Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect With Pop Ups


  • This topic is locked This topic is locked
9 replies to this topic

#1 Zephyr21

Zephyr21

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 27 August 2012 - 07:29 PM

I've been having problems for the last week with Google. Every time I go to click on one of my search result I get taken to a spam page. If I leave my browser up long enough Spam pop ups will flood my computer until it finally crashes. I've tried Malwarebytes to remove it to no success. When I try to run RKill it shuts down my computer every time. I'm at a complete loss as to what my next step should be. Any help at this point would be a Godsend.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zephyr Actual at 19:42:23 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2400 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\WGA Remover\wgaremover.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AUDIODG.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arccosine.com/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
uRun: [Epson Stylus NX430(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\ZEPHYR~1\AppData\Local\Temp\E_S5AE8.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [WGA Remover] "C:\Program Files (x86)\WGA Remover\wgaremover.exe" -silent
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\ZEPHYR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{C14EFDA3-B7E4-4BA6-BA5B-96ACFFCB5D75} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{FD737F05-17F3-491F-9370-8842FB7EA33D}\24279647479637860245568716E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FD737F05-17F3-491F-9370-8842FB7EA33D}\2696764616E6 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FD737F05-17F3-491F-9370-8842FB7EA33D}\742796A7A77574 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [WGA Remover] "C:\Program Files (x86)\WGA Remover\wgaremover.exe" -silent
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zephyr Actual\AppData\Roaming\Mozilla\Firefox\Profiles\e09nepnm.default\
FF - prefs.js: browser.search.selectedEngine - Arccosine
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Zephyr Actual\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Zephyr Actual\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 amdxata;amdxata;C:\Windows\system32\drivers\amdxata.sys --> C:\Windows\system32\drivers\amdxata.sys [?]
R0 CNG;CNG;C:\Windows\system32\Drivers\cng.sys --> C:\Windows\system32\Drivers\cng.sys [?]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\system32\drivers\hwpolicy.sys --> C:\Windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;C:\Windows\system32\Drivers\ksecpkg.sys --> C:\Windows\system32\Drivers\ksecpkg.sys [?]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\system32\drivers\pcw.sys --> C:\Windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;C:\Windows\system32\drivers\rdyboost.sys --> C:\Windows\system32\drivers\rdyboost.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\system32\drivers\vdrvroot.sys --> C:\Windows\system32\drivers\vdrvroot.sys [?]
R1 discache;System Attribute Cache;C:\Windows\system32\drivers\discache.sys --> C:\Windows\system32\drivers\discache.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\system32\drivers\rdprefmp.sys --> C:\Windows\system32\drivers\rdprefmp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\system32\DRIVERS\wfplwf.sys --> C:\Windows\system32\DRIVERS\wfplwf.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 Power;Power;C:\Windows\system32\svchost.exe -k DcomLaunch [2009-7-13 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\system32\svchost.exe -k RPCSS [2009-7-13 20992]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-3-4 272864]
R3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\system32\drivers\1394ohci.sys --> C:\Windows\system32\drivers\1394ohci.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\system32\drivers\CompositeBus.sys --> C:\Windows\system32\drivers\CompositeBus.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\system32\DRIVERS\AgileVpn.sys --> C:\Windows\system32\DRIVERS\AgileVpn.sys [?]
R3 skfiltv;skfiltv;C:\Windows\system32\drivers\skfiltv.sys --> C:\Windows\system32\drivers\skfiltv.sys [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\system32\drivers\acpipmi.sys --> C:\Windows\system32\drivers\acpipmi.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 250056]
S3 amdsata;amdsata;C:\Windows\system32\drivers\amdsata.sys --> C:\Windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;C:\Windows\system32\DRIVERS\amdsbs.sys --> C:\Windows\system32\DRIVERS\amdsbs.sys [?]
S3 AppID;AppID Driver;C:\Windows\system32\drivers\appid.sys --> C:\Windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Application Identity;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\system32\DRIVERS\bxvbda.sys --> C:\Windows\system32\DRIVERS\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-7-7 79360]
S3 defragsvc;Disk Defragmenter;C:\Windows\system32\svchost.exe -k defragsvc [2009-7-13 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\system32\DRIVERS\evbda.sys --> C:\Windows\system32\DRIVERS\evbda.sys [?]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\system32\drivers\FsDepends.sys --> C:\Windows\system32\drivers\FsDepends.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\system32\drivers\hcw85cir.sys --> C:\Windows\system32\drivers\hcw85cir.sys [?]
S3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 20992]
S3 HpSAMD;HpSAMD;C:\Windows\system32\drivers\HpSAMD.sys --> C:\Windows\system32\drivers\HpSAMD.sys [?]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\system32\DRIVERS\lsi_sas2.sys --> C:\Windows\system32\DRIVERS\lsi_sas2.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-26 113120]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\system32\drivers\mshidkmdf.sys --> C:\Windows\system32\drivers\mshidkmdf.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\system32\DRIVERS\MTConfig.sys --> C:\Windows\system32\DRIVERS\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\system32\DRIVERS\ndiscap.sys --> C:\Windows\system32\DRIVERS\ndiscap.sys [?]
S3 NPF;Netgroup Packet Filter;C:\Windows\system32\DRIVERS\npf.sys --> C:\Windows\system32\DRIVERS\npf.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\system32\DRIVERS\rdpbus.sys --> C:\Windows\system32\DRIVERS\rdpbus.sys [?]
S3 scfilter;Smart card PnP Class Filter Driver;C:\Windows\system32\DRIVERS\scfilter.sys --> C:\Windows\system32\DRIVERS\scfilter.sys [?]
S3 SensrSvc;Adaptive Brightness;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 20992]
S3 sppsvc;Software Protection;C:\Windows\system32\sppsvc.exe --> C:\Windows\system32\sppsvc.exe [?]
S3 sppuinotify;SPP Notification Service;C:\Windows\system32\svchost.exe -k LocalService [2009-7-13 20992]
S3 stexstor;stexstor;C:\Windows\system32\DRIVERS\stexstor.sys --> C:\Windows\system32\DRIVERS\stexstor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VaultSvc;Credential Manager;C:\Windows\system32\lsass.exe --> C:\Windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;C:\Windows\system32\drivers\vhdmp.sys --> C:\Windows\system32\drivers\vhdmp.sys [?]
S3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\system32\DRIVERS\vwifibus.sys --> C:\Windows\system32\DRIVERS\vwifibus.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\system32\svchost.exe -k WbioSvcGroup [2009-7-13 20992]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-13 19008]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 20992]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-5 655944]
.
=============== Created Last 30 ================
.
2012-08-26 17:26:21 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-13 22:23:56 -------- d-----w- C:\Program Files\CCleaner
2012-08-13 22:23:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-08-11 21:31:23 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-09 00:50:19 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
2012-08-05 23:23:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-03 02:20:57 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-02 17:19:19 116016 ----a-w- C:\Windows\System32\drivers\48531658.sys
2012-07-29 03:02:46 -------- d-----w- C:\Program Files\iPod
2012-07-29 03:02:46 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-29 03:02:45 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2012-08-14 23:19:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 23:19:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-08 01:07:50 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-08 01:07:50 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-08 01:07:50 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-08 01:07:50 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-02 01:32:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-02 01:32:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:43:03.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 28 August 2012 - 08:28 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Zephyr21

Zephyr21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 August 2012 - 07:34 PM

I was able to get the Security Check log complete which is below:

Results of screen317's Security Check version 0.99.49
Windows Vista x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java 7 Update 6
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


But when trying to run Combo fix it would run a screen extracting files to a folder then shut off and nothing would happen. I took a screenshot of what it was doing hoping it might help. I followed the directions to the letter on shutting off all other programs and windows before running it but still nothing.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 29 August 2012 - 08:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Zephyr21

Zephyr21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 August 2012 - 08:46 PM

Managed to complete both these steps with no issues.

TDSS Log

21:22:46.0016 2988 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:22:46.0500 2988 ============================================================
21:22:46.0500 2988 Current date / time: 2012/08/29 21:22:46.0500
21:22:46.0500 2988 SystemInfo:
21:22:46.0500 2988
21:22:46.0500 2988 OS Version: 6.1.7601 ServicePack: 1.0
21:22:46.0500 2988 Product type: Workstation
21:22:46.0500 2988 ComputerName: XFINITY-ADMIN
21:22:46.0500 2988 UserName: Zephyr Actual
21:22:46.0500 2988 Windows directory: C:\Windows
21:22:46.0500 2988 System windows directory: C:\Windows
21:22:46.0500 2988 Running under WOW64
21:22:46.0500 2988 Processor architecture: Intel x64
21:22:46.0500 2988 Number of processors: 4
21:22:46.0500 2988 Page size: 0x1000
21:22:46.0500 2988 Boot type: Normal boot
21:22:46.0500 2988 ============================================================
21:22:47.0514 2988 BG loaded
21:22:48.0902 2988 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:48.0918 2988 ============================================================
21:22:48.0918 2988 \Device\Harddisk0\DR0:
21:22:48.0918 2988 MBR partitions:
21:22:48.0918 2988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
21:22:48.0918 2988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
21:22:48.0918 2988 ============================================================
21:22:49.0011 2988 C: <-> \Device\Harddisk0\DR0\Partition2
21:22:49.0588 2988 D: <-> \Device\Harddisk0\DR0\Partition1
21:22:49.0588 2988 ============================================================
21:22:49.0588 2988 Initialize success
21:22:49.0588 2988 ============================================================
21:22:59.0885 3980 ============================================================
21:22:59.0885 3980 Scan started
21:22:59.0885 3980 Mode: Manual;
21:22:59.0885 3980 ============================================================
21:23:02.0350 3980 ================ Scan system memory ========================
21:23:02.0350 3980 System memory - ok
21:23:02.0350 3980 ================ Scan services =============================
21:23:02.0631 3980 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:23:02.0631 3980 1394ohci - ok
21:23:02.0677 3980 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:23:02.0677 3980 ACPI - ok
21:23:02.0709 3980 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:23:02.0709 3980 AcpiPmi - ok
21:23:02.0989 3980 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:23:02.0989 3980 AdobeARMservice - ok
21:23:03.0114 3980 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:23:03.0114 3980 AdobeFlashPlayerUpdateSvc - ok
21:23:03.0161 3980 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:23:03.0177 3980 adp94xx - ok
21:23:03.0208 3980 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:23:03.0208 3980 adpahci - ok
21:23:03.0239 3980 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:23:03.0239 3980 adpu320 - ok
21:23:03.0301 3980 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:23:03.0301 3980 AeLookupSvc - ok
21:23:03.0348 3980 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:23:03.0348 3980 AFD - ok
21:23:03.0395 3980 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:23:03.0395 3980 agp440 - ok
21:23:03.0426 3980 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:23:03.0426 3980 ALG - ok
21:23:03.0473 3980 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:23:03.0473 3980 aliide - ok
21:23:03.0504 3980 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:23:03.0504 3980 AMD External Events Utility - ok
21:23:03.0520 3980 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:23:03.0520 3980 amdide - ok
21:23:03.0535 3980 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:23:03.0551 3980 AmdK8 - ok
21:23:03.0707 3980 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:23:03.0769 3980 amdkmdag - ok
21:23:03.0801 3980 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:23:03.0801 3980 amdkmdap - ok
21:23:03.0816 3980 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:23:03.0816 3980 AmdPPM - ok
21:23:03.0863 3980 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:23:03.0863 3980 amdsata - ok
21:23:03.0879 3980 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:23:03.0894 3980 amdsbs - ok
21:23:03.0910 3980 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:23:03.0910 3980 amdxata - ok
21:23:03.0941 3980 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:23:03.0941 3980 AppID - ok
21:23:03.0972 3980 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:23:03.0988 3980 AppIDSvc - ok
21:23:04.0035 3980 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:23:04.0035 3980 Appinfo - ok
21:23:04.0144 3980 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:23:04.0144 3980 Apple Mobile Device - ok
21:23:04.0175 3980 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:23:04.0175 3980 arc - ok
21:23:04.0237 3980 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:23:04.0237 3980 arcsas - ok
21:23:04.0300 3980 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:23:04.0300 3980 AsyncMac - ok
21:23:04.0347 3980 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:23:04.0347 3980 atapi - ok
21:23:04.0425 3980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:23:04.0425 3980 AudioEndpointBuilder - ok
21:23:04.0471 3980 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:23:04.0471 3980 AudioSrv - ok
21:23:04.0581 3980 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:23:04.0581 3980 AxInstSV - ok
21:23:04.0659 3980 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:23:04.0674 3980 b06bdrv - ok
21:23:04.0783 3980 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:23:04.0799 3980 b57nd60a - ok
21:23:04.0908 3980 [ 23D68A29D1E12E593E99A7CF8F5F1B95 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
21:23:04.0939 3980 BCMH43XX - ok
21:23:04.0986 3980 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:23:04.0986 3980 BDESVC - ok
21:23:05.0002 3980 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:23:05.0002 3980 Beep - ok
21:23:05.0095 3980 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:23:05.0095 3980 BFE - ok
21:23:05.0127 3980 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:23:05.0127 3980 blbdrive - ok
21:23:05.0283 3980 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:23:05.0298 3980 Bonjour Service - ok
21:23:05.0329 3980 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:23:05.0329 3980 bowser - ok
21:23:05.0392 3980 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:23:05.0392 3980 BrFiltLo - ok
21:23:05.0392 3980 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:23:05.0392 3980 BrFiltUp - ok
21:23:05.0439 3980 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:23:05.0439 3980 BridgeMP - ok
21:23:05.0548 3980 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
21:23:05.0548 3980 Browser - ok
21:23:05.0579 3980 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:23:05.0579 3980 Brserid - ok
21:23:05.0610 3980 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:23:05.0610 3980 BrSerWdm - ok
21:23:05.0626 3980 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:23:05.0626 3980 BrUsbMdm - ok
21:23:05.0641 3980 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:23:05.0641 3980 BrUsbSer - ok
21:23:05.0657 3980 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:23:05.0657 3980 BTHMODEM - ok
21:23:05.0719 3980 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:23:05.0719 3980 bthserv - ok
21:23:05.0782 3980 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:23:05.0797 3980 cdfs - ok
21:23:05.0875 3980 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:23:05.0891 3980 cdrom - ok
21:23:05.0938 3980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:23:05.0938 3980 CertPropSvc - ok
21:23:05.0953 3980 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:23:05.0953 3980 circlass - ok
21:23:06.0000 3980 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:23:06.0000 3980 CLFS - ok
21:23:06.0094 3980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:06.0094 3980 clr_optimization_v2.0.50727_32 - ok
21:23:06.0187 3980 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:23:06.0187 3980 clr_optimization_v2.0.50727_64 - ok
21:23:06.0265 3980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:23:06.0297 3980 clr_optimization_v4.0.30319_32 - ok
21:23:06.0343 3980 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:23:06.0375 3980 clr_optimization_v4.0.30319_64 - ok
21:23:06.0406 3980 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:23:06.0406 3980 CmBatt - ok
21:23:06.0453 3980 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:23:06.0453 3980 cmdide - ok
21:23:06.0484 3980 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:23:06.0484 3980 CNG - ok
21:23:06.0593 3980 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:23:06.0593 3980 Compbatt - ok
21:23:06.0624 3980 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:23:06.0624 3980 CompositeBus - ok
21:23:06.0640 3980 COMSysApp - ok
21:23:06.0671 3980 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:23:06.0671 3980 crcdisk - ok
21:23:06.0718 3980 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:23:06.0718 3980 Creative Audio Engine Licensing Service - ok
21:23:06.0765 3980 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:23:06.0765 3980 CryptSvc - ok
21:23:06.0827 3980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:23:06.0827 3980 DcomLaunch - ok
21:23:06.0874 3980 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:23:06.0874 3980 defragsvc - ok
21:23:06.0936 3980 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:23:06.0936 3980 DfsC - ok
21:23:06.0983 3980 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:23:06.0999 3980 Dhcp - ok
21:23:06.0999 3980 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:23:06.0999 3980 discache - ok
21:23:07.0045 3980 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:23:07.0061 3980 Disk - ok
21:23:07.0092 3980 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:23:07.0092 3980 Dnscache - ok
21:23:07.0123 3980 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:23:07.0123 3980 dot3svc - ok
21:23:07.0170 3980 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:23:07.0170 3980 DPS - ok
21:23:07.0201 3980 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:23:07.0201 3980 drmkaud - ok
21:23:07.0264 3980 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:23:07.0264 3980 dtsoftbus01 - ok
21:23:07.0311 3980 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:23:07.0326 3980 DXGKrnl - ok
21:23:07.0373 3980 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
21:23:07.0373 3980 e1express - ok
21:23:07.0404 3980 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:23:07.0404 3980 EapHost - ok
21:23:07.0482 3980 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:23:07.0576 3980 ebdrv - ok
21:23:07.0623 3980 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:23:07.0638 3980 EFS - ok
21:23:07.0701 3980 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:23:07.0701 3980 ehRecvr - ok
21:23:07.0732 3980 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:23:07.0732 3980 ehSched - ok
21:23:07.0779 3980 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:23:07.0794 3980 elxstor - ok
21:23:07.0872 3980 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
21:23:07.0872 3980 EpsonBidirectionalService - ok
21:23:07.0935 3980 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
21:23:07.0935 3980 EpsonCustomerParticipation - ok
21:23:07.0966 3980 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:23:07.0966 3980 ErrDev - ok
21:23:07.0997 3980 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:23:07.0997 3980 EventSystem - ok
21:23:08.0028 3980 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:23:08.0028 3980 exfat - ok
21:23:08.0044 3980 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:23:08.0044 3980 fastfat - ok
21:23:08.0091 3980 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:23:08.0091 3980 Fax - ok
21:23:08.0122 3980 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:23:08.0122 3980 fdc - ok
21:23:08.0137 3980 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:23:08.0137 3980 fdPHost - ok
21:23:08.0153 3980 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:23:08.0153 3980 FDResPub - ok
21:23:08.0169 3980 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:23:08.0169 3980 FileInfo - ok
21:23:08.0169 3980 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:23:08.0169 3980 Filetrace - ok
21:23:08.0200 3980 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:23:08.0200 3980 flpydisk - ok
21:23:08.0231 3980 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:23:08.0231 3980 FltMgr - ok
21:23:08.0293 3980 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:23:08.0293 3980 FontCache - ok
21:23:08.0371 3980 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:23:08.0371 3980 FontCache3.0.0.0 - ok
21:23:08.0403 3980 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:23:08.0403 3980 FsDepends - ok
21:23:08.0434 3980 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:23:08.0434 3980 Fs_Rec - ok
21:23:08.0465 3980 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:23:08.0465 3980 fvevol - ok
21:23:08.0496 3980 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:23:08.0496 3980 gagp30kx - ok
21:23:08.0543 3980 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:23:08.0543 3980 GEARAspiWDM - ok
21:23:08.0621 3980 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:23:08.0621 3980 gpsvc - ok
21:23:08.0668 3980 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:23:08.0668 3980 hamachi - ok
21:23:08.0761 3980 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:23:08.0761 3980 Hamachi2Svc - ok
21:23:08.0808 3980 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:23:08.0808 3980 hcw85cir - ok
21:23:08.0855 3980 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:23:08.0855 3980 HdAudAddService - ok
21:23:08.0917 3980 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:23:08.0917 3980 HDAudBus - ok
21:23:08.0933 3980 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:23:08.0933 3980 HidBatt - ok
21:23:08.0949 3980 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:23:08.0949 3980 HidBth - ok
21:23:08.0980 3980 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:23:08.0980 3980 HidIr - ok
21:23:09.0027 3980 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:23:09.0027 3980 hidserv - ok
21:23:09.0042 3980 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:23:09.0042 3980 HidUsb - ok
21:23:09.0089 3980 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:23:09.0089 3980 hkmsvc - ok
21:23:09.0136 3980 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:23:09.0136 3980 HomeGroupListener - ok
21:23:09.0167 3980 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:23:09.0167 3980 HomeGroupProvider - ok
21:23:09.0198 3980 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:23:09.0198 3980 HpSAMD - ok
21:23:09.0261 3980 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:23:09.0261 3980 HTTP - ok
21:23:09.0307 3980 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:23:09.0307 3980 hwpolicy - ok
21:23:09.0323 3980 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:23:09.0323 3980 i8042prt - ok
21:23:09.0354 3980 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:23:09.0354 3980 iaStorV - ok
21:23:09.0401 3980 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:23:09.0417 3980 idsvc - ok
21:23:09.0463 3980 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:23:09.0463 3980 iirsp - ok
21:23:09.0495 3980 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:23:09.0510 3980 IKEEXT - ok
21:23:09.0526 3980 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:23:09.0526 3980 intelide - ok
21:23:09.0557 3980 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:23:09.0557 3980 intelppm - ok
21:23:09.0588 3980 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:23:09.0588 3980 IPBusEnum - ok
21:23:09.0619 3980 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:23:09.0635 3980 IpFilterDriver - ok
21:23:09.0682 3980 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:23:09.0697 3980 iphlpsvc - ok
21:23:09.0713 3980 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:23:09.0713 3980 IPMIDRV - ok
21:23:09.0729 3980 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:23:09.0729 3980 IPNAT - ok
21:23:09.0775 3980 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:23:09.0791 3980 iPod Service - ok
21:23:09.0807 3980 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:23:09.0807 3980 IRENUM - ok
21:23:09.0853 3980 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:23:09.0853 3980 isapnp - ok
21:23:09.0931 3980 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:23:09.0931 3980 iScsiPrt - ok
21:23:09.0947 3980 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:23:09.0947 3980 kbdclass - ok
21:23:09.0994 3980 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:23:09.0994 3980 kbdhid - ok
21:23:10.0041 3980 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:23:10.0041 3980 KeyIso - ok
21:23:10.0087 3980 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:23:10.0087 3980 KSecDD - ok
21:23:10.0134 3980 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:23:10.0134 3980 KSecPkg - ok
21:23:10.0150 3980 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:23:10.0150 3980 ksthunk - ok
21:23:10.0197 3980 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:23:10.0197 3980 KtmRm - ok
21:23:10.0259 3980 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:23:10.0259 3980 LanmanServer - ok
21:23:10.0306 3980 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:23:10.0306 3980 LanmanWorkstation - ok
21:23:10.0337 3980 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:23:10.0337 3980 lltdio - ok
21:23:10.0384 3980 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:23:10.0384 3980 lltdsvc - ok
21:23:10.0431 3980 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:23:10.0431 3980 lmhosts - ok
21:23:10.0462 3980 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:23:10.0462 3980 LSI_FC - ok
21:23:10.0462 3980 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:23:10.0477 3980 LSI_SAS - ok
21:23:10.0493 3980 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:23:10.0493 3980 LSI_SAS2 - ok
21:23:10.0509 3980 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:23:10.0509 3980 LSI_SCSI - ok
21:23:10.0524 3980 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:23:10.0524 3980 luafv - ok
21:23:10.0540 3980 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
21:23:10.0555 3980 lvpepf64 - ok
21:23:10.0587 3980 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:23:10.0602 3980 LVRS64 - ok
21:23:10.0649 3980 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:23:10.0649 3980 LVUSBS64 - ok
21:23:10.0665 3980 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:23:10.0665 3980 MBAMProtector - ok
21:23:10.0711 3980 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:23:10.0727 3980 MBAMService - ok
21:23:10.0774 3980 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:23:10.0774 3980 Mcx2Svc - ok
21:23:10.0789 3980 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:23:10.0789 3980 megasas - ok
21:23:10.0821 3980 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:23:10.0821 3980 MegaSR - ok
21:23:10.0867 3980 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:23:10.0867 3980 MMCSS - ok
21:23:10.0867 3980 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:23:10.0867 3980 Modem - ok
21:23:10.0914 3980 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:23:10.0914 3980 monitor - ok
21:23:10.0961 3980 [ EB03D4164E7F10B601D280413655ADE4 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
21:23:10.0961 3980 MotioninJoyXFilter - ok
21:23:11.0008 3980 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:23:11.0008 3980 mouclass - ok
21:23:11.0023 3980 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:23:11.0023 3980 mouhid - ok
21:23:11.0070 3980 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:23:11.0070 3980 mountmgr - ok
21:23:11.0117 3980 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:23:11.0117 3980 MozillaMaintenance - ok
21:23:11.0148 3980 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:23:11.0148 3980 mpio - ok
21:23:11.0164 3980 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:23:11.0164 3980 mpsdrv - ok
21:23:11.0211 3980 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:23:11.0211 3980 MRxDAV - ok
21:23:11.0242 3980 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:23:11.0242 3980 mrxsmb - ok
21:23:11.0257 3980 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:23:11.0257 3980 mrxsmb10 - ok
21:23:11.0273 3980 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:23:11.0273 3980 mrxsmb20 - ok
21:23:11.0320 3980 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:23:11.0320 3980 msahci - ok
21:23:11.0351 3980 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:23:11.0351 3980 msdsm - ok
21:23:11.0367 3980 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:23:11.0367 3980 MSDTC - ok
21:23:11.0382 3980 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:23:11.0382 3980 Msfs - ok
21:23:11.0413 3980 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:23:11.0413 3980 mshidkmdf - ok
21:23:11.0445 3980 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:23:11.0445 3980 msisadrv - ok
21:23:11.0491 3980 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:23:11.0491 3980 MSiSCSI - ok
21:23:11.0491 3980 msiserver - ok
21:23:11.0523 3980 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:23:11.0523 3980 MSKSSRV - ok
21:23:11.0538 3980 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:23:11.0538 3980 MSPCLOCK - ok
21:23:11.0554 3980 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:23:11.0554 3980 MSPQM - ok
21:23:11.0585 3980 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:23:11.0601 3980 MsRPC - ok
21:23:11.0616 3980 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:23:11.0616 3980 mssmbios - ok
21:23:11.0616 3980 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:23:11.0616 3980 MSTEE - ok
21:23:11.0632 3980 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:23:11.0632 3980 MTConfig - ok
21:23:11.0663 3980 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:23:11.0663 3980 Mup - ok
21:23:11.0694 3980 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:23:11.0710 3980 napagent - ok
21:23:11.0757 3980 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:23:11.0757 3980 NativeWifiP - ok
21:23:11.0788 3980 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:23:11.0788 3980 NDIS - ok
21:23:11.0819 3980 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:23:11.0819 3980 NdisCap - ok
21:23:11.0835 3980 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:23:11.0835 3980 NdisTapi - ok
21:23:11.0866 3980 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:23:11.0866 3980 Ndisuio - ok
21:23:11.0897 3980 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:23:11.0897 3980 NdisWan - ok
21:23:11.0944 3980 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:23:11.0944 3980 NDProxy - ok
21:23:11.0944 3980 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:23:11.0944 3980 NetBIOS - ok
21:23:11.0991 3980 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:23:11.0991 3980 NetBT - ok
21:23:11.0991 3980 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:23:11.0991 3980 Netlogon - ok
21:23:12.0037 3980 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:23:12.0037 3980 Netman - ok
21:23:12.0069 3980 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:23:12.0069 3980 netprofm - ok
21:23:12.0115 3980 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:23:12.0115 3980 NetTcpPortSharing - ok
21:23:12.0147 3980 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:23:12.0147 3980 nfrd960 - ok
21:23:12.0193 3980 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:23:12.0193 3980 NlaSvc - ok
21:23:12.0225 3980 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
21:23:12.0225 3980 NPF - ok
21:23:12.0256 3980 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:23:12.0256 3980 Npfs - ok
21:23:12.0287 3980 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:23:12.0287 3980 nsi - ok
21:23:12.0318 3980 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:23:12.0318 3980 nsiproxy - ok
21:23:12.0365 3980 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:23:12.0412 3980 Ntfs - ok
21:23:12.0412 3980 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:23:12.0412 3980 Null - ok
21:23:12.0474 3980 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:23:12.0474 3980 nvraid - ok
21:23:12.0505 3980 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:23:12.0505 3980 nvstor - ok
21:23:12.0537 3980 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:23:12.0537 3980 nv_agp - ok
21:23:12.0568 3980 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:23:12.0583 3980 ohci1394 - ok
21:23:12.0646 3980 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:12.0646 3980 ose64 - ok
21:23:12.0786 3980 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:12.0880 3980 osppsvc - ok
21:23:12.0927 3980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:23:12.0942 3980 p2pimsvc - ok
21:23:12.0973 3980 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:23:12.0973 3980 p2psvc - ok
21:23:13.0036 3980 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:23:13.0036 3980 Parport - ok
21:23:13.0067 3980 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:23:13.0067 3980 partmgr - ok
21:23:13.0098 3980 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:23:13.0098 3980 PcaSvc - ok
21:23:13.0161 3980 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:23:13.0176 3980 pci - ok
21:23:13.0207 3980 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:23:13.0207 3980 pciide - ok
21:23:13.0254 3980 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:23:13.0254 3980 pcmcia - ok
21:23:13.0285 3980 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:23:13.0285 3980 pcw - ok
21:23:13.0301 3980 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:23:13.0301 3980 PEAUTH - ok
21:23:13.0410 3980 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:23:13.0410 3980 PerfHost - ok
21:23:13.0488 3980 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
21:23:13.0504 3980 PID_PEPI - ok
21:23:13.0566 3980 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:23:13.0582 3980 pla - ok
21:23:13.0629 3980 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:23:13.0644 3980 PlugPlay - ok
21:23:13.0644 3980 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:23:13.0644 3980 PNRPAutoReg - ok
21:23:13.0660 3980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:23:13.0675 3980 PNRPsvc - ok
21:23:13.0691 3980 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:23:13.0707 3980 PolicyAgent - ok
21:23:13.0738 3980 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:23:13.0738 3980 Power - ok
21:23:13.0785 3980 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:23:13.0785 3980 PptpMiniport - ok
21:23:13.0816 3980 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:23:13.0816 3980 Processor - ok
21:23:13.0863 3980 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:23:13.0863 3980 ProfSvc - ok
21:23:13.0878 3980 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:23:13.0878 3980 ProtectedStorage - ok
21:23:13.0925 3980 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:23:13.0925 3980 Psched - ok
21:23:13.0987 3980 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:23:14.0019 3980 ql2300 - ok
21:23:14.0065 3980 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:23:14.0065 3980 ql40xx - ok
21:23:14.0112 3980 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:23:14.0112 3980 QWAVE - ok
21:23:14.0143 3980 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:23:14.0143 3980 QWAVEdrv - ok
21:23:14.0159 3980 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:23:14.0159 3980 RasAcd - ok
21:23:14.0206 3980 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:23:14.0206 3980 RasAgileVpn - ok
21:23:14.0221 3980 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:23:14.0221 3980 RasAuto - ok
21:23:14.0253 3980 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:23:14.0253 3980 Rasl2tp - ok
21:23:14.0299 3980 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:23:14.0299 3980 RasMan - ok
21:23:14.0315 3980 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:23:14.0315 3980 RasPppoe - ok
21:23:14.0331 3980 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:23:14.0331 3980 RasSstp - ok
21:23:14.0377 3980 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:23:14.0377 3980 rdbss - ok
21:23:14.0393 3980 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:23:14.0393 3980 rdpbus - ok
21:23:14.0409 3980 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:23:14.0409 3980 RDPCDD - ok
21:23:14.0440 3980 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:23:14.0440 3980 RDPENCDD - ok
21:23:14.0455 3980 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:23:14.0455 3980 RDPREFMP - ok
21:23:14.0487 3980 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:23:14.0487 3980 RDPWD - ok
21:23:14.0533 3980 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:23:14.0533 3980 rdyboost - ok
21:23:14.0580 3980 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:23:14.0580 3980 RemoteAccess - ok
21:23:14.0627 3980 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:23:14.0627 3980 RemoteRegistry - ok
21:23:14.0643 3980 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:23:14.0643 3980 RpcEptMapper - ok
21:23:14.0721 3980 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:23:14.0721 3980 RpcLocator - ok
21:23:14.0783 3980 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:23:14.0783 3980 RpcSs - ok
21:23:14.0814 3980 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:23:14.0814 3980 rspndr - ok
21:23:14.0892 3980 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:23:14.0892 3980 SamSs - ok
21:23:14.0955 3980 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:23:14.0955 3980 sbp2port - ok
21:23:15.0017 3980 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:23:15.0017 3980 SCardSvr - ok
21:23:15.0064 3980 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:23:15.0064 3980 scfilter - ok
21:23:15.0157 3980 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:23:15.0220 3980 Schedule - ok
21:23:15.0376 3980 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
21:23:15.0376 3980 SCMNdisP - ok
21:23:15.0454 3980 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:23:15.0454 3980 SCPolicySvc - ok
21:23:15.0469 3980 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:23:15.0469 3980 SDRSVC - ok
21:23:15.0516 3980 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:23:15.0516 3980 secdrv - ok
21:23:15.0547 3980 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:23:15.0563 3980 seclogon - ok
21:23:15.0594 3980 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:23:15.0610 3980 SENS - ok
21:23:15.0641 3980 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:23:15.0641 3980 SensrSvc - ok
21:23:15.0657 3980 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:23:15.0657 3980 Serenum - ok
21:23:15.0688 3980 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:23:15.0688 3980 Serial - ok
21:23:15.0719 3980 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:23:15.0719 3980 sermouse - ok
21:23:15.0766 3980 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:23:15.0766 3980 SessionEnv - ok
21:23:15.0797 3980 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:23:15.0797 3980 sffdisk - ok
21:23:15.0797 3980 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:23:15.0813 3980 sffp_mmc - ok
21:23:15.0828 3980 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:23:15.0828 3980 sffp_sd - ok
21:23:15.0828 3980 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:23:15.0828 3980 sfloppy - ok
21:23:15.0875 3980 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:23:15.0875 3980 ShellHWDetection - ok
21:23:15.0906 3980 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:23:15.0906 3980 SiSRaid2 - ok
21:23:15.0937 3980 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:23:15.0937 3980 SiSRaid4 - ok
21:23:15.0969 3980 [ 01ACB9228C303DE1FFF82B807D28B2B0 ] skfiltv C:\Windows\system32\drivers\skfiltv.sys
21:23:15.0969 3980 skfiltv - ok
21:23:16.0031 3980 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:23:16.0031 3980 SkypeUpdate - ok
21:23:16.0062 3980 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:23:16.0062 3980 Smb - ok
21:23:16.0109 3980 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:23:16.0140 3980 SNMPTRAP - ok
21:23:16.0171 3980 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:23:16.0171 3980 spldr - ok
21:23:16.0218 3980 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:23:16.0218 3980 Spooler - ok
21:23:16.0343 3980 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:23:16.0359 3980 sppsvc - ok
21:23:16.0452 3980 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:23:16.0452 3980 sppuinotify - ok
21:23:16.0468 3980 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:23:16.0483 3980 srv - ok
21:23:16.0515 3980 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:23:16.0515 3980 srv2 - ok
21:23:16.0546 3980 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:23:16.0546 3980 srvnet - ok
21:23:16.0561 3980 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:23:16.0577 3980 SSDPSRV - ok
21:23:16.0577 3980 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:23:16.0577 3980 SstpSvc - ok
21:23:16.0655 3980 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:23:16.0655 3980 stexstor - ok
21:23:16.0795 3980 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:23:16.0811 3980 stisvc - ok
21:23:16.0873 3980 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:23:16.0873 3980 swenum - ok
21:23:16.0936 3980 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:23:16.0951 3980 swprv - ok
21:23:17.0045 3980 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:23:17.0076 3980 SysMain - ok
21:23:17.0129 3980 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:23:17.0129 3980 TabletInputService - ok
21:23:17.0209 3980 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:23:17.0209 3980 TapiSrv - ok
21:23:17.0249 3980 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:23:17.0249 3980 TBS - ok
21:23:17.0309 3980 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:23:17.0359 3980 Tcpip - ok
21:23:17.0379 3980 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:23:17.0389 3980 TCPIP6 - ok
21:23:17.0449 3980 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:23:17.0449 3980 tcpipreg - ok
21:23:17.0512 3980 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:23:17.0512 3980 TDPIPE - ok
21:23:17.0559 3980 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:23:17.0559 3980 TDTCP - ok
21:23:17.0621 3980 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:23:17.0621 3980 tdx - ok
21:23:17.0699 3980 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:23:17.0715 3980 TermDD - ok
21:23:17.0761 3980 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:23:17.0777 3980 TermService - ok
21:23:17.0824 3980 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:23:17.0824 3980 Themes - ok
21:23:17.0855 3980 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:23:17.0855 3980 THREADORDER - ok
21:23:17.0871 3980 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:23:17.0871 3980 TrkWks - ok
21:23:18.0136 3980 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:23:18.0136 3980 TrustedInstaller - ok
21:23:18.0307 3980 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:23:18.0307 3980 tssecsrv - ok
21:23:18.0417 3980 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:23:18.0417 3980 TsUsbFlt - ok
21:23:18.0526 3980 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:23:18.0526 3980 tunnel - ok
21:23:18.0588 3980 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:23:18.0588 3980 uagp35 - ok
21:23:18.0651 3980 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:23:18.0666 3980 udfs - ok
21:23:18.0713 3980 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:23:18.0713 3980 UI0Detect - ok
21:23:18.0775 3980 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:23:18.0791 3980 uliagpkx - ok
21:23:18.0838 3980 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:23:18.0838 3980 umbus - ok
21:23:18.0853 3980 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:23:18.0853 3980 UmPass - ok
21:23:18.0869 3980 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:23:18.0869 3980 upnphost - ok
21:23:18.0916 3980 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:23:18.0916 3980 USBAAPL64 - ok
21:23:18.0978 3980 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:23:18.0978 3980 usbaudio - ok
21:23:19.0009 3980 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:23:19.0009 3980 usbccgp - ok
21:23:19.0103 3980 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:23:19.0103 3980 usbcir - ok
21:23:19.0119 3980 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:23:19.0119 3980 usbehci - ok
21:23:19.0165 3980 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:23:19.0165 3980 usbhub - ok
21:23:19.0212 3980 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:23:19.0228 3980 usbohci - ok
21:23:19.0243 3980 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:23:19.0243 3980 usbprint - ok
21:23:19.0259 3980 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:23:19.0259 3980 usbscan - ok
21:23:19.0275 3980 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:23:19.0275 3980 USBSTOR - ok
21:23:19.0321 3980 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:23:19.0321 3980 usbuhci - ok
21:23:19.0368 3980 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:23:19.0368 3980 UxSms - ok
21:23:19.0415 3980 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:23:19.0415 3980 VaultSvc - ok
21:23:19.0462 3980 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:23:19.0462 3980 vdrvroot - ok
21:23:19.0524 3980 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:23:19.0524 3980 vds - ok
21:23:19.0555 3980 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:23:19.0571 3980 vga - ok
21:23:19.0602 3980 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:23:19.0602 3980 VgaSave - ok
21:23:19.0649 3980 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:23:19.0774 3980 vhdmp - ok
21:23:19.0805 3980 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:23:19.0805 3980 viaide - ok
21:23:19.0836 3980 vmci - ok
21:23:19.0836 3980 VMnetAdapter - ok
21:23:19.0899 3980 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:23:19.0899 3980 volmgr - ok
21:23:19.0945 3980 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:23:19.0945 3980 volmgrx - ok
21:23:19.0961 3980 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:23:19.0961 3980 volsnap - ok
21:23:19.0992 3980 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:23:19.0992 3980 vsmraid - ok
21:23:20.0055 3980 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:23:20.0065 3980 VSS - ok
21:23:20.0125 3980 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
21:23:20.0125 3980 VST64HWBS2 - ok
21:23:20.0175 3980 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:23:20.0175 3980 VST64_DPV - ok
21:23:20.0205 3980 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:23:20.0205 3980 vwifibus - ok
21:23:20.0265 3980 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:23:20.0265 3980 vwififlt - ok
21:23:20.0301 3980 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:23:20.0317 3980 W32Time - ok
21:23:20.0348 3980 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:23:20.0363 3980 WacomPen - ok
21:23:20.0426 3980 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:23:20.0426 3980 WANARP - ok
21:23:20.0426 3980 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:23:20.0426 3980 Wanarpv6 - ok
21:23:20.0519 3980 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:23:20.0535 3980 WatAdminSvc - ok
21:23:20.0613 3980 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:23:20.0629 3980 wbengine - ok
21:23:20.0644 3980 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:23:20.0660 3980 WbioSrvc - ok
21:23:20.0753 3980 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:23:20.0753 3980 wcncsvc - ok
21:23:20.0831 3980 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:23:20.0831 3980 WcsPlugInService - ok
21:23:20.0909 3980 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:23:20.0909 3980 Wd - ok
21:23:20.0972 3980 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:23:20.0987 3980 Wdf01000 - ok
21:23:21.0034 3980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:23:21.0034 3980 WdiServiceHost - ok
21:23:21.0034 3980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:23:21.0034 3980 WdiSystemHost - ok
21:23:21.0097 3980 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:23:21.0097 3980 WebClient - ok
21:23:21.0112 3980 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:23:21.0128 3980 Wecsvc - ok
21:23:21.0128 3980 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:23:21.0128 3980 wercplsupport - ok
21:23:21.0159 3980 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:23:21.0159 3980 WerSvc - ok
21:23:21.0175 3980 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:23:21.0175 3980 WfpLwf - ok
21:23:21.0190 3980 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:23:21.0190 3980 WIMMount - ok
21:23:21.0237 3980 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:23:21.0237 3980 winachsf - ok
21:23:21.0284 3980 WinDefend - ok
21:23:21.0284 3980 WinHttpAutoProxySvc - ok
21:23:21.0377 3980 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:23:21.0377 3980 Winmgmt - ok
21:23:21.0516 3980 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:23:21.0526 3980 WinRM - ok
21:23:21.0586 3980 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:23:21.0586 3980 WinUsb - ok
21:23:21.0646 3980 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:23:21.0692 3980 Wlansvc - ok
21:23:21.0926 3980 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:23:21.0941 3980 wlidsvc - ok
21:23:22.0004 3980 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:23:22.0004 3980 WmiAcpi - ok
21:23:22.0113 3980 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:23:22.0113 3980 wmiApSrv - ok
21:23:22.0300 3980 WMPNetworkSvc - ok
21:23:22.0628 3980 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:23:22.0628 3980 WPCSvc - ok
21:23:22.0706 3980 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:23:22.0706 3980 WPDBusEnum - ok
21:23:22.0768 3980 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:23:22.0768 3980 ws2ifsl - ok
21:23:22.0893 3980 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:23:22.0909 3980 wscsvc - ok
21:23:22.0909 3980 WSearch - ok
21:23:23.0127 3980 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
21:23:23.0127 3980 WSWNDA3100 - ok
21:23:23.0314 3980 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:23:23.0330 3980 wuauserv - ok
21:23:23.0517 3980 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:23:23.0533 3980 WudfPf - ok
21:23:23.0548 3980 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:23:23.0548 3980 WUDFRd - ok
21:23:23.0595 3980 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:23:23.0595 3980 wudfsvc - ok
21:23:23.0673 3980 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:23:23.0673 3980 WwanSvc - ok
21:23:23.0751 3980 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:23:23.0751 3980 xusb21 - ok
21:23:23.0767 3980 ================ Scan global ===============================
21:23:23.0845 3980 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:23:23.0860 3980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:23:23.0860 3980 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:23:23.0907 3980 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:23:23.0938 3980 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:23:23.0938 3980 [Global] - ok
21:23:23.0938 3980 ================ Scan MBR ==================================
21:23:23.0954 3980 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:23:24.0281 3980 \Device\Harddisk0\DR0 - ok
21:23:24.0281 3980 ================ Scan VBR ==================================
21:23:24.0313 3980 [ 05BCE1A5546160EAEDBA9EA05D485FBD ] \Device\Harddisk0\DR0\Partition1
21:23:24.0313 3980 \Device\Harddisk0\DR0\Partition1 - ok
21:23:24.0313 3980 [ 9F09CB97AB15EEE5A872E5EE91FE1B03 ] \Device\Harddisk0\DR0\Partition2
21:23:24.0313 3980 \Device\Harddisk0\DR0\Partition2 - ok
21:23:24.0313 3980 ============================================================
21:23:24.0313 3980 Scan finished
21:23:24.0313 3980 ============================================================
21:23:24.0328 3752 Detected object count: 0
21:23:24.0328 3752 Actual detected object count: 0
21:23:54.0780 2980 Deinitialize success


MBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 21:24:00
-----------------------------
21:24:00.255 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:00.255 Number of processors: 4 586 0xF0B
21:24:00.255 ComputerName: XFINITY-ADMIN UserName: Zephyr Actual
21:24:00.942 Initialize success
21:29:29.952 AVAST engine defs: 12082901
21:30:05.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
21:30:05.187 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
21:30:05.237 Disk 0 MBR read successfully
21:30:05.237 Disk 0 MBR scan
21:30:05.437 Disk 0 Windows 7 default MBR code
21:30:05.487 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:30:05.777 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
21:30:05.787 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
21:30:05.867 Disk 0 scanning C:\Windows\system32\drivers
21:30:32.877 Service scanning
21:32:45.691 Modules scanning
21:32:45.691 Disk 0 trace - called modules:
21:32:45.751 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
21:32:45.751 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005523060]
21:32:45.761 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8004334050]
21:32:51.931 AVAST engine scan C:\Windows
21:32:55.392 AVAST engine scan C:\Windows\system32
21:37:03.578 AVAST engine scan C:\Windows\system32\drivers
21:37:14.969 AVAST engine scan C:\Users\Zephyr Actual
21:41:18.909 AVAST engine scan C:\ProgramData
21:44:50.035 Scan finished successfully
21:45:00.945 Disk 0 MBR has been saved successfully to "C:\Users\Zephyr Actual\Desktop\MBR.dat"
21:45:00.945 The log file has been saved successfully to "C:\Users\Zephyr Actual\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 29 August 2012 - 09:13 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Zephyr21

Zephyr21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 31 August 2012 - 04:49 PM

I managed to get Combofix to work and after I ran it my redirecting problems seem to have disappeared. I don't know if they're gone for good or just waiting in the shadows to jump back out but here's the log from Combofix

ComboFix 12-08-30.05 - Zephyr Actual 08/30/2012 20:33:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4030.2597 [GMT -4:00]
Running from: c:\users\Zephyr Actual\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Zephyr Actual\AppData\Roaming\Mozilla\Firefox\Profiles\e09nepnm.default\searchplugins\bing-zugo.xml
C:\WA6P
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\L\00000004.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\L\201d3dde
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\00000004.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\00000008.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\000000cb.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\80000000.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\80000032.@
c:\windows\Installer\{88d93b3b-166f-6ae0-4dd6-c175039638b3}\U\80000064.@
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmpBAA8.tmp
c:\windows\SysWow64\tmpBB74.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 00:43 . 2012-08-31 00:43 -------- d-----w- c:\users\Wanda\AppData\Local\temp
2012-08-31 00:43 . 2012-08-31 00:43 -------- d-----w- c:\users\Nick\AppData\Local\temp
2012-08-31 00:43 . 2012-08-31 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 20:24 . 2012-08-28 20:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 20:24 . 2012-08-28 20:23 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-28 20:23 . 2012-08-28 20:23 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-28 20:21 . 2012-08-28 20:21 -------- d-----w- c:\programdata\McAfee
2012-08-26 17:26 . 2012-08-31 00:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-13 22:23 . 2012-08-13 22:23 -------- d-----w- c:\program files\CCleaner
2012-08-13 22:23 . 2012-08-13 22:23 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-08-11 21:31 . 2012-08-11 21:31 -------- d-----w- c:\program files (x86)\ESET
2012-08-09 00:50 . 2012-08-11 22:18 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-08-05 23:23 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-02 17:19 . 2012-08-02 17:19 116016 ----a-w- c:\windows\system32\drivers\48531658.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 01:21 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-28 20:23 . 2011-11-23 12:34 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-14 23:19 . 2012-06-05 17:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:19 . 2011-10-12 20:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 00:03 . 2011-11-22 10:50 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-08 01:07 . 2012-07-08 01:07 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-08 01:07 . 2012-07-08 01:07 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-08 01:07 . 2012-07-08 01:07 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-08 01:07 . 2012-07-08 01:07 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-12 03:08 . 2012-07-13 00:06 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 08:56 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 08:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 08:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 08:56 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 08:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 08:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 08:56 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-18 22:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 22:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 22:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 22:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 22:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 22:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 22:14 99840 ----a-w- c:\windows\system32\wudriver.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-12-28 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-12-28 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"WGA Remover"="c:\program files (x86)\WGA Remover\wgaremover.exe" [2012-01-12 920576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-02 296056]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"VolPanel"="c:\program files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Zephyr Actual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-3-4 4559840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2010-10-13 1244224]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-08 79360]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-28 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 23:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2007-07-18 117008]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 2191632]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 3036944]
"combofix"="c:\combofix\CF8537.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.arccosine.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Zephyr Actual\AppData\Roaming\Mozilla\Firefox\Profiles\e09nepnm.default\
FF - prefs.js: browser.search.selectedEngine - Arccosine
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-69002298.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\system32\spool\DRIVERS\x64\3\EBAPIx32.EXE
.
**************************************************************************
.
Completion time: 2012-08-31 17:39:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 21:39
.
Pre-Run: 225,667,850,240 bytes free
Post-Run: 225,530,032,128 bytes free
.
- - End Of File - - 3FA2CD767512C6680AFDD9A84BF33A6D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 31 August 2012 - 05:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 02 September 2012 - 11:29 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:05 PM

Posted 08 September 2012 - 12:39 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users