Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with win64.zaccess.b


  • This topic is locked This topic is locked
34 replies to this topic

#1 ai3x5star

ai3x5star

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 September 2012 - 09:51 PM

Hi, a few days ago, I noticed that some of my google searches were getting redirected and that my Avira was completely gone. I also couldn't use Windows Update, firewall, or Defender. Checked around Google and discovered I most likely had a viris. Scanned with MBAM and SuperAntiSpyware and then downloaded and scanned with Avast. Avast found a trojan called win64.zaccess.b but couldn't get rid of it. I used Kaspersky TDSSkiller and that seemed to work. However, not sure I got everything and just wanted an expert's help in verifying I'm completely clean.

Attached are the DDS files.

Any help is greatly appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 05 September 2012 - 09:30 PM

Greetings ai3x5star and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you prefer I call you something other than your screen name I would be pleased to do so. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review the information you have posted already I would like you to post some additional information for me.

Please perform the following.


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • Do you have any current issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 01:03 PM

Hi Gary, thanks for helping me with this. As requested, see logs below.

I have not noticed any other problems except when using Google searches on Firefox, Avast warnings will pop up on the searches. I switched to Chrome and haven't had similar problems. Not sure if that's anything though.

Logs:

TDSSKiller

20:18:06.0350 4916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:18:06.0662 4916 ============================================================
20:18:06.0662 4916 Current date / time: 2012/09/02 20:18:06.0662
20:18:06.0662 4916 SystemInfo:
20:18:06.0662 4916
20:18:06.0662 4916 OS Version: 6.1.7600 ServicePack: 0.0
20:18:06.0662 4916 Product type: Workstation
20:18:06.0662 4916 ComputerName: TONYLAPTOP-PC
20:18:06.0662 4916 UserName: Tony Laptop
20:18:06.0662 4916 Windows directory: C:\Windows
20:18:06.0662 4916 System windows directory: C:\Windows
20:18:06.0662 4916 Running under WOW64
20:18:06.0662 4916 Processor architecture: Intel x64
20:18:06.0662 4916 Number of processors: 2
20:18:06.0662 4916 Page size: 0x1000
20:18:06.0662 4916 Boot type: Normal boot
20:18:06.0662 4916 ============================================================
20:18:07.0271 4916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:18:07.0286 4916 Drive \Device\Harddisk1\DR1 - Size: 0x3BA000000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:18:07.0286 4916 ============================================================
20:18:07.0286 4916 \Device\Harddisk0\DR0:
20:18:07.0286 4916 MBR partitions:
20:18:07.0286 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600
20:18:07.0302 4916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D7F0A
20:18:07.0302 4916 \Device\Harddisk1\DR1:
20:18:07.0302 4916 MBR partitions:
20:18:07.0302 4916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DCE080
20:18:07.0302 4916 ============================================================
20:18:07.0349 4916 C: <-> \Device\Harddisk0\DR0\Partition1
20:18:07.0380 4916 D: <-> \Device\Harddisk0\DR0\Partition2
20:18:07.0380 4916 ============================================================
20:18:07.0380 4916 Initialize success
20:18:07.0380 4916 ============================================================
20:18:21.0436 3128 ============================================================
20:18:21.0436 3128 Scan started
20:18:21.0436 3128 Mode: Manual;
20:18:21.0436 3128 ============================================================
20:18:21.0779 3128 ================ Scan system memory ========================
20:18:21.0779 3128 System memory - ok
20:18:21.0779 3128 ================ Scan services =============================
20:18:21.0857 3128 [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:18:21.0857 3128 !SASCORE - ok
20:18:22.0060 3128 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:18:22.0060 3128 1394ohci - ok
20:18:22.0091 3128 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:18:22.0091 3128 ACPI - ok
20:18:22.0122 3128 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:18:22.0122 3128 AcpiPmi - ok
20:18:22.0231 3128 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:22.0231 3128 AdobeFlashPlayerUpdateSvc - ok
20:18:22.0294 3128 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:18:22.0309 3128 adp94xx - ok
20:18:22.0356 3128 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:18:22.0372 3128 adpahci - ok
20:18:22.0403 3128 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:18:22.0403 3128 adpu320 - ok
20:18:22.0481 3128 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
20:18:22.0496 3128 ADSMService - ok
20:18:22.0543 3128 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:18:22.0543 3128 AeLookupSvc - ok
20:18:22.0590 3128 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe
20:18:22.0606 3128 AFBAgent - ok
20:18:22.0668 3128 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
20:18:22.0684 3128 AFD - ok
20:18:22.0730 3128 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:18:22.0730 3128 agp440 - ok
20:18:22.0762 3128 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:18:22.0762 3128 ALG - ok
20:18:22.0777 3128 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:18:22.0777 3128 aliide - ok
20:18:22.0777 3128 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:18:22.0777 3128 amdide - ok
20:18:22.0808 3128 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:18:22.0808 3128 AmdK8 - ok
20:18:22.0824 3128 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:18:22.0824 3128 AmdPPM - ok
20:18:22.0840 3128 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:18:22.0840 3128 amdsata - ok
20:18:22.0871 3128 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:18:22.0871 3128 amdsbs - ok
20:18:22.0886 3128 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:18:22.0886 3128 amdxata - ok
20:18:22.0918 3128 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
20:18:22.0933 3128 AmUStor - ok
20:18:22.0964 3128 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:18:22.0964 3128 AppID - ok
20:18:22.0980 3128 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:18:22.0980 3128 AppIDSvc - ok
20:18:22.0996 3128 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
20:18:22.0996 3128 Appinfo - ok
20:18:23.0074 3128 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:18:23.0152 3128 Apple Mobile Device - ok
20:18:23.0198 3128 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:18:23.0198 3128 arc - ok
20:18:23.0214 3128 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:18:23.0230 3128 arcsas - ok
20:18:23.0245 3128 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
20:18:23.0245 3128 AsDsm - ok
20:18:23.0339 3128 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
20:18:23.0339 3128 ASLDRService - ok
20:18:23.0386 3128 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
20:18:23.0401 3128 ASMMAP64 - ok
20:18:23.0448 3128 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
20:18:23.0448 3128 aswFsBlk - ok
20:18:23.0526 3128 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:18:23.0542 3128 aswMonFlt - ok
20:18:23.0588 3128 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
20:18:23.0588 3128 aswRdr - ok
20:18:23.0667 3128 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
20:18:23.0683 3128 aswSnx - ok
20:18:23.0730 3128 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
20:18:23.0730 3128 aswSP - ok
20:18:23.0761 3128 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
20:18:23.0761 3128 aswTdi - ok
20:18:23.0792 3128 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:23.0792 3128 AsyncMac - ok
20:18:23.0823 3128 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:18:23.0823 3128 atapi - ok
20:18:23.0979 3128 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:18:24.0042 3128 athr - ok
20:18:24.0120 3128 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
20:18:24.0120 3128 ATKGFNEXSrv - ok
20:18:24.0182 3128 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:18:24.0182 3128 AudioEndpointBuilder - ok
20:18:24.0213 3128 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:18:24.0229 3128 AudioSrv - ok
20:18:24.0323 3128 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:18:24.0323 3128 avast! Antivirus - ok
20:18:24.0369 3128 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:18:24.0385 3128 AxInstSV - ok
20:18:24.0432 3128 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:18:24.0447 3128 b06bdrv - ok
20:18:24.0479 3128 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:18:24.0494 3128 b57nd60a - ok
20:18:24.0588 3128 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:18:24.0619 3128 BBSvc - ok
20:18:24.0650 3128 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:18:24.0666 3128 BBUpdate - ok
20:18:24.0697 3128 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:18:24.0697 3128 BDESVC - ok
20:18:24.0744 3128 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:18:24.0744 3128 Beep - ok
20:18:24.0775 3128 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:18:24.0775 3128 blbdrive - ok
20:18:24.0837 3128 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:18:24.0853 3128 Bonjour Service - ok
20:18:24.0884 3128 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:18:24.0900 3128 bowser - ok
20:18:24.0915 3128 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:18:24.0931 3128 BrFiltLo - ok
20:18:24.0962 3128 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:18:24.0962 3128 BrFiltUp - ok
20:18:24.0993 3128 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
20:18:25.0009 3128 Browser - ok
20:18:25.0025 3128 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:18:25.0025 3128 Brserid - ok
20:18:25.0040 3128 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:18:25.0056 3128 BrSerWdm - ok
20:18:25.0071 3128 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:18:25.0071 3128 BrUsbMdm - ok
20:18:25.0087 3128 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:18:25.0087 3128 BrUsbSer - ok
20:18:25.0118 3128 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:18:25.0118 3128 BTHMODEM - ok
20:18:25.0165 3128 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:18:25.0165 3128 bthserv - ok
20:18:25.0181 3128 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:18:25.0196 3128 cdfs - ok
20:18:25.0227 3128 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:18:25.0227 3128 cdrom - ok
20:18:25.0259 3128 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
20:18:25.0274 3128 CertPropSvc - ok
20:18:25.0305 3128 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:18:25.0305 3128 circlass - ok
20:18:25.0337 3128 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:18:25.0337 3128 CLFS - ok
20:18:25.0415 3128 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:25.0446 3128 clr_optimization_v2.0.50727_32 - ok
20:18:25.0493 3128 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:18:25.0508 3128 clr_optimization_v2.0.50727_64 - ok
20:18:25.0539 3128 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:18:25.0539 3128 CmBatt - ok
20:18:25.0555 3128 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:18:25.0571 3128 cmdide - ok
20:18:25.0617 3128 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:18:25.0633 3128 CNG - ok
20:18:25.0664 3128 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:18:25.0664 3128 Compbatt - ok
20:18:25.0695 3128 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:18:25.0711 3128 CompositeBus - ok
20:18:25.0727 3128 COMSysApp - ok
20:18:25.0742 3128 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:18:25.0742 3128 crcdisk - ok
20:18:25.0773 3128 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:18:25.0789 3128 CryptSvc - ok
20:18:25.0820 3128 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:18:25.0836 3128 DcomLaunch - ok
20:18:25.0883 3128 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:18:25.0883 3128 defragsvc - ok
20:18:25.0929 3128 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:18:25.0929 3128 DfsC - ok
20:18:25.0961 3128 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
20:18:25.0976 3128 Dhcp - ok
20:18:25.0992 3128 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:18:25.0992 3128 discache - ok
20:18:26.0023 3128 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:18:26.0023 3128 Disk - ok
20:18:26.0070 3128 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:18:26.0070 3128 Dnscache - ok
20:18:26.0101 3128 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
20:18:26.0101 3128 dot3svc - ok
20:18:26.0132 3128 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
20:18:26.0132 3128 DPS - ok
20:18:26.0163 3128 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:18:26.0179 3128 drmkaud - ok
20:18:26.0226 3128 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:18:26.0226 3128 DXGKrnl - ok
20:18:26.0241 3128 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:18:26.0257 3128 EapHost - ok
20:18:26.0351 3128 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:18:26.0475 3128 ebdrv - ok
20:18:26.0507 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
20:18:26.0507 3128 EFS - ok
20:18:26.0569 3128 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:18:26.0585 3128 ehRecvr - ok
20:18:26.0631 3128 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:18:26.0647 3128 ehSched - ok
20:18:26.0725 3128 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:18:26.0741 3128 elxstor - ok
20:18:26.0756 3128 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:18:26.0756 3128 ErrDev - ok
20:18:26.0787 3128 [ 1299D1EA00B7A4BF69C5869DCA31E0F6 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
20:18:26.0803 3128 ETD - ok
20:18:26.0834 3128 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:18:26.0834 3128 EventSystem - ok
20:18:26.0865 3128 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:18:26.0865 3128 exfat - ok
20:18:26.0881 3128 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:18:26.0881 3128 fastfat - ok
20:18:26.0912 3128 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
20:18:26.0943 3128 Fax - ok
20:18:26.0975 3128 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:18:26.0975 3128 fdc - ok
20:18:27.0021 3128 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:18:27.0021 3128 fdPHost - ok
20:18:27.0037 3128 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:18:27.0037 3128 FDResPub - ok
20:18:27.0053 3128 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:18:27.0053 3128 FileInfo - ok
20:18:27.0068 3128 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:18:27.0068 3128 Filetrace - ok
20:18:27.0099 3128 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:18:27.0115 3128 flpydisk - ok
20:18:27.0131 3128 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:18:27.0146 3128 FltMgr - ok
20:18:27.0193 3128 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
20:18:27.0224 3128 FontCache - ok
20:18:27.0271 3128 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:18:27.0271 3128 FontCache3.0.0.0 - ok
20:18:27.0287 3128 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:18:27.0287 3128 FsDepends - ok
20:18:27.0333 3128 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:18:27.0333 3128 fssfltr - ok
20:18:27.0427 3128 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:18:27.0458 3128 fsssvc - ok
20:18:27.0489 3128 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:18:27.0489 3128 Fs_Rec - ok
20:18:27.0536 3128 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:18:27.0552 3128 fvevol - ok
20:18:27.0567 3128 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:18:27.0567 3128 gagp30kx - ok
20:18:27.0599 3128 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:18:27.0599 3128 GEARAspiWDM - ok
20:18:27.0645 3128 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
20:18:27.0661 3128 gpsvc - ok
20:18:27.0708 3128 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:18:27.0708 3128 hcw85cir - ok
20:18:27.0755 3128 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:18:27.0755 3128 HdAudAddService - ok
20:18:27.0786 3128 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:18:27.0786 3128 HDAudBus - ok
20:18:27.0801 3128 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:18:27.0801 3128 HidBatt - ok
20:18:27.0817 3128 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:18:27.0833 3128 HidBth - ok
20:18:27.0848 3128 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:18:27.0848 3128 HidIr - ok
20:18:27.0879 3128 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:18:27.0879 3128 hidserv - ok
20:18:27.0926 3128 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:18:27.0926 3128 HidUsb - ok
20:18:27.0957 3128 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:18:27.0957 3128 hkmsvc - ok
20:18:27.0989 3128 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:18:27.0989 3128 HomeGroupListener - ok
20:18:28.0020 3128 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:18:28.0020 3128 HomeGroupProvider - ok
20:18:28.0067 3128 [ DBD2BB97A574FC565B1EB5C0A03F917A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys
20:18:28.0067 3128 HPFXBULK - ok
20:18:28.0082 3128 [ 219C2A07FD07023D3905C332BF6F9BA8 ] HPFXFAX C:\Windows\system32\drivers\hpfx64fax.sys
20:18:28.0098 3128 HPFXFAX - ok
20:18:28.0160 3128 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:18:28.0160 3128 hpqcxs08 - ok
20:18:28.0191 3128 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:18:28.0191 3128 hpqddsvc - ok
20:18:28.0223 3128 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:18:28.0223 3128 HpSAMD - ok
20:18:28.0269 3128 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:18:28.0301 3128 HTTP - ok
20:18:28.0332 3128 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:18:28.0332 3128 hwpolicy - ok
20:18:28.0363 3128 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:18:28.0363 3128 i8042prt - ok
20:18:28.0394 3128 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:18:28.0410 3128 iaStor - ok
20:18:28.0425 3128 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:18:28.0441 3128 iaStorV - ok
20:18:28.0519 3128 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:18:28.0550 3128 idsvc - ok
20:18:28.0753 3128 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:18:28.0940 3128 igfx - ok
20:18:28.0971 3128 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:18:28.0971 3128 iirsp - ok
20:18:29.0018 3128 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
20:18:29.0065 3128 IKEEXT - ok
20:18:29.0143 3128 [ E200F72882C1E4E45FA2C4B66F19F7FB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:18:29.0159 3128 IntcAzAudAddService - ok
20:18:29.0190 3128 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:18:29.0190 3128 intelide - ok
20:18:29.0221 3128 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:18:29.0221 3128 intelppm - ok
20:18:29.0268 3128 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:18:29.0268 3128 IPBusEnum - ok
20:18:29.0315 3128 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:18:29.0330 3128 IpFilterDriver - ok
20:18:29.0346 3128 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:18:29.0346 3128 IPMIDRV - ok
20:18:29.0393 3128 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:18:29.0393 3128 IPNAT - ok
20:18:29.0471 3128 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:18:29.0502 3128 iPod Service - ok
20:18:29.0549 3128 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:18:29.0549 3128 IRENUM - ok
20:18:29.0580 3128 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:18:29.0580 3128 isapnp - ok
20:18:29.0611 3128 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:18:29.0611 3128 iScsiPrt - ok
20:18:29.0642 3128 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:18:29.0642 3128 kbdclass - ok
20:18:29.0658 3128 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:18:29.0673 3128 kbdhid - ok
20:18:29.0705 3128 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
20:18:29.0705 3128 kbfiltr - ok
20:18:29.0720 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
20:18:29.0736 3128 KeyIso - ok
20:18:29.0767 3128 kfngybcu - ok
20:18:29.0798 3128 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:18:29.0798 3128 KSecDD - ok
20:18:29.0814 3128 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:18:29.0829 3128 KSecPkg - ok
20:18:29.0861 3128 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:18:29.0861 3128 ksthunk - ok
20:18:29.0907 3128 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:18:29.0907 3128 KtmRm - ok
20:18:29.0939 3128 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:18:29.0939 3128 L1C - ok
20:18:29.0985 3128 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:18:30.0001 3128 LanmanServer - ok
20:18:30.0032 3128 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:18:30.0063 3128 LanmanWorkstation - ok
20:18:30.0095 3128 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:18:30.0110 3128 lltdio - ok
20:18:30.0141 3128 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:18:30.0157 3128 lltdsvc - ok
20:18:30.0188 3128 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:18:30.0188 3128 lmhosts - ok
20:18:30.0251 3128 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:18:30.0251 3128 LSI_FC - ok
20:18:30.0282 3128 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:18:30.0282 3128 LSI_SAS - ok
20:18:30.0297 3128 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:18:30.0297 3128 LSI_SAS2 - ok
20:18:30.0329 3128 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:18:30.0329 3128 LSI_SCSI - ok
20:18:30.0360 3128 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:18:30.0360 3128 luafv - ok
20:18:30.0391 3128 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:18:30.0391 3128 Mcx2Svc - ok
20:18:30.0407 3128 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:18:30.0422 3128 megasas - ok
20:18:30.0438 3128 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:18:30.0453 3128 MegaSR - ok
20:18:30.0516 3128 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:18:30.0578 3128 Microsoft Office Groove Audit Service - ok
20:18:30.0609 3128 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:18:30.0625 3128 MMCSS - ok
20:18:30.0641 3128 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:18:30.0656 3128 Modem - ok
20:18:30.0703 3128 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:18:30.0703 3128 monitor - ok
20:18:30.0734 3128 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:18:30.0734 3128 mouclass - ok
20:18:30.0750 3128 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:18:30.0750 3128 mouhid - ok
20:18:30.0781 3128 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:18:30.0781 3128 mountmgr - ok
20:18:30.0859 3128 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:18:30.0859 3128 MozillaMaintenance - ok
20:18:30.0890 3128 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:18:30.0890 3128 mpio - ok
20:18:30.0968 3128 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:18:30.0968 3128 mpsdrv - ok
20:18:30.0999 3128 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:18:31.0015 3128 MRxDAV - ok
20:18:31.0046 3128 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:18:31.0046 3128 mrxsmb - ok
20:18:31.0077 3128 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:18:31.0093 3128 mrxsmb10 - ok
20:18:31.0109 3128 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:18:31.0109 3128 mrxsmb20 - ok
20:18:31.0124 3128 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:18:31.0124 3128 msahci - ok
20:18:31.0155 3128 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:18:31.0155 3128 msdsm - ok
20:18:31.0187 3128 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:18:31.0202 3128 MSDTC - ok
20:18:31.0218 3128 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:18:31.0218 3128 Msfs - ok
20:18:31.0233 3128 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:18:31.0233 3128 mshidkmdf - ok
20:18:31.0265 3128 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:18:31.0265 3128 msisadrv - ok
20:18:31.0296 3128 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:18:31.0296 3128 MSiSCSI - ok
20:18:31.0311 3128 msiserver - ok
20:18:31.0327 3128 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:18:31.0327 3128 MSKSSRV - ok
20:18:31.0358 3128 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:18:31.0358 3128 MSPCLOCK - ok
20:18:31.0374 3128 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:18:31.0374 3128 MSPQM - ok
20:18:31.0405 3128 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:18:31.0405 3128 MsRPC - ok
20:18:31.0421 3128 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:18:31.0436 3128 mssmbios - ok
20:18:31.0436 3128 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:18:31.0452 3128 MSTEE - ok
20:18:31.0467 3128 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:18:31.0467 3128 MTConfig - ok
20:18:31.0499 3128 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:18:31.0499 3128 MTsensor - ok
20:18:31.0514 3128 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:18:31.0530 3128 Mup - ok
20:18:31.0561 3128 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
20:18:31.0592 3128 napagent - ok
20:18:31.0623 3128 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:18:31.0639 3128 NativeWifiP - ok
20:18:31.0686 3128 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:18:31.0717 3128 NDIS - ok
20:18:31.0733 3128 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:18:31.0733 3128 NdisCap - ok
20:18:31.0779 3128 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:18:31.0779 3128 NdisTapi - ok
20:18:31.0795 3128 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:18:31.0795 3128 Ndisuio - ok
20:18:31.0826 3128 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:18:31.0826 3128 NdisWan - ok
20:18:31.0842 3128 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:18:31.0842 3128 NDProxy - ok
20:18:31.0873 3128 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:18:31.0873 3128 Net Driver HPZ12 - ok
20:18:31.0904 3128 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:18:31.0904 3128 NetBIOS - ok
20:18:31.0920 3128 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:18:31.0935 3128 NetBT - ok
20:18:31.0951 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
20:18:31.0951 3128 Netlogon - ok
20:18:31.0998 3128 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:18:32.0013 3128 Netman - ok
20:18:32.0029 3128 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:18:32.0029 3128 netprofm - ok
20:18:32.0060 3128 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:18:32.0060 3128 NetTcpPortSharing - ok
20:18:32.0091 3128 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:18:32.0107 3128 nfrd960 - ok
20:18:32.0154 3128 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:18:32.0169 3128 NlaSvc - ok
20:18:32.0169 3128 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:18:32.0169 3128 Npfs - ok
20:18:32.0185 3128 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:18:32.0201 3128 nsi - ok
20:18:32.0216 3128 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:18:32.0216 3128 nsiproxy - ok
20:18:32.0263 3128 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:18:32.0325 3128 Ntfs - ok
20:18:32.0357 3128 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:18:32.0357 3128 Null - ok
20:18:32.0372 3128 [ 6E41A4DF26340A07A489B721F9721EC1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:18:32.0388 3128 NVHDA - ok
20:18:32.0684 3128 [ 5A9A416F77E98686079E4D7F90A55498 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:18:32.0778 3128 nvlddmkm - ok
20:18:32.0825 3128 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:18:32.0825 3128 nvraid - ok
20:18:32.0840 3128 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:18:32.0840 3128 nvstor - ok
20:18:32.0887 3128 [ 72545FE7BD0410E72D00B0029DAE3700 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:18:32.0903 3128 nvsvc - ok
20:18:32.0934 3128 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:18:32.0934 3128 nv_agp - ok
20:18:33.0012 3128 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:18:33.0059 3128 odserv - ok
20:18:33.0105 3128 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:18:33.0105 3128 ohci1394 - ok
20:18:33.0152 3128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:18:33.0152 3128 ose - ok
20:18:33.0183 3128 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:18:33.0199 3128 p2pimsvc - ok
20:18:33.0230 3128 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:18:33.0230 3128 p2psvc - ok
20:18:33.0261 3128 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:18:33.0261 3128 Parport - ok
20:18:33.0293 3128 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:18:33.0293 3128 partmgr - ok
20:18:33.0324 3128 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:18:33.0339 3128 PcaSvc - ok
20:18:33.0355 3128 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
20:18:33.0355 3128 pci - ok
20:18:33.0371 3128 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:18:33.0386 3128 pciide - ok
20:18:33.0402 3128 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:18:33.0417 3128 pcmcia - ok
20:18:33.0433 3128 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:18:33.0433 3128 pcw - ok
20:18:33.0464 3128 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:18:33.0480 3128 PEAUTH - ok
20:18:33.0573 3128 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:18:33.0589 3128 PerfHost - ok
20:18:33.0683 3128 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
20:18:33.0714 3128 pla - ok
20:18:33.0776 3128 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:18:33.0776 3128 PlugPlay - ok
20:18:33.0792 3128 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:18:33.0807 3128 Pml Driver HPZ12 - ok
20:18:33.0807 3128 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:18:33.0823 3128 PNRPAutoReg - ok
20:18:33.0854 3128 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:18:33.0854 3128 PNRPsvc - ok
20:18:33.0901 3128 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:18:33.0917 3128 PolicyAgent - ok
20:18:33.0963 3128 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:18:33.0963 3128 Power - ok
20:18:33.0995 3128 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:18:34.0010 3128 PptpMiniport - ok
20:18:34.0026 3128 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:18:34.0026 3128 Processor - ok
20:18:34.0057 3128 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
20:18:34.0073 3128 ProfSvc - ok
20:18:34.0088 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:18:34.0088 3128 ProtectedStorage - ok
20:18:34.0104 3128 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:18:34.0119 3128 Psched - ok
20:18:34.0166 3128 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:18:34.0213 3128 ql2300 - ok
20:18:34.0229 3128 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:18:34.0229 3128 ql40xx - ok
20:18:34.0260 3128 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:18:34.0275 3128 QWAVE - ok
20:18:34.0291 3128 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:18:34.0291 3128 QWAVEdrv - ok
20:18:34.0307 3128 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:18:34.0322 3128 RasAcd - ok
20:18:34.0353 3128 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:18:34.0353 3128 RasAgileVpn - ok
20:18:34.0369 3128 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:18:34.0385 3128 RasAuto - ok
20:18:34.0400 3128 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:18:34.0400 3128 Rasl2tp - ok
20:18:34.0416 3128 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
20:18:34.0447 3128 RasMan - ok
20:18:34.0463 3128 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:18:34.0463 3128 RasPppoe - ok
20:18:34.0478 3128 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:18:34.0478 3128 RasSstp - ok
20:18:34.0509 3128 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:18:34.0509 3128 rdbss - ok
20:18:34.0525 3128 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:18:34.0541 3128 rdpbus - ok
20:18:34.0556 3128 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:18:34.0556 3128 RDPCDD - ok
20:18:34.0587 3128 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:18:34.0587 3128 RDPENCDD - ok
20:18:34.0603 3128 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:18:34.0619 3128 RDPREFMP - ok
20:18:34.0650 3128 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:18:34.0650 3128 RDPWD - ok
20:18:34.0665 3128 rdtmikbl - ok
20:18:34.0697 3128 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:18:34.0697 3128 rdyboost - ok
20:18:34.0743 3128 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:18:34.0743 3128 RemoteAccess - ok
20:18:34.0775 3128 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:18:34.0790 3128 RemoteRegistry - ok
20:18:34.0806 3128 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:18:34.0821 3128 RpcEptMapper - ok
20:18:34.0837 3128 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:18:34.0837 3128 RpcLocator - ok
20:18:34.0868 3128 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
20:18:34.0884 3128 RpcSs - ok
20:18:34.0931 3128 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:18:34.0931 3128 rspndr - ok
20:18:34.0946 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
20:18:34.0946 3128 SamSs - ok
20:18:34.0993 3128 [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:18:34.0993 3128 SASDIFSV - ok
20:18:34.0993 3128 [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:18:35.0009 3128 SASKUTIL - ok
20:18:35.0024 3128 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:18:35.0024 3128 sbp2port - ok
20:18:35.0055 3128 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:18:35.0087 3128 SCardSvr - ok
20:18:35.0118 3128 [ 741B338D675FE20B779E7EFFA55032FE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:18:35.0118 3128 SCDEmu - ok
20:18:35.0133 3128 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:18:35.0133 3128 scfilter - ok
20:18:35.0180 3128 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
20:18:35.0227 3128 Schedule - ok
20:18:35.0243 3128 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:18:35.0243 3128 SCPolicySvc - ok
20:18:35.0289 3128 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:18:35.0305 3128 SDRSVC - ok
20:18:35.0321 3128 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:18:35.0336 3128 secdrv - ok
20:18:35.0352 3128 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
20:18:35.0352 3128 seclogon - ok
20:18:35.0367 3128 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:18:35.0383 3128 SENS - ok
20:18:35.0399 3128 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:18:35.0414 3128 SensrSvc - ok
20:18:35.0445 3128 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:18:35.0445 3128 Serenum - ok
20:18:35.0461 3128 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:18:35.0461 3128 Serial - ok
20:18:35.0477 3128 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:18:35.0477 3128 sermouse - ok
20:18:35.0523 3128 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
20:18:35.0523 3128 SessionEnv - ok
20:18:35.0539 3128 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:18:35.0539 3128 sffdisk - ok
20:18:35.0539 3128 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:18:35.0539 3128 sffp_mmc - ok
20:18:35.0555 3128 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:18:35.0555 3128 sffp_sd - ok
20:18:35.0555 3128 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:18:35.0570 3128 sfloppy - ok
20:18:35.0601 3128 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:18:35.0617 3128 ShellHWDetection - ok
20:18:35.0648 3128 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
20:18:35.0648 3128 SiSGbeLH - ok
20:18:35.0664 3128 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:18:35.0664 3128 SiSRaid2 - ok
20:18:35.0679 3128 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:18:35.0695 3128 SiSRaid4 - ok
20:18:35.0695 3128 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:18:35.0695 3128 Smb - ok
20:18:35.0742 3128 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:18:35.0742 3128 SNMPTRAP - ok
20:18:35.0821 3128 [ 7AEC460DBDD193680F0E77724E40E7B6 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:18:35.0836 3128 SNP2UVC - ok
20:18:35.0852 3128 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:18:35.0852 3128 spldr - ok
20:18:35.0899 3128 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
20:18:35.0914 3128 Spooler - ok
20:18:36.0024 3128 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
20:18:36.0133 3128 sppsvc - ok
20:18:36.0164 3128 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:18:36.0180 3128 sppuinotify - ok
20:18:36.0211 3128 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:18:36.0211 3128 srv - ok
20:18:36.0242 3128 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:18:36.0242 3128 srv2 - ok
20:18:36.0273 3128 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:18:36.0273 3128 srvnet - ok
20:18:36.0304 3128 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:18:36.0320 3128 SSDPSRV - ok
20:18:36.0336 3128 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:18:36.0351 3128 SstpSvc - ok
20:18:36.0367 3128 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:18:36.0382 3128 stexstor - ok
20:18:36.0429 3128 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
20:18:36.0460 3128 stisvc - ok
20:18:36.0523 3128 svcboot_cbonsg - ok
20:18:36.0554 3128 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:18:36.0554 3128 swenum - ok
20:18:36.0585 3128 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:18:36.0616 3128 swprv - ok
20:18:36.0679 3128 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
20:18:36.0694 3128 SysMain - ok
20:18:36.0710 3128 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:18:36.0726 3128 TabletInputService - ok
20:18:36.0741 3128 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:18:36.0772 3128 TapiSrv - ok
20:18:36.0788 3128 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:18:36.0804 3128 TBS - ok
20:18:36.0882 3128 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:18:36.0928 3128 Tcpip - ok
20:18:36.0991 3128 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:18:37.0006 3128 TCPIP6 - ok
20:18:37.0038 3128 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:18:37.0038 3128 tcpipreg - ok
20:18:37.0069 3128 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:18:37.0069 3128 TDPIPE - ok
20:18:37.0100 3128 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:18:37.0100 3128 TDTCP - ok
20:18:37.0116 3128 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:18:37.0131 3128 tdx - ok
20:18:37.0147 3128 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:18:37.0147 3128 TermDD - ok
20:18:37.0178 3128 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
20:18:37.0225 3128 TermService - ok
20:18:37.0240 3128 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:18:37.0240 3128 Themes - ok
20:18:37.0272 3128 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:18:37.0272 3128 THREADORDER - ok
20:18:37.0303 3128 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:18:37.0303 3128 TrkWks - ok
20:18:37.0365 3128 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:18:37.0381 3128 TrustedInstaller - ok
20:18:37.0412 3128 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:18:37.0428 3128 tssecsrv - ok
20:18:37.0474 3128 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:18:37.0474 3128 tunnel - ok
20:18:37.0506 3128 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:18:37.0506 3128 uagp35 - ok
20:18:37.0537 3128 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:18:37.0537 3128 udfs - ok
20:18:37.0584 3128 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:18:37.0599 3128 UI0Detect - ok
20:18:37.0615 3128 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:18:37.0615 3128 uliagpkx - ok
20:18:37.0662 3128 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:18:37.0662 3128 umbus - ok
20:18:37.0677 3128 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:18:37.0677 3128 UmPass - ok
20:18:37.0708 3128 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:18:37.0724 3128 upnphost - ok
20:18:37.0740 3128 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:18:37.0755 3128 USBAAPL64 - ok
20:18:37.0771 3128 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:18:37.0771 3128 usbccgp - ok
20:18:37.0802 3128 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:18:37.0802 3128 usbcir - ok
20:18:37.0818 3128 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:18:37.0818 3128 usbehci - ok
20:18:37.0864 3128 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:18:37.0864 3128 usbhub - ok
20:18:37.0880 3128 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:18:37.0896 3128 usbohci - ok
20:18:37.0911 3128 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:18:37.0911 3128 usbprint - ok
20:18:37.0958 3128 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:18:37.0958 3128 usbscan - ok
20:18:37.0974 3128 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:18:37.0974 3128 USBSTOR - ok
20:18:38.0005 3128 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:18:38.0005 3128 usbuhci - ok
20:18:38.0036 3128 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:18:38.0036 3128 usbvideo - ok
20:18:38.0083 3128 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:18:38.0083 3128 UxSms - ok
20:18:38.0098 3128 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
20:18:38.0098 3128 VaultSvc - ok
20:18:38.0145 3128 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:18:38.0145 3128 vdrvroot - ok
20:18:38.0176 3128 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
20:18:38.0208 3128 vds - ok
20:18:38.0239 3128 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:18:38.0239 3128 vga - ok
20:18:38.0254 3128 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:18:38.0254 3128 VgaSave - ok
20:18:38.0286 3128 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:18:38.0301 3128 vhdmp - ok
20:18:38.0317 3128 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:18:38.0317 3128 viaide - ok
20:18:38.0332 3128 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:18:38.0332 3128 volmgr - ok
20:18:38.0364 3128 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:18:38.0364 3128 volmgrx - ok
20:18:38.0395 3128 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:18:38.0395 3128 volsnap - ok
20:18:38.0426 3128 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:18:38.0426 3128 vsmraid - ok
20:18:38.0488 3128 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
20:18:38.0566 3128 VSS - ok
20:18:38.0582 3128 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:18:38.0598 3128 vwifibus - ok
20:18:38.0613 3128 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:18:38.0613 3128 vwififlt - ok
20:18:38.0644 3128 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:18:38.0660 3128 W32Time - ok
20:18:38.0707 3128 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:18:38.0707 3128 WacomPen - ok
20:18:38.0738 3128 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:18:38.0738 3128 WANARP - ok
20:18:38.0738 3128 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:18:38.0754 3128 Wanarpv6 - ok
20:18:38.0832 3128 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:18:38.0863 3128 WatAdminSvc - ok
20:18:38.0941 3128 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
20:18:39.0019 3128 wbengine - ok
20:18:39.0050 3128 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:18:39.0081 3128 WbioSrvc - ok
20:18:39.0097 3128 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:18:39.0128 3128 wcncsvc - ok
20:18:39.0144 3128 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:18:39.0159 3128 WcsPlugInService - ok
20:18:39.0190 3128 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:18:39.0190 3128 Wd - ok
20:18:39.0222 3128 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:18:39.0237 3128 Wdf01000 - ok
20:18:39.0253 3128 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:18:39.0268 3128 WdiServiceHost - ok
20:18:39.0284 3128 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:18:39.0300 3128 WdiSystemHost - ok
20:18:39.0315 3128 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
20:18:39.0346 3128 WebClient - ok
20:18:39.0362 3128 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:18:39.0378 3128 Wecsvc - ok
20:18:39.0393 3128 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:18:39.0409 3128 wercplsupport - ok
20:18:39.0440 3128 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:18:39.0456 3128 WerSvc - ok
20:18:39.0471 3128 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:18:39.0471 3128 WfpLwf - ok
20:18:39.0502 3128 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:18:39.0502 3128 WimFltr - ok
20:18:39.0534 3128 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:18:39.0534 3128 WIMMount - ok
20:18:39.0549 3128 WinHttpAutoProxySvc - ok
20:18:39.0596 3128 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:18:39.0612 3128 Winmgmt - ok
20:18:39.0674 3128 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:18:39.0783 3128 WinRM - ok
20:18:39.0846 3128 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:18:39.0846 3128 WinUsb - ok
20:18:39.0892 3128 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:18:39.0908 3128 Wlansvc - ok
20:18:39.0939 3128 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:18:39.0955 3128 WmiAcpi - ok
20:18:39.0986 3128 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:18:39.0986 3128 wmiApSrv - ok
20:18:40.0017 3128 WMPNetworkSvc - ok
20:18:40.0033 3128 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:18:40.0048 3128 WPCSvc - ok
20:18:40.0080 3128 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:18:40.0080 3128 WPDBusEnum - ok
20:18:40.0111 3128 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:18:40.0111 3128 ws2ifsl - ok
20:18:40.0158 3128 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:18:40.0158 3128 wscsvc - ok
20:18:40.0204 3128 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:18:40.0204 3128 WSDPrintDevice - ok
20:18:40.0220 3128 WSearch - ok
20:18:40.0236 3128 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:18:40.0236 3128 WudfPf - ok
20:18:40.0298 3128 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:18:40.0298 3128 WUDFRd - ok
20:18:40.0329 3128 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:18:40.0345 3128 wudfsvc - ok
20:18:40.0376 3128 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:18:40.0392 3128 WwanSvc - ok
20:18:40.0423 3128 ================ Scan global ===============================
20:18:40.0438 3128 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:18:40.0485 3128 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:18:40.0516 3128 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
20:18:40.0548 3128 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:18:40.0594 3128 [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
20:18:40.0610 3128 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
20:18:40.0610 3128 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
20:18:40.0610 3128 ================ Scan MBR ==================================
20:18:40.0626 3128 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:18:41.0655 3128 \Device\Harddisk0\DR0 - ok
20:18:41.0655 3128 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:18:45.0789 3128 \Device\Harddisk1\DR1 - ok
20:18:45.0789 3128 ================ Scan VBR ==================================
20:18:45.0820 3128 [ 1207C1BF962849D524E8E0A5317ADB0A ] \Device\Harddisk0\DR0\Partition1
20:18:45.0820 3128 \Device\Harddisk0\DR0\Partition1 - ok
20:18:45.0836 3128 [ 85993CF8D4CD53B284AA941609EBB08D ] \Device\Harddisk0\DR0\Partition2
20:18:45.0836 3128 \Device\Harddisk0\DR0\Partition2 - ok
20:18:45.0836 3128 [ F5759F71EE10318019BD65021F9F214B ] \Device\Harddisk1\DR1\Partition1
20:18:45.0852 3128 \Device\Harddisk1\DR1\Partition1 - ok
20:18:45.0852 3128 ============================================================
20:18:45.0852 3128 Scan finished
20:18:45.0852 3128 ============================================================
20:18:45.0852 0892 Detected object count: 1
20:18:45.0852 0892 Actual detected object count: 1
20:21:11.0532 0892 C:\Windows\system32\services.exe - copied to quarantine
20:21:18.0921 0892 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
20:21:24.0614 0892 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
20:21:24.0744 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\@ - copied to quarantine
20:21:24.0768 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\L\00000004.@ - copied to quarantine
20:21:24.0770 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\L\1afb2d56 - copied to quarantine
20:21:24.0773 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\L\201d3dde - copied to quarantine
20:21:24.0776 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\U\00000008.@ - copied to quarantine
20:21:24.0856 0892 C:\Users\Tony Laptop\AppData\Local\{e748b935-1bf5-7ec2-efc5-974c7f221830}\@ - copied to quarantine
20:21:40.0229 0892 Backup copy found, using it..
20:21:40.0306 0892 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
20:21:40.0306 0892 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
20:21:40.0341 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\@ - will be deleted on reboot
20:21:40.0343 0892 C:\Windows\installer\{e748b935-1bf5-7ec2-efc5-974c7f221830}\U\00000008.@ - will be deleted on reboot
20:21:40.0352 0892 C:\Users\Tony Laptop\AppData\Local\{e748b935-1bf5-7ec2-efc5-974c7f221830}\@ - will be deleted on reboot
20:21:40.0354 0892 C:\Windows\system32\services.exe - will be cured on reboot
20:21:40.0354 0892 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
20:21:50.0180 0520 Deinitialize success

AswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-06 13:41:52
-----------------------------
13:41:52.347 OS Version: Windows x64 6.1.7601 Service Pack 1
13:41:52.347 Number of processors: 2 586 0x170A
13:41:52.347 ComputerName: TONYLAPTOP-PC UserName: Tony Laptop
13:41:53.611 Initialize success
13:41:54.422 AVAST engine defs: 12090600
13:42:42.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:42:42.565 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
13:42:42.580 Disk 0 MBR read successfully
13:42:42.580 Disk 0 MBR scan
13:42:42.596 Disk 0 Windows VISTA default MBR code
13:42:42.596 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
13:42:42.627 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 30716280
13:42:42.627 Disk 0 Partition - 00 0F Extended LBA 213935 MB offset 186996600
13:42:42.658 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 213935 MB offset 186996663
13:42:42.690 Disk 0 scanning C:\Windows\system32\drivers
13:42:56.854 Service scanning
13:43:19.381 Modules scanning
13:43:19.397 Disk 0 trace - called modules:
13:43:19.475 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:43:19.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c00060]
13:43:19.490 3 CLASSPNP.SYS[fffff88001b5243f] -> nt!IofCallDriver -> [0xfffffa8004a43b20]
13:43:19.506 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a49050]
13:43:20.036 AVAST engine scan C:\Windows
13:43:22.470 AVAST engine scan C:\Windows\system32
13:46:46.910 AVAST engine scan C:\Windows\system32\drivers
13:47:00.467 AVAST engine scan C:\Users\Tony Laptop
13:57:06.592 AVAST engine scan C:\ProgramData
13:57:44.235 Scan finished successfully
13:58:06.262 Disk 0 MBR has been saved successfully to "C:\Users\Tony Laptop\Desktop\MBR.dat"
13:58:06.278 The log file has been saved successfully to "C:\Users\Tony Laptop\Desktop\aswMBR.txt"

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 02:46 PM

Greetings ai3x5star,

thanks for helping me with this.

My pleasure :)

----------

Do you recognize this web site?

http://www.basicscan.com

----------

Please consider and complete the following for me.


===================================================


P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition, it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Did you decide to remove µTorrent?
  • FSS.txt
  • Combofix.txt
  • Are you still experiencing redirects?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 04:09 PM

Hi Gary,

1) No, did not decide to remove utorrent
2) FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Tony Laptop (administrator) on 06-09-2012 at 15:53:25
Running from "C:\Users\Tony Laptop\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

3) Combofix:


ComboFix 12-09-06.02 - Tony Laptop 09/06/2012 16:22:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2639 [GMT -4:00]
Running from: c:\users\Tony Laptop\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\programdata\1db1fddc2cbb4100029ae378d0e66dc9_c
c:\programdata\BasicScan
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 20:37 . 2012-09-06 20:37 -------- d-----w- c:\users\Tony\AppData\Local\temp
2012-09-06 20:37 . 2012-09-06 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 09:41 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4982EA6E-9662-4A7C-A763-C916F00428EB}\mpengine.dll
2012-09-03 02:03 . 2012-09-03 02:03 -------- d-----w- c:\windows\system32\SPReview
2012-09-03 02:02 . 2012-09-03 02:02 -------- d-----w- c:\windows\system32\EventProviders
2012-09-03 01:54 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 01:54 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-09-03 01:54 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-09-03 00:21 . 2012-09-03 00:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-03 00:08 . 2012-09-03 00:09 -------- d-----w- c:\users\Tony Laptop\AppData\Local\Google
2012-09-02 21:35 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-02 21:35 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-02 21:35 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-02 21:35 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-02 21:35 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-02 21:35 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-02 21:35 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-02 21:34 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-02 21:34 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-02 21:34 . 2012-09-02 21:34 -------- d-----w- c:\programdata\AVAST Software
2012-09-02 21:34 . 2012-09-02 21:34 -------- d-----w- c:\program files\AVAST Software
2012-09-02 20:59 . 2012-09-02 20:59 328704 ----a-w- c:\windows\system32\services.exe.D0768AF415083D1A
2012-09-01 16:42 . 2012-09-01 16:42 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-01 16:42 . 2012-09-01 16:42 -------- d-----w- c:\program files (x86)\Java
2012-09-01 16:40 . 2012-09-01 16:40 -------- d-----w- c:\programdata\McAfee
2012-08-08 01:24 . 2012-08-08 01:24 328704 ----a-w- c:\windows\system32\services.exe.05D66ABA31DB0F91
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 02:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-03 02:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-03 01:57 . 2010-12-09 02:13 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-09-03 00:22 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-09-01 16:42 . 2011-02-11 00:07 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 02:15 . 2012-07-20 05:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 02:15 . 2011-08-30 02:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2010-05-10 03:17 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-11 22:37 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2988784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Tony Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-4 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-4 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 kfngybcu;kfngybcu;c:\windows\system32\drivers\kfngybcu.sys [x]
R1 rdtmikbl;rdtmikbl;c:\windows\system32\drivers\rdtmikbl.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys [2007-07-16 23064]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-04-30 81440]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 svcboot_cbonsg;svcboot_cbonsg;c:\windows\system32\svchost.exe [2009-07-14 27136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
svcboot_cbonsg REG_MULTI_SZ svcboot_cbonsg
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 02:15]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270041441-35695481-2350553882-1000Core.job
- c:\users\Tony Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 00:08]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3270041441-35695481-2350553882-1000UA.job
- c:\users\Tony Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 00:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"HP Color LaserJet CM2320 MFP Series Fax"="c:\program files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe" [2009-09-23 3700736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.10.10.1 194.10.10.4
FF - ProfilePath - c:\users\Tony Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\app7u974.default\
FF - prefs.js: keyword.URL - hxxp://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
SafeBoot-67377468.sys
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-09-06 16:56:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 20:56
.
Pre-Run: 13,095,026,688 bytes free
Post-Run: 13,888,102,400 bytes free
.
- - End Of File - - B0F1C4A0B2BF7328624F105FE6273E06

4) Haven't noticed any redirects, although I'm still getting a warning come up from Avast when using Google search on Firefox.

#6 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 04:16 PM

Oh, and I do not recognize the website below:

http://www.basicscan.com

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 04:26 PM

Greetings ai3x5star,

No, did not decide to remove utorrent

No problem, just please hold off on using it until we know your computer is clean.

Combofix took care of the web site you did not recognize.

What does the Avast warning say? If you want, you can take a screen shot and attach it to your reply.


===================================================


Taking a Screen Shot

-------------------

  • Please have your Desktop on your screen showing the Security Center icon
  • Along the top row of your keyboard keys push the prt sc (print screen) key
  • Select Start, Programs, Accessories, and Paint
  • Select Edit, then Paste
  • Select File, Save As, select Desktop on the left hand side, name the document Avast, the click Save
  • Attach Avast.bmp to your next reply

Edited by Oh My, 06 September 2012 - 04:26 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 04:40 PM

Hi Gary, see attached for screenshot of Avast warning

Edited by ai3x5star, 06 September 2012 - 08:26 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 04:56 PM

Greetings ai3x5star,

Next time that happens click More details so we can take a look at the additional information.

I think maybe I would like you to do this and see if anything changes.


===================================================


Disabling Add-ons in Mozilla Firefox

--------------------

  • Launch Firefox
  • Select Help, then Restart with add-ons disabled...
  • Click Restart
  • Please report how Firefox is running

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Any change after disabling add-ons?
  • Screen shot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 05:09 PM

Hi Gary, disabling add-ons did the trick...no more Avast warnings. Anyone to tell which add-ons are causing the problem?

Attached is the screenshot for the infection description when i click on the Avast warning.

Edited by ai3x5star, 06 September 2012 - 09:02 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 05:52 PM

Greetings ai3x5star,

While in Disable Add-on Mode click Tools, Add-ons, then select the Extensions tab. There may be one that seems obvious. If so enable that add-on and see if you get the warning. Aside from that simply enable the add-ons one at a time until you get the warning then delete that add-on.

If you want to send a screen shot again that would be fine too. I am interested to know which one is the culprit.

Let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 08:29 PM

Hi Gary,

The culprit seems to be the Mozilla Safe Browsing 2.0.14 add-on. I disabled all other add-ones except this one and that's when the Avast warnings pop up. Surely that must be some mistake no?

See attached

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 08:43 PM

If you notice the Avast warning indicates this is "2 of 2" meaning there is another warning. Check to see what the other one is and also click More details. We need to see the specific information about what Avast blocked.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 ai3x5star

ai3x5star
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 06 September 2012 - 08:48 PM

The 1st warning was the same...just from an earlier search. I did a couple searches to test. A warning always pops up every time I do a google search. Should I just disable this add-on?

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 06 September 2012 - 08:52 PM

Did you click the More Details button to get the added information? Do not disable it yet. I am not convinced there isn't something we need to take a look at.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users