmp
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Installer\{497f145a-9a75-dab6-ac16-fba3fe7e514d}
c:\windows\Installer\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\@
c:\windows\Installer\{497f145a-9a75-dab6-ac16-fba3fe7e514d}\n
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\users\Frost\ribreanaxqix.exe . . . . Failed to delete
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 13:03 . 2012-08-23 13:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-23 13:03 . 2012-08-23 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 16:01 . 2012-08-21 16:01 104896 ----a-w- c:\users\Frost\ribreanaxqix.exe
2012-08-20 14:31 . 2012-08-23 11:49 -------- d-----w- c:\users\Frost\AppData\Roaming\LimeWire
2012-08-20 14:31 . 2012-08-20 14:31 -------- d-----w- c:\program files (x86)\LimeWire
2012-08-17 08:48 . 2012-08-17 08:48 -------- d-----w- c:\program files (x86)\Activision
2012-08-11 08:49 . 2012-08-11 08:51 -------- d-----w- c:\users\Frost\AppData\Roaming\vlc
2012-08-11 08:48 . 2012-08-11 08:48 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-10 13:25 . 2012-08-10 13:26 -------- d-----w- c:\program files (x86)\YAMB
2012-08-10 10:46 . 2012-08-10 10:46 -------- d-----w- c:\users\Frost\AppData\Local\Dxtory Software
2012-08-10 10:46 . 2012-08-10 10:46 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-08-10 10:46 . 2011-05-24 04:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-08-10 10:46 . 2011-05-24 04:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-08-08 16:14 . 2012-08-08 17:13 -------- d-----w- c:\users\Frost\AppData\Roaming\DVD Flick
2012-08-08 16:13 . 2012-08-08 16:14 -------- d-----w- c:\program files (x86)\DVD Flick
2012-08-08 16:13 . 2008-08-31 18:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-08-08 16:13 . 2007-08-31 23:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-08-08 16:13 . 2004-03-09 05:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-08-08 16:13 . 2004-03-09 05:00 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2012-08-08 16:13 . 2003-01-26 18:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-08-08 16:13 . 1998-06-24 05:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-08-07 00:39 . 2012-08-07 00:39 -------- d-----w- c:\users\Frost\AppData\Local\Locktime
2012-08-07 00:37 . 2012-08-07 00:37 -------- d-----w- c:\programdata\Locktime
2012-08-07 00:37 . 2012-08-07 00:37 -------- d-----w- c:\program files\NetLimiter 3
2012-08-01 09:19 . 2012-08-01 09:19 -------- d-----w- c:\users\Frost\AppData\Roaming\Publish Providers
2012-08-01 09:11 . 2012-08-01 09:17 -------- d-----w- c:\users\Frost\AppData\Local\Sony
2012-08-01 09:11 . 2012-08-01 09:11 -------- d-----w- c:\programdata\Sony
2012-08-01 09:11 . 2012-08-01 09:11 -------- d-----w- c:\program files\Sony
2012-08-01 09:11 . 2012-08-01 09:11 -------- d-----w- c:\program files (x86)\Sony
2012-08-01 09:09 . 2012-08-01 09:19 -------- d-----w- c:\users\Frost\AppData\Roaming\Sony
2012-07-31 10:43 . 2012-07-31 10:43 -------- d-----w- c:\program files (x86)\DOA Online
2012-07-31 01:48 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-31 01:48 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-31 01:48 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-31 01:45 . 2012-07-31 01:45 -------- d-----w- C:\Riot Games
2012-07-31 00:40 . 2012-08-06 04:30 -------- d-----w- c:\users\Frost\AppData\Local\PMB Files
2012-07-31 00:40 . 2012-08-06 04:30 -------- d-----w- c:\programdata\PMB Files
2012-07-30 06:07 . 2012-07-30 06:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 18:52 . 2012-05-04 20:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 18:52 . 2012-05-04 20:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 14:39 . 2012-07-12 14:39 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-07-07 12:39 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-07 12:39 . 2009-08-18 16:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 18:46 . 2012-06-27 10:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 23:30 . 2012-05-07 22:39 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-21 13:02 . 2012-06-21 13:02 376320 ----a-r- c:\users\Frost\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
2012-06-09 07:27 . 2012-06-09 07:28 2169664 ----a-w- C:\XSplit.Core.exe
2012-06-02 22:19 . 2012-07-07 11:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-07 11:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-07 11:46 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-07 11:46 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-07 11:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-07 11:46 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-07 11:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-07-07 11:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-07-07 11:45 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hyperdesktop"="c:\users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe" [2012-08-17 357500]
"ribreanaxqix"="c:\users\Frost\ribreanaxqix.exe" [2012-08-21 104896]
.
c:\users\Frost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-11-7 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOGO.lnk - c:\windows\Setup\scripts\LOGO.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 EagleX64;EagleX64;c:\users\Frost\AppData\Local\Temp\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-05 283200]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-04-03 1262912]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-04 677480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*Deregistered* - ab9f4c1f600224a
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4e474ff3-5bfa-4873-a5b9-016f8cec2a5f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{B31DA159-C834-4F48-AAC2-05188391B354}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Frost\AppData\Roaming\Mozilla\Firefox\Profiles\ezt5nhne.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Notify-LBTWlgn - (no file)
SafeBoot-14637320.sys
AddRemove-Seven Kingdoms AA - c:\program files\Seven Kingdoms AA\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ab9f4c1f600224a]
"ImagePath"="\SystemRoot\System32\Drivers\ab9f4c1f600224a.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe
.
**************************************************************************
.
Completion time: 2012-08-23 08:12:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 13:12
.
Pre-Run: 800,030,490,624 bytes free
Post-Run: 801,885,343,744 bytes free
.
- - End Of File - - 57D8FC414F159233F16CF603548033E5

Edited by FrostedBytes, 23 August 2012 - 08:17 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 09:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 09:52 AM

I ran TDSSKiller and encountered a "Could not load driver" error.
Posted Image
however, the program did scan, here is the log

09:45:08.0320 3312 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
09:45:08.0710 3312 ============================================================
09:45:08.0710 3312 Current date / time: 2012/08/23 09:45:08.0710
09:45:08.0710 3312 SystemInfo:
09:45:08.0710 3312
09:45:08.0710 3312 OS Version: 6.1.7600 ServicePack: 0.0
09:45:08.0710 3312 Product type: Workstation
09:45:08.0710 3312 ComputerName: FROST-PC
09:45:08.0710 3312 UserName: Frost
09:45:08.0710 3312 Windows directory: C:\Windows
09:45:08.0710 3312 System windows directory: C:\Windows
09:45:08.0710 3312 Running under WOW64
09:45:08.0710 3312 Processor architecture: Intel x64
09:45:08.0710 3312 Number of processors: 4
09:45:08.0710 3312 Page size: 0x1000
09:45:08.0710 3312 Boot type: Normal boot
09:45:08.0710 3312 ============================================================
09:45:10.0770 3312 !crdlk
09:45:11.0238 3312 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
09:45:11.0253 3312 Drive \Device\Harddisk1\DR1 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:45:11.0253 3312 ============================================================
09:45:11.0253 3312 \Device\Harddisk0\DR0:
09:45:11.0269 3312 MBR partitions:
09:45:11.0269 3312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:45:11.0269 3312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
09:45:11.0269 3312 \Device\Harddisk1\DR1:
09:45:11.0269 3312 MBR partitions:
09:45:11.0269 3312 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
09:45:11.0269 3312 ============================================================
09:45:11.0362 3312 C: <-> \Device\Harddisk0\DR0\Partition2
09:45:11.0362 3312 ============================================================
09:45:11.0362 3312 Initialize success
09:45:11.0362 3312 ============================================================
09:45:15.0606 2120 ============================================================
09:45:15.0606 2120 Scan started
09:45:15.0606 2120 Mode: Manual; SigCheck; TDLFS;
09:45:15.0606 2120 ============================================================
09:45:16.0838 2120 ================ Scan system memory ========================
09:45:16.0838 2120 System memory - ok
09:45:16.0838 2120 ================ Scan services =============================
09:45:17.0103 2120 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:45:17.0197 2120 !SASCORE - ok
09:45:20.0676 2120 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:45:20.0925 2120 1394ohci - ok
09:45:20.0972 2120 Suspicious service (NoAccess): ab9f4c1f600224a
09:45:21.0112 2120 [ 0863F37BF4B445E033285792FA056C43 ] ab9f4c1f600224a C:\Windows\System32\Drivers\ab9f4c1f600224a.sys
09:45:21.0112 2120 Suspicious file (NoAccess): C:\Windows\System32\Drivers\ab9f4c1f600224a.sys. md5: 0863F37BF4B445E033285792FA056C43
09:45:21.0237 2120 ab9f4c1f600224a ( Rootkit.Win32.Necurs.gen ) - infected
09:45:21.0237 2120 ab9f4c1f600224a - detected Rootkit.Win32.Necurs.gen (0)
09:45:21.0409 2120 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
09:45:21.0424 2120 ACPI - ok
09:45:21.0596 2120 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
09:45:21.0736 2120 AcpiPmi - ok
09:45:22.0267 2120 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:45:22.0298 2120 adp94xx - ok
09:45:22.0516 2120 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:45:22.0548 2120 adpahci - ok
09:45:22.0641 2120 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:45:22.0641 2120 adpu320 - ok
09:45:22.0797 2120 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:45:23.0312 2120 AeLookupSvc - ok
09:45:24.0264 2120 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
09:45:24.0295 2120 AFD - ok
09:45:24.0482 2120 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
09:45:24.0498 2120 agp440 - ok
09:45:24.0685 2120 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:45:24.0747 2120 ALG - ok
09:45:24.0810 2120 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
09:45:24.0825 2120 aliide - ok
09:45:24.0841 2120 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
09:45:24.0856 2120 amdide - ok
09:45:24.0888 2120 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:45:24.0903 2120 AmdK8 - ok
09:45:24.0934 2120 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:45:24.0950 2120 AmdPPM - ok
09:45:24.0981 2120 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
09:45:24.0997 2120 amdsata - ok
09:45:25.0012 2120 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:45:25.0028 2120 amdsbs - ok
09:45:25.0044 2120 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
09:45:25.0044 2120 amdxata - ok
09:45:25.0075 2120 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
09:45:25.0122 2120 AppID - ok
09:45:25.0137 2120 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:45:25.0184 2120 AppIDSvc - ok
09:45:25.0200 2120 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
09:45:25.0262 2120 Appinfo - ok
09:45:25.0293 2120 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:45:25.0340 2120 AppMgmt - ok
09:45:25.0356 2120 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:45:25.0356 2120 arc - ok
09:45:25.0371 2120 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:45:25.0387 2120 arcsas - ok
09:45:25.0434 2120 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:45:25.0480 2120 AsyncMac - ok
09:45:25.0496 2120 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
09:45:25.0512 2120 atapi - ok
09:45:25.0527 2120 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:45:25.0574 2120 AudioEndpointBuilder - ok
09:45:25.0605 2120 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:45:25.0636 2120 AudioSrv - ok
09:45:25.0652 2120 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:45:25.0699 2120 AxInstSV - ok
09:45:25.0730 2120 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:45:25.0777 2120 b06bdrv - ok
09:45:25.0808 2120 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:45:25.0824 2120 b57nd60a - ok
09:45:25.0855 2120 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:45:25.0886 2120 BDESVC - ok
09:45:25.0917 2120 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:45:25.0964 2120 Beep - ok
09:45:26.0011 2120 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
09:45:26.0058 2120 BFE - ok
09:45:26.0089 2120 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:45:26.0120 2120 blbdrive - ok
09:45:26.0136 2120 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:45:26.0167 2120 bowser - ok
09:45:26.0182 2120 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:45:26.0198 2120 BrFiltLo - ok
09:45:26.0214 2120 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:45:26.0229 2120 BrFiltUp - ok
09:45:26.0260 2120 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:45:26.0292 2120 BridgeMP - ok
09:45:26.0323 2120 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
09:45:26.0338 2120 Browser - ok
09:45:26.0370 2120 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:45:26.0385 2120 Brserid - ok
09:45:26.0401 2120 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:45:26.0416 2120 BrSerWdm - ok
09:45:26.0432 2120 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:45:26.0448 2120 BrUsbMdm - ok
09:45:26.0463 2120 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:45:26.0479 2120 BrUsbSer - ok
09:45:26.0479 2120 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:45:26.0510 2120 BTHMODEM - ok
09:45:26.0526 2120 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:45:26.0557 2120 bthserv - ok
09:45:26.0666 2120 catchme - ok
09:45:26.0697 2120 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:45:26.0713 2120 cdfs - ok
09:45:26.0728 2120 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:45:26.0744 2120 cdrom - ok
09:45:26.0760 2120 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
09:45:26.0775 2120 CertPropSvc - ok
09:45:26.0806 2120 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:45:26.0822 2120 circlass - ok
09:45:26.0853 2120 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:45:26.0853 2120 CLFS - ok
09:45:26.0916 2120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:45:26.0931 2120 clr_optimization_v2.0.50727_32 - ok
09:45:26.0994 2120 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:45:26.0994 2120 clr_optimization_v2.0.50727_64 - ok
09:45:27.0056 2120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:45:27.0087 2120 clr_optimization_v4.0.30319_32 - ok
09:45:27.0103 2120 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:45:27.0118 2120 clr_optimization_v4.0.30319_64 - ok
09:45:27.0150 2120 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:45:27.0150 2120 CmBatt - ok
09:45:27.0165 2120 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
09:45:27.0165 2120 cmdide - ok
09:45:27.0181 2120 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
09:45:27.0228 2120 CNG - ok
09:45:27.0243 2120 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:45:27.0243 2120 Compbatt - ok
09:45:27.0259 2120 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:45:27.0337 2120 CompositeBus - ok
09:45:27.0337 2120 COMSysApp - ok
09:45:27.0368 2120 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:45:27.0368 2120 crcdisk - ok
09:45:27.0430 2120 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:45:27.0462 2120 CryptSvc - ok
09:45:27.0493 2120 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
09:45:27.0524 2120 CSC - ok
09:45:27.0555 2120 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
09:45:27.0571 2120 CscService - ok
09:45:27.0602 2120 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:45:27.0633 2120 DcomLaunch - ok
09:45:27.0711 2120 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:45:27.0758 2120 defragsvc - ok
09:45:27.0774 2120 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:45:27.0820 2120 DfsC - ok
09:45:27.0852 2120 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
09:45:27.0883 2120 Dhcp - ok
09:45:27.0898 2120 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:45:27.0930 2120 discache - ok
09:45:27.0945 2120 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:45:27.0961 2120 Disk - ok
09:45:27.0992 2120 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:45:28.0008 2120 Dnscache - ok
09:45:28.0023 2120 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
09:45:28.0070 2120 dot3svc - ok
09:45:28.0101 2120 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
09:45:28.0132 2120 DPS - ok
09:45:28.0148 2120 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:45:28.0164 2120 drmkaud - ok
09:45:28.0195 2120 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:45:28.0195 2120 dtsoftbus01 - ok
09:45:28.0242 2120 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:45:28.0257 2120 DXGKrnl - ok
09:45:28.0304 2120 EagleX64 - ok
09:45:28.0320 2120 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:45:28.0351 2120 EapHost - ok
09:45:28.0398 2120 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:45:28.0476 2120 ebdrv - ok
09:45:28.0491 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
09:45:28.0507 2120 EFS - ok
09:45:28.0569 2120 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:45:28.0600 2120 ehRecvr - ok
09:45:28.0616 2120 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:45:28.0632 2120 ehSched - ok
09:45:28.0663 2120 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:45:28.0678 2120 elxstor - ok
09:45:28.0694 2120 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
09:45:28.0694 2120 ErrDev - ok
09:45:28.0741 2120 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:45:28.0756 2120 EventSystem - ok
09:45:28.0788 2120 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:45:28.0803 2120 exfat - ok
09:45:28.0834 2120 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:45:28.0866 2120 fastfat - ok
09:45:28.0897 2120 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
09:45:28.0959 2120 Fax - ok
09:45:28.0975 2120 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:45:28.0975 2120 fdc - ok
09:45:29.0006 2120 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:45:29.0022 2120 fdPHost - ok
09:45:29.0053 2120 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:45:29.0084 2120 FDResPub - ok
09:45:29.0100 2120 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:45:29.0115 2120 FileInfo - ok
09:45:29.0131 2120 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:45:29.0162 2120 Filetrace - ok
09:45:29.0178 2120 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:45:29.0178 2120 flpydisk - ok
09:45:29.0209 2120 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:45:29.0209 2120 FltMgr - ok
09:45:29.0271 2120 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
09:45:29.0318 2120 FontCache - ok
09:45:29.0365 2120 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:45:29.0365 2120 FontCache3.0.0.0 - ok
09:45:29.0380 2120 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:45:29.0380 2120 FsDepends - ok
09:45:29.0396 2120 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:45:29.0412 2120 Fs_Rec - ok
09:45:29.0443 2120 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:45:29.0458 2120 fvevol - ok
09:45:29.0474 2120 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:45:29.0474 2120 gagp30kx - ok
09:45:29.0505 2120 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
09:45:29.0536 2120 gpsvc - ok
09:45:29.0552 2120 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:45:29.0599 2120 hcw85cir - ok
09:45:29.0630 2120 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:45:29.0646 2120 HdAudAddService - ok
09:45:29.0677 2120 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:45:29.0708 2120 HDAudBus - ok
09:45:29.0739 2120 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:45:29.0739 2120 HidBatt - ok
09:45:29.0755 2120 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:45:29.0786 2120 HidBth - ok
09:45:29.0802 2120 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:45:29.0817 2120 HidIr - ok
09:45:29.0848 2120 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:45:29.0880 2120 hidserv - ok
09:45:29.0911 2120 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:45:29.0911 2120 HidUsb - ok
09:45:29.0973 2120 [ A68E6B53BBA0F546821E1586DD4F1CDF ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
09:45:29.0989 2120 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
09:45:29.0989 2120 HiPatchService - detected UnsignedFile.Multi.Generic (1)
09:45:30.0020 2120 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:45:30.0051 2120 hkmsvc - ok
09:45:30.0067 2120 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:45:30.0098 2120 HomeGroupListener - ok
09:45:30.0145 2120 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:45:30.0160 2120 HomeGroupProvider - ok
09:45:30.0192 2120 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
09:45:30.0192 2120 HpSAMD - ok
09:45:30.0223 2120 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:45:30.0254 2120 HTTP - ok
09:45:30.0285 2120 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:45:30.0285 2120 hwpolicy - ok
09:45:30.0316 2120 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:45:30.0316 2120 i8042prt - ok
09:45:30.0348 2120 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
09:45:30.0363 2120 iaStorV - ok
09:45:30.0394 2120 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:45:30.0410 2120 idsvc - ok
09:45:30.0426 2120 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:45:30.0426 2120 iirsp - ok
09:45:30.0457 2120 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
09:45:30.0504 2120 IKEEXT - ok
09:45:30.0987 2120 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
09:45:31.0003 2120 intelide - ok
09:45:31.0034 2120 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:45:31.0050 2120 intelppm - ok
09:45:31.0096 2120 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:45:31.0112 2120 IPBusEnum - ok
09:45:31.0159 2120 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:45:31.0174 2120 IpFilterDriver - ok
09:45:31.0221 2120 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:45:31.0268 2120 iphlpsvc - ok
09:45:31.0284 2120 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:45:31.0284 2120 IPMIDRV - ok
09:45:31.0315 2120 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:45:31.0330 2120 IPNAT - ok
09:45:31.0362 2120 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:45:31.0362 2120 IRENUM - ok
09:45:31.0377 2120 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
09:45:31.0377 2120 isapnp - ok
09:45:31.0408 2120 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:45:31.0408 2120 iScsiPrt - ok
09:45:31.0424 2120 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:45:31.0440 2120 kbdclass - ok
09:45:31.0455 2120 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:45:31.0471 2120 kbdhid - ok
09:45:31.0502 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
09:45:31.0502 2120 KeyIso - ok
09:45:31.0518 2120 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:45:31.0533 2120 KSecDD - ok
09:45:31.0549 2120 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:45:31.0549 2120 KSecPkg - ok
09:45:31.0564 2120 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:45:31.0611 2120 ksthunk - ok
09:45:31.0627 2120 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:45:31.0658 2120 KtmRm - ok
09:45:31.0720 2120 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:45:31.0752 2120 LanmanServer - ok
09:45:31.0767 2120 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:45:31.0814 2120 LanmanWorkstation - ok
09:45:31.0892 2120 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:45:31.0892 2120 LBTServ - ok
09:45:31.0923 2120 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:45:31.0923 2120 LHidFilt - ok
09:45:31.0939 2120 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:45:31.0970 2120 lltdio - ok
09:45:31.0986 2120 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:45:32.0017 2120 lltdsvc - ok
09:45:32.0048 2120 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:45:32.0064 2120 lmhosts - ok
09:45:32.0079 2120 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:45:32.0095 2120 LMouFilt - ok
09:45:32.0110 2120 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:45:32.0110 2120 LSI_FC - ok
09:45:32.0126 2120 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:45:32.0126 2120 LSI_SAS - ok
09:45:32.0142 2120 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:45:32.0157 2120 LSI_SAS2 - ok
09:45:32.0157 2120 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:45:32.0173 2120 LSI_SCSI - ok
09:45:32.0173 2120 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:45:32.0220 2120 luafv - ok
09:45:32.0266 2120 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:45:32.0266 2120 MBAMProtector - ok
09:45:32.0313 2120 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:45:32.0329 2120 MBAMService - ok
09:45:32.0344 2120 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:45:32.0407 2120 Mcx2Svc - ok
09:45:32.0500 2120 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:45:32.0500 2120 megasas - ok
09:45:32.0516 2120 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:45:32.0516 2120 MegaSR - ok
09:45:32.0547 2120 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:45:32.0563 2120 MMCSS - ok
09:45:32.0594 2120 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:45:32.0625 2120 Modem - ok
09:45:32.0641 2120 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:45:32.0656 2120 monitor - ok
09:45:32.0672 2120 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:45:32.0672 2120 mouclass - ok
09:45:32.0688 2120 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:45:32.0688 2120 mouhid - ok
09:45:32.0703 2120 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:45:32.0719 2120 mountmgr - ok
09:45:32.0781 2120 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:45:32.0781 2120 MozillaMaintenance - ok
09:45:32.0812 2120 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
09:45:32.0812 2120 mpio - ok
09:45:32.0844 2120 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:45:32.0859 2120 mpsdrv - ok
09:45:32.0890 2120 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:45:32.0937 2120 MpsSvc - ok
09:45:32.0953 2120 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:45:32.0984 2120 MRxDAV - ok
09:45:33.0000 2120 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:45:33.0046 2120 mrxsmb - ok
09:45:33.0062 2120 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:45:33.0093 2120 mrxsmb10 - ok
09:45:33.0109 2120 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:45:33.0140 2120 mrxsmb20 - ok
09:45:33.0156 2120 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
09:45:33.0156 2120 msahci - ok
09:45:33.0156 2120 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
09:45:33.0171 2120 msdsm - ok
09:45:33.0187 2120 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:45:33.0202 2120 MSDTC - ok
09:45:33.0249 2120 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:45:33.0265 2120 Msfs - ok
09:45:33.0280 2120 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:45:33.0296 2120 mshidkmdf - ok
09:45:33.0312 2120 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
09:45:33.0312 2120 msisadrv - ok
09:45:33.0343 2120 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:45:33.0374 2120 MSiSCSI - ok
09:45:33.0390 2120 msiserver - ok
09:45:33.0421 2120 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:45:33.0452 2120 MSKSSRV - ok
09:45:33.0483 2120 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:45:33.0499 2120 MSPCLOCK - ok
09:45:33.0514 2120 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:45:33.0546 2120 MSPQM - ok
09:45:33.0577 2120 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:45:33.0577 2120 MsRPC - ok
09:45:33.0592 2120 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:45:33.0592 2120 mssmbios - ok
09:45:33.0624 2120 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:45:33.0655 2120 MSTEE - ok
09:45:33.0670 2120 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:45:33.0670 2120 MTConfig - ok
09:45:33.0686 2120 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:45:33.0702 2120 Mup - ok
09:45:33.0717 2120 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
09:45:33.0748 2120 napagent - ok
09:45:33.0780 2120 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:45:33.0842 2120 NativeWifiP - ok
09:45:33.0920 2120 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:45:33.0936 2120 NDIS - ok
09:45:33.0951 2120 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:45:33.0982 2120 NdisCap - ok
09:45:33.0998 2120 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:45:34.0045 2120 NdisTapi - ok
09:45:34.0060 2120 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:45:34.0076 2120 Ndisuio - ok
09:45:34.0107 2120 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:45:34.0123 2120 NdisWan - ok
09:45:34.0139 2120 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:45:34.0170 2120 NDProxy - ok
09:45:34.0170 2120 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:45:34.0201 2120 NetBIOS - ok
09:45:34.0217 2120 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:45:34.0232 2120 NetBT - ok
09:45:34.0248 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
09:45:34.0263 2120 Netlogon - ok
09:45:34.0279 2120 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:45:34.0326 2120 Netman - ok
09:45:34.0357 2120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:45:34.0388 2120 NetMsmqActivator - ok
09:45:34.0404 2120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:45:34.0419 2120 NetPipeActivator - ok
09:45:34.0435 2120 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:45:34.0451 2120 netprofm - ok
09:45:34.0466 2120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:45:34.0466 2120 NetTcpActivator - ok
09:45:34.0482 2120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:45:34.0497 2120 NetTcpPortSharing - ok
09:45:34.0513 2120 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:45:34.0513 2120 nfrd960 - ok
09:45:34.0544 2120 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:45:34.0560 2120 NlaSvc - ok
09:45:34.0607 2120 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
09:45:34.0622 2120 NLNdisMP - ok
09:45:34.0622 2120 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
09:45:34.0622 2120 NLNdisPT - ok
09:45:34.0700 2120 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
09:45:34.0747 2120 nlsvc ( UnsignedFile.Multi.Generic ) - warning
09:45:34.0747 2120 nlsvc - detected UnsignedFile.Multi.Generic (1)
09:45:34.0763 2120 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
09:45:34.0763 2120 nltdi - ok
09:45:34.0778 2120 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:45:34.0809 2120 Npfs - ok
09:45:34.0825 2120 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:45:34.0856 2120 nsi - ok
09:45:34.0856 2120 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:45:34.0903 2120 nsiproxy - ok
09:45:34.0934 2120 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:45:34.0965 2120 Ntfs - ok
09:45:34.0981 2120 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:45:34.0997 2120 Null - ok
09:45:35.0199 2120 [ 074C7C7841DB4490B809B632CF192077 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:45:35.0480 2120 nvlddmkm - ok
09:45:35.0496 2120 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
09:45:35.0511 2120 nvraid - ok
09:45:35.0511 2120 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
09:45:35.0527 2120 nvstor - ok
09:45:35.0558 2120 [ 27FD8889A5F3C13434D057B8E6409C7F ] nvsvc C:\Windows\system32\nvvsvc.exe
09:45:35.0574 2120 nvsvc - ok
09:45:35.0605 2120 [ 2466C321A92EBAD73F3C43100BE19615 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:45:35.0636 2120 nvUpdatusService - ok
09:45:35.0652 2120 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
09:45:35.0667 2120 nv_agp - ok
09:45:35.0683 2120 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:45:35.0683 2120 ohci1394 - ok
09:45:35.0745 2120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:45:35.0792 2120 p2pimsvc - ok
09:45:35.0823 2120 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:45:35.0839 2120 p2psvc - ok
09:45:35.0870 2120 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:45:35.0870 2120 Parport - ok
09:45:35.0901 2120 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:45:35.0917 2120 partmgr - ok
09:45:35.0933 2120 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:45:35.0948 2120 PcaSvc - ok
09:45:35.0964 2120 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
09:45:35.0964 2120 pci - ok
09:45:35.0979 2120 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
09:45:35.0979 2120 pciide - ok
09:45:36.0011 2120 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:45:36.0011 2120 pcmcia - ok
09:45:36.0042 2120 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:45:36.0042 2120 pcw - ok
09:45:36.0057 2120 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:45:36.0104 2120 PEAUTH - ok
09:45:36.0151 2120 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:45:36.0213 2120 PeerDistSvc - ok
09:45:36.0276 2120 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:45:36.0307 2120 PerfHost - ok
09:45:36.0354 2120 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
09:45:36.0401 2120 pla - ok
09:45:36.0416 2120 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:45:36.0447 2120 PlugPlay - ok
09:45:36.0463 2120 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:45:36.0479 2120 PNRPAutoReg - ok
09:45:36.0494 2120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:45:36.0494 2120 PNRPsvc - ok
09:45:36.0525 2120 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:45:36.0557 2120 PolicyAgent - ok
09:45:36.0572 2120 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:45:36.0603 2120 Power - ok
09:45:36.0635 2120 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:45:36.0666 2120 PptpMiniport - ok
09:45:36.0697 2120 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:45:36.0697 2120 Processor - ok
09:45:36.0744 2120 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
09:45:36.0791 2120 ProfSvc - ok
09:45:36.0806 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
09:45:36.0822 2120 ProtectedStorage - ok
09:45:36.0837 2120 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:45:36.0853 2120 Psched - ok
09:45:36.0900 2120 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:45:36.0931 2120 ql2300 - ok
09:45:36.0947 2120 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:45:36.0962 2120 ql40xx - ok
09:45:36.0978 2120 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:45:36.0978 2120 QWAVE - ok
09:45:36.0993 2120 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:45:37.0009 2120 QWAVEdrv - ok
09:45:37.0025 2120 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:45:37.0056 2120 RasAcd - ok
09:45:37.0087 2120 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:45:37.0103 2120 RasAgileVpn - ok
09:45:37.0118 2120 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:45:37.0134 2120 RasAuto - ok
09:45:37.0149 2120 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:45:37.0181 2120 Rasl2tp - ok
09:45:37.0196 2120 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
09:45:37.0227 2120 RasMan - ok
09:45:37.0243 2120 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:45:37.0274 2120 RasPppoe - ok
09:45:37.0290 2120 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:45:37.0321 2120 RasSstp - ok
09:45:37.0337 2120 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:45:37.0352 2120 rdbss - ok
09:45:37.0368 2120 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:45:37.0383 2120 rdpbus - ok
09:45:37.0399 2120 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:45:37.0415 2120 RDPCDD - ok
09:45:37.0446 2120 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:45:37.0493 2120 RDPDR - ok
09:45:37.0602 2120 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:45:37.0633 2120 RDPENCDD - ok
09:45:37.0649 2120 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:45:37.0664 2120 RDPREFMP - ok
09:45:37.0695 2120 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:45:37.0711 2120 RDPWD - ok
09:45:37.0742 2120 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:45:37.0758 2120 rdyboost - ok
09:45:37.0773 2120 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:45:37.0789 2120 RemoteAccess - ok
09:45:37.0805 2120 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:45:37.0836 2120 RemoteRegistry - ok
09:45:37.0851 2120 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:45:37.0883 2120 RpcEptMapper - ok
09:45:37.0914 2120 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:45:37.0929 2120 RpcLocator - ok
09:45:37.0961 2120 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\System32\rpcss.dll
09:45:37.0992 2120 RpcSs - ok
09:45:38.0007 2120 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:45:38.0039 2120 rspndr - ok
09:45:38.0085 2120 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:45:38.0101 2120 RTL8167 - ok
09:45:38.0117 2120 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
09:45:38.0148 2120 s3cap - ok
09:45:38.0163 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
09:45:38.0179 2120 SamSs - ok
09:45:38.0226 2120 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:45:38.0226 2120 SASDIFSV - ok
09:45:38.0241 2120 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:45:38.0241 2120 SASKUTIL - ok
09:45:38.0257 2120 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
09:45:38.0273 2120 sbp2port - ok
09:45:38.0288 2120 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:45:38.0304 2120 SCardSvr - ok
09:45:38.0319 2120 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:45:38.0335 2120 scfilter - ok
09:45:38.0366 2120 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
09:45:38.0397 2120 Schedule - ok
09:45:38.0429 2120 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:45:38.0460 2120 SCPolicySvc - ok
09:45:38.0475 2120 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:45:38.0507 2120 SDRSVC - ok
09:45:38.0522 2120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:45:38.0569 2120 secdrv - ok
09:45:38.0585 2120 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
09:45:38.0616 2120 seclogon - ok
09:45:38.0647 2120 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:45:38.0663 2120 SENS - ok
09:45:38.0678 2120 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:45:38.0725 2120 SensrSvc - ok
09:45:38.0756 2120 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:45:38.0756 2120 Serenum - ok
09:45:38.0756 2120 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:45:38.0772 2120 Serial - ok
09:45:38.0787 2120 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:45:38.0803 2120 sermouse - ok
09:45:38.0834 2120 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
09:45:38.0865 2120 SessionEnv - ok
09:45:38.0897 2120 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:45:38.0943 2120 sffdisk - ok
09:45:38.0975 2120 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:45:38.0975 2120 sffp_mmc - ok
09:45:39.0021 2120 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:45:39.0021 2120 sffp_sd - ok
09:45:39.0037 2120 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:45:39.0037 2120 sfloppy - ok
09:45:39.0053 2120 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:45:39.0068 2120 SharedAccess - ok
09:45:39.0099 2120 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:45:39.0115 2120 ShellHWDetection - ok
09:45:39.0146 2120 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:45:39.0146 2120 SiSRaid2 - ok
09:45:39.0162 2120 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:45:39.0162 2120 SiSRaid4 - ok
09:45:39.0209 2120 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:45:39.0209 2120 SkypeUpdate - ok
09:45:39.0224 2120 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:45:39.0255 2120 Smb - ok
09:45:39.0287 2120 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:45:39.0287 2120 SNMPTRAP - ok
09:45:39.0302 2120 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:45:39.0302 2120 spldr - ok
09:45:39.0333 2120 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
09:45:39.0349 2120 Spooler - ok
09:45:39.0396 2120 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
09:45:39.0458 2120 sppsvc - ok
09:45:39.0489 2120 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:45:39.0505 2120 sppuinotify - ok
09:45:39.0552 2120 [ DE6F5658DA951C4BC8E498570B5B0D5F ] srv C:\Windows\system32\DRIVERS\srv.sys
09:45:39.0583 2120 srv - ok
09:45:39.0614 2120 [ 4D33D59C0B930C523D29F9BD40CDA9D2 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:45:39.0630 2120 srv2 - ok
09:45:39.0661 2120 [ 5A663FD67049267BC5C3F3279E631FFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:45:39.0677 2120 srvnet - ok
09:45:39.0708 2120 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:45:39.0739 2120 SSDPSRV - ok
09:45:39.0755 2120 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:45:39.0786 2120 SstpSvc - ok
09:45:39.0817 2120 Steam Client Service - ok
09:45:39.0833 2120 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:45:39.0833 2120 stexstor - ok
09:45:39.0879 2120 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
09:45:39.0911 2120 stisvc - ok
09:45:39.0942 2120 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
09:45:39.0942 2120 storflt - ok
09:45:39.0957 2120 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
09:45:39.0973 2120 storvsc - ok
09:45:39.0989 2120 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:45:39.0989 2120 swenum - ok
09:45:40.0020 2120 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:45:40.0035 2120 swprv - ok
09:45:40.0067 2120 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
09:45:40.0098 2120 SysMain - ok
09:45:40.0113 2120 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:45:40.0145 2120 TabletInputService - ok
09:45:40.0176 2120 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
09:45:40.0191 2120 TapiSrv - ok
09:45:40.0207 2120 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:45:40.0223 2120 TBS - ok
09:45:40.0269 2120 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:45:40.0301 2120 Tcpip - ok
09:45:40.0332 2120 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:45:40.0363 2120 TCPIP6 - ok
09:45:40.0379 2120 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:45:40.0410 2120 tcpipreg - ok
09:45:40.0425 2120 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:45:40.0457 2120 TDPIPE - ok
09:45:40.0472 2120 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:45:40.0503 2120 TDTCP - ok
09:45:40.0519 2120 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:45:40.0550 2120 tdx - ok
09:45:40.0566 2120 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:45:40.0581 2120 TermDD - ok
09:45:40.0597 2120 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
09:45:40.0644 2120 TermService - ok
09:45:40.0675 2120 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:45:40.0675 2120 Themes - ok
09:45:40.0706 2120 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:45:40.0722 2120 THREADORDER - ok
09:45:40.0737 2120 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:45:40.0769 2120 TrkWks - ok
09:45:40.0800 2120 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:45:40.0815 2120 TrustedInstaller - ok
09:45:40.0831 2120 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:45:40.0862 2120 tssecsrv - ok
09:45:40.0878 2120 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:45:40.0925 2120 tunnel - ok
09:45:40.0956 2120 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:45:40.0956 2120 uagp35 - ok
09:45:40.0987 2120 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:45:41.0018 2120 udfs - ok
09:45:41.0065 2120 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:45:41.0065 2120 UI0Detect - ok
09:45:41.0081 2120 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
09:45:41.0096 2120 uliagpkx - ok
09:45:41.0112 2120 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:45:41.0112 2120 umbus - ok
09:45:41.0143 2120 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:45:41.0143 2120 UmPass - ok
09:45:41.0174 2120 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
09:45:41.0190 2120 UmRdpService - ok
09:45:41.0205 2120 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:45:41.0237 2120 upnphost - ok
09:45:41.0268 2120 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:45:41.0283 2120 usbaudio - ok
09:45:41.0315 2120 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:45:41.0330 2120 usbccgp - ok
09:45:41.0346 2120 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
09:45:41.0361 2120 usbcir - ok
09:45:41.0377 2120 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:45:41.0377 2120 usbehci - ok
09:45:41.0393 2120 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:45:41.0408 2120 usbhub - ok
09:45:41.0439 2120 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:45:41.0439 2120 usbohci - ok
09:45:41.0455 2120 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:45:41.0471 2120 usbprint - ok
09:45:41.0471 2120 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:45:41.0486 2120 USBSTOR - ok
09:45:41.0502 2120 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:45:41.0502 2120 usbuhci - ok
09:45:41.0533 2120 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:45:41.0549 2120 UxSms - ok
09:45:41.0564 2120 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
09:45:41.0580 2120 VaultSvc - ok
09:45:41.0595 2120 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
09:45:41.0595 2120 vdrvroot - ok
09:45:41.0627 2120 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
09:45:41.0627 2120 vds - ok
09:45:41.0658 2120 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:45:41.0658 2120 vga - ok
09:45:41.0673 2120 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:45:41.0720 2120 VgaSave - ok
09:45:41.0736 2120 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
09:45:41.0751 2120 vhdmp - ok
09:45:41.0767 2120 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
09:45:41.0783 2120 viaide - ok
09:45:41.0798 2120 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
09:45:41.0814 2120 vmbus - ok
09:45:41.0829 2120 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
09:45:41.0845 2120 VMBusHID - ok
09:45:41.0861 2120 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
09:45:41.0861 2120 volmgr - ok
09:45:41.0876 2120 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:45:41.0892 2120 volmgrx - ok
09:45:41.0892 2120 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
09:45:41.0907 2120 volsnap - ok
09:45:41.0939 2120 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:45:41.0939 2120 vsmraid - ok
09:45:41.0985 2120 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
09:45:42.0032 2120 VSS - ok
09:45:42.0048 2120 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:45:42.0048 2120 vwifibus - ok
09:45:42.0079 2120 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:45:42.0095 2120 W32Time - ok
09:45:42.0126 2120 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:45:42.0126 2120 WacomPen - ok
09:45:42.0157 2120 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:45:42.0173 2120 WANARP - ok
09:45:42.0188 2120 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:45:42.0204 2120 Wanarpv6 - ok
09:45:42.0235 2120 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
09:45:42.0297 2120 wbengine - ok
09:45:42.0329 2120 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:45:42.0344 2120 WbioSrvc - ok
09:45:42.0360 2120 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:45:42.0391 2120 wcncsvc - ok
09:45:42.0407 2120 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:45:42.0438 2120 WcsPlugInService - ok
09:45:42.0453 2120 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:45:42.0453 2120 Wd - ok
09:45:42.0485 2120 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:45:42.0500 2120 Wdf01000 - ok
09:45:42.0516 2120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:45:42.0531 2120 WdiServiceHost - ok
09:45:42.0547 2120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:45:42.0563 2120 WdiSystemHost - ok
09:45:42.0625 2120 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
09:45:42.0656 2120 WebClient - ok
09:45:42.0687 2120 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:45:42.0719 2120 Wecsvc - ok
09:45:42.0750 2120 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:45:42.0765 2120 wercplsupport - ok
09:45:42.0781 2120 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:45:42.0812 2120 WerSvc - ok
09:45:42.0828 2120 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:45:42.0843 2120 WfpLwf - ok
09:45:42.0859 2120 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:45:42.0875 2120 WIMMount - ok
09:45:42.0890 2120 WinDefend - ok
09:45:42.0906 2120 WinHttpAutoProxySvc - ok
09:45:42.0953 2120 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:45:42.0984 2120 Winmgmt - ok
09:45:43.0031 2120 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
09:45:43.0093 2120 WinRM - ok
09:45:43.0140 2120 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:45:43.0155 2120 Wlansvc - ok
09:45:43.0249 2120 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:45:43.0296 2120 wlidsvc - ok
09:45:43.0327 2120 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:45:43.0327 2120 WmiAcpi - ok
09:45:43.0358 2120 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:45:43.0358 2120 wmiApSrv - ok
09:45:43.0374 2120 WMPNetworkSvc - ok
09:45:43.0389 2120 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:45:43.0421 2120 WPCSvc - ok
09:45:43.0436 2120 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:45:43.0467 2120 WPDBusEnum - ok
09:45:43.0483 2120 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:45:43.0499 2120 ws2ifsl - ok
09:45:43.0545 2120 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
09:45:43.0561 2120 wscsvc - ok
09:45:43.0577 2120 WSearch - ok
09:45:43.0639 2120 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:45:43.0686 2120 wuauserv - ok
09:45:43.0701 2120 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:45:43.0733 2120 WudfPf - ok
09:45:44.0029 2120 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:45:44.0185 2120 WUDFRd - ok
09:45:44.0216 2120 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:45:44.0247 2120 wudfsvc - ok
09:45:44.0279 2120 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:45:44.0294 2120 WwanSvc - ok
09:45:44.0357 2120 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
09:45:44.0372 2120 xnacc - ok
09:45:44.0388 2120 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
09:45:44.0388 2120 xusb21 - ok
09:45:44.0403 2120 ================ Scan global ===============================
09:45:44.0435 2120 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:45:44.0450 2120 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
09:45:44.0450 2120 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
09:45:44.0466 2120 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:45:44.0497 2120 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:45:44.0497 2120 [Global] - ok
09:45:44.0497 2120 ================ Scan MBR ==================================
09:45:44.0513 2120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:45:44.0793 2120 \Device\Harddisk0\DR0 - ok
09:45:44.0793 2120 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
09:45:44.0887 2120 \Device\Harddisk1\DR1 - ok
09:45:44.0887 2120 ================ Scan VBR ==================================
09:45:44.0887 2120 [ 7411DA1DF69B24494DA1B25DAC50B111 ] \Device\Harddisk0\DR0\Partition1
09:45:44.0887 2120 \Device\Harddisk0\DR0\Partition1 - ok
09:45:44.0918 2120 [ 27D07C606758F97BA4683299A0BB753B ] \Device\Harddisk0\DR0\Partition2
09:45:44.0918 2120 \Device\Harddisk0\DR0\Partition2 - ok
09:45:44.0918 2120 [ E474C22BA854B4DA6756559CBC95CB09 ] \Device\Harddisk1\DR1\Partition1
09:45:44.0918 2120 \Device\Harddisk1\DR1\Partition1 - ok
09:45:44.0918 2120 ============================================================
09:45:44.0918 2120 Scan finished
09:45:44.0918 2120 ============================================================
09:45:44.0934 3412 Detected object count: 3
09:45:44.0934 3412 Actual detected object count: 3
09:46:13.0568 3412 C:\Windows\System32\Drivers\ab9f4c1f600224a.sys - copied to quarantine
09:46:13.0599 3412 HKLM\SYSTEM\ControlSet001\services\ab9f4c1f600224a - will be deleted on reboot
09:46:13.0646 3412 HKLM\SYSTEM\ControlSet002\services\ab9f4c1f600224a - will be deleted on reboot
09:46:13.0865 3412 C:\Windows\System32\Drivers\ab9f4c1f600224a.sys - will be deleted on reboot
09:46:13.0865 3412 ab9f4c1f600224a ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
09:46:13.0865 3412 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
09:46:13.0865 3412 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:46:13.0865 3412 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:46:13.0865 3412 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:46:32.0834 2712 Deinitialize success





first time i ran aswMBR, it asked me to download definitions and froze halfway during the download.
second time i ran aswMBR, it asked me to download them again, and completed the download. froze while scanning.
third time i ran aswMBR, i wasn't asked to download anything, but during the scan i received this error
Posted Image

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 10:21 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 10:32 AM

here is the log


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Frost [Admin rights]
Mode: Scan -- Date: 08/23/2012 10:31:57

Bad processes: 2
[SUSP PATH] hyperdesktop.exe -- C:\Users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe -> KILLED [TermProc]
[SUSP PATH] ribreanaxqix.exe -- C:\Users\Frost\ribreanaxqix.exe -> KILLED [TermProc]

Registry Entries: 13
[SUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : ribreanaxqix (C:\Users\Frost\ribreanaxqix.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2700069486-3204588654-4002514941-1000[...]\Run : Hyperdesktop (C:\Users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2700069486-3204588654-4002514941-1000[...]\Run : ribreanaxqix (C:\Users\Frost\ribreanaxqix.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 707c5533836c69f9c74d6f403f03f277
[BSP] 9d843703830b2ac307c7d7de49072fc2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 11:08 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 11:12 AM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Frost [Admin rights]
Mode: Remove -- Date: 08/23/2012 11:12:00

Bad processes: 0

Registry Entries: 11
[SUSP PATH] HKCU\[...]\Run : Hyperdesktop (C:\Users\Frost\AppData\Roaming\Hyperdesktop\hyperdesktop.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : ribreanaxqix (C:\Users\Frost\ribreanaxqix.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 707c5533836c69f9c74d6f403f03f277
[BSP] 9d843703830b2ac307c7d7de49072fc2 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 11:32 AM

status on the computer please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 FrostedBytes

FrostedBytes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 23 August 2012 - 11:45 AM

seems better now. ribreanaxqix.exe did not appear on start-up like it used to, but the file still exists in C:\Users\Frost. should i delete this?
Test Mode is still enabled as well. doesn't this allow for unsigned drivers?

Edited by FrostedBytes, 23 August 2012 - 11:46 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 23 August 2012 - 12:04 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users