Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to merchantcircle and other search sites


  • This topic is locked This topic is locked
17 replies to this topic

#1 rileyroo27

rileyroo27

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 12 November 2012 - 10:15 AM

I have run malwarebytes, tdsskiller and SuperAntiSpyware without being able to fix this problem. When I click on search results I am redirected about 20% of the time. Please help!



DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by Lauren at 10:00:41 on 2012-11-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6487 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [iemsr] "C:\Windows\System32\rundll32.exe" "C:\Users\Lauren\AppData\Roaming\iemsr.dll",_CheckStack
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F05CBA24-2E7F-44EE-BF71-6C8E77DDE511} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1kkpavpk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-11-12 09:38; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-2 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-2 827560]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [2011-7-5 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2011-7-5 210720]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-5 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2011-7-5 625152]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-1-5 25160]
S3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2011-3-18 410184]
S3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2011-3-18 335688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
FileExt: .js: JSFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
FileExt: .jse: JSEFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
=============== Created Last 30 ================
.
2012-11-12 14:38:09 -------- d-----w- C:\Users\Lauren\AppData\Roaming\CheckPoint
2012-11-12 14:37:57 -------- d-----w- C:\Program Files\CheckPoint
2012-11-12 14:33:20 -------- d-----w- C:\ProgramData\CheckPoint
2012-11-12 14:33:20 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-11-08 17:18:57 -------- d-----w- C:\Users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2012-11-08 17:18:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-11-08 17:18:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-11-07 17:41:43 -------- d-----w- C:\Windows\pss
2012-11-05 18:53:47 -------- d-----w- C:\Program Files (x86)\STPViewer
2012-11-05 18:53:33 -------- d-----w- C:\Users\Lauren\AppData\Local\Programs
2012-11-01 20:31:48 450136 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
2012-10-23 16:05:08 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-23 16:04:54 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
.
==================== Find3M ====================
.
2012-11-01 14:26:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-01 14:26:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 14:27:24 463360 ----a-w- C:\Users\Lauren\AppData\Roaming\iemsr.dll
.
============= FINISH: 10:00:51.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 12 November 2012 - 11:24 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 12 November 2012 - 02:16 PM

Thank you, Gringo!


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````




# AdwCleaner v2.007 - Logfile created 11/12/2012 at 14:00:15
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lauren - AMDPC
# Boot Mode : Normal
# Running from : C:\Users\Lauren\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-

DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1kkpavpk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1074 octets] - [12/11/2012 14:00:15]

########## EOF - C:\AdwCleaner[S2].txt - [1134 octets] ##########





RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lauren [Admin rights]
Mode : Remove -- Date : 11/12/2012 14:13:20

Bad processes : 1
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Lauren\AppData\Roaming\iemsr.dll -> KILLED [TermProc]

Registry Entries : 3
[RUN][SUSP PATH] HKCU\[...]\Run : iemsr ("C:\Windows\System32\rundll32.exe" "C:\Users\Lauren\AppData\Roaming\iemsr.dll",_CheckStack) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: M4-CT064M4SSD2 ATA Device +++++
--- User ---
[MBR] 74d55ccc52110ab9fdf8801eb197ac37
[BSP] 2347124ac290193244711673d1261721 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 9b071c8ff21349c89ae8a7608d311582
[BSP] 600478f2efea633caf0620970a0d3d1c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11122012_02d1413.txt >>
RKreport[1]_S_11122012_02d1412.txt ; RKreport[2]_D_11122012_02d1413.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 12 November 2012 - 02:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 12 November 2012 - 03:27 PM

Right now I cannot replicate the problem but as it is a random redirect, please give me some more time to test it. I had no problems running ComboFix but did have to restart when it was finished as I got the registry error message when trying to launch any programs.



ComboFix 12-11-12.03 - Lauren 11/12/2012 14:55:40.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6847 [GMT -5:00]
Running from: c:\users\Lauren\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lauren\AppData\Roaming\iemsr.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-12 to 2012-11-12 )))))))))))))))))))))))))))))))
.
.
2012-11-12 19:59 . 2012-11-12 19:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35DB594B-1F53-40CA-B282-2A0EA3E5405E}\offreg.dll
2012-11-12 19:57 . 2012-11-12 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-12 14:38 . 2012-11-12 14:38 -------- d-----w- c:\users\Lauren\AppData\Roaming\CheckPoint
2012-11-12 14:37 . 2012-11-12 14:37 -------- d-----w- c:\program files\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:37 -------- d-----w- c:\program files (x86)\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:33 -------- d-----w- c:\programdata\CheckPoint
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\program files (x86)\STPViewer
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\users\Lauren\AppData\Local\Programs
2012-11-01 20:31 . 2012-11-01 20:31 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-10-23 16:05 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-23 16:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-01 14:26 . 2012-08-06 20:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-01 14:26 . 2012-08-06 20:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-08 17:09 . 2011-03-28 22:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 21:04 . 2012-01-05 14:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 17:38 . 2012-10-23 16:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-10-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-08 73392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-01-05 25160]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2009-07-15 210720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-07-15 625152]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f34f5f7e-6e64-46ee-991a-4146763fd0f7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9628280-408b-41e0-8655-bce9b1ce0258.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1kkpavpk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-12 09:38; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: !HIDDEN! 1970-01-16 08:37; {4DCA2C2C-E6E5-11E1-8270-B8AC6F996F26}; c:\users\Lauren\AppData\Local\{4DCA2C2C-E6E5-11E1-8270-B8AC6F996F26}
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWow64\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-11-12 15:02:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-12 20:02
.
Pre-Run: 11,405,656,064 bytes free
Post-Run: 7,684,816,896 bytes free
.
- - End Of File - - BBF57C947BFE1B464912D5274D758E7B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 12 November 2012 - 04:05 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 12 November 2012 - 04:36 PM

16:15:28.0305 4240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:15:30.0306 4240 ============================================================
16:15:30.0306 4240 Current date / time: 2012/11/12 16:15:30.0306
16:15:30.0306 4240 SystemInfo:
16:15:30.0306 4240
16:15:30.0306 4240 OS Version: 6.1.7601 ServicePack: 1.0
16:15:30.0306 4240 Product type: Workstation
16:15:30.0306 4240 ComputerName: AMDPC
16:15:30.0306 4240 UserName: Lauren
16:15:30.0306 4240 Windows directory: C:\Windows
16:15:30.0306 4240 System windows directory: C:\Windows
16:15:30.0306 4240 Running under WOW64
16:15:30.0306 4240 Processor architecture: Intel x64
16:15:30.0306 4240 Number of processors: 6
16:15:30.0306 4240 Page size: 0x1000
16:15:30.0306 4240 Boot type: Normal boot
16:15:30.0306 4240 ============================================================
16:15:34.0153 4240 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:15:38.0871 4240 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:15:38.0875 4240 ============================================================
16:15:38.0875 4240 \Device\Harddisk0\DR0:
16:15:38.0876 4240 MBR partitions:
16:15:38.0876 4240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:15:38.0876 4240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
16:15:38.0876 4240 \Device\Harddisk1\DR1:
16:15:38.0877 4240 MBR partitions:
16:15:38.0877 4240 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:15:38.0877 4240 ============================================================
16:15:38.0887 4240 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:38.0898 4240 D: <-> \Device\Harddisk1\DR1\Partition1
16:15:38.0898 4240 ============================================================
16:15:38.0898 4240 Initialize success
16:15:38.0898 4240 ============================================================
16:15:45.0293 4280 ============================================================
16:15:45.0293 4280 Scan started
16:15:45.0293 4280 Mode: Manual;
16:15:45.0293 4280 ============================================================
16:15:45.0340 4280 ================ Scan system memory ========================
16:15:45.0340 4280 System memory - ok
16:15:45.0340 4280 ================ Scan services =============================
16:15:45.0344 4280 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:15:45.0345 4280 !SASCORE - ok
16:15:45.0376 4280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:15:45.0378 4280 1394ohci - ok
16:15:45.0384 4280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:15:45.0386 4280 ACPI - ok
16:15:45.0389 4280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:15:45.0390 4280 AcpiPmi - ok
16:15:45.0396 4280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:15:45.0400 4280 adp94xx - ok
16:15:45.0406 4280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:15:45.0409 4280 adpahci - ok
16:15:45.0413 4280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:15:45.0415 4280 adpu320 - ok
16:15:45.0420 4280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:15:45.0421 4280 AeLookupSvc - ok
16:15:45.0428 4280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:15:45.0433 4280 AFD - ok
16:15:45.0437 4280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:15:45.0438 4280 agp440 - ok
16:15:45.0441 4280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:15:45.0442 4280 ALG - ok
16:15:45.0445 4280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:15:45.0446 4280 aliide - ok
16:15:45.0450 4280 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:15:45.0451 4280 AMD External Events Utility - ok
16:15:45.0454 4280 AMD FUEL Service - ok
16:15:45.0458 4280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:15:45.0459 4280 amdide - ok
16:15:45.0462 4280 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:15:45.0462 4280 amdiox64 - ok
16:15:45.0465 4280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:15:45.0466 4280 AmdK8 - ok
16:15:45.0546 4280 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:15:45.0623 4280 amdkmdag - ok
16:15:45.0631 4280 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:15:45.0633 4280 amdkmdap - ok
16:15:45.0636 4280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:15:45.0637 4280 AmdPPM - ok
16:15:45.0641 4280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:15:45.0642 4280 amdsata - ok
16:15:45.0647 4280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:15:45.0648 4280 amdsbs - ok
16:15:45.0651 4280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:15:45.0652 4280 amdxata - ok
16:15:45.0655 4280 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:15:45.0655 4280 AODDriver4.01 - ok
16:15:45.0658 4280 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:15:45.0658 4280 AODDriver4.1 - ok
16:15:45.0662 4280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:15:45.0663 4280 AppID - ok
16:15:45.0666 4280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:15:45.0667 4280 AppIDSvc - ok
16:15:45.0669 4280 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:15:45.0670 4280 Appinfo - ok
16:15:45.0675 4280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:15:45.0676 4280 arc - ok
16:15:45.0679 4280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:15:45.0680 4280 arcsas - ok
16:15:45.0683 4280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:45.0683 4280 AsyncMac - ok
16:15:45.0686 4280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:15:45.0687 4280 atapi - ok
16:15:45.0691 4280 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:15:45.0692 4280 AtiHDAudioService - ok
16:15:45.0700 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:15:45.0702 4280 AudioEndpointBuilder - ok
16:15:45.0710 4280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:15:45.0712 4280 AudioSrv - ok
16:15:45.0716 4280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:15:45.0717 4280 AxInstSV - ok
16:15:45.0724 4280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:15:45.0728 4280 b06bdrv - ok
16:15:45.0733 4280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:15:45.0735 4280 b57nd60a - ok
16:15:45.0740 4280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:15:45.0742 4280 BDESVC - ok
16:15:45.0745 4280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:15:45.0745 4280 Beep - ok
16:15:45.0754 4280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:15:45.0757 4280 BFE - ok
16:15:45.0766 4280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:15:45.0774 4280 BITS - ok
16:15:45.0777 4280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:45.0778 4280 blbdrive - ok
16:15:45.0782 4280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:15:45.0783 4280 bowser - ok
16:15:45.0786 4280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:15:45.0787 4280 BrFiltLo - ok
16:15:45.0789 4280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:15:45.0790 4280 BrFiltUp - ok
16:15:45.0794 4280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:15:45.0795 4280 BridgeMP - ok
16:15:45.0800 4280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:15:45.0800 4280 Browser - ok
16:15:45.0805 4280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:15:45.0807 4280 Brserid - ok
16:15:45.0811 4280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:45.0812 4280 BrSerWdm - ok
16:15:45.0815 4280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:45.0815 4280 BrUsbMdm - ok
16:15:45.0818 4280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:45.0819 4280 BrUsbSer - ok
16:15:45.0822 4280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:15:45.0823 4280 BTHMODEM - ok
16:15:45.0828 4280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:15:45.0829 4280 bthserv - ok
16:15:45.0831 4280 catchme - ok
16:15:45.0835 4280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:15:45.0836 4280 cdfs - ok
16:15:45.0840 4280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:15:45.0842 4280 cdrom - ok
16:15:45.0845 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:15:45.0846 4280 CertPropSvc - ok
16:15:45.0849 4280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:15:45.0850 4280 circlass - ok
16:15:45.0855 4280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:15:45.0858 4280 CLFS - ok
16:15:45.0865 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:45.0868 4280 clr_optimization_v2.0.50727_32 - ok
16:15:45.0873 4280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:15:45.0875 4280 clr_optimization_v2.0.50727_64 - ok
16:15:45.0882 4280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:45.0887 4280 clr_optimization_v4.0.30319_32 - ok
16:15:45.0893 4280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:15:45.0895 4280 clr_optimization_v4.0.30319_64 - ok
16:15:45.0898 4280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:15:45.0899 4280 CmBatt - ok
16:15:45.0902 4280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:15:45.0902 4280 cmdide - ok
16:15:45.0910 4280 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:15:45.0915 4280 CNG - ok
16:15:45.0918 4280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:15:45.0919 4280 Compbatt - ok
16:15:45.0921 4280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:15:45.0922 4280 CompositeBus - ok
16:15:45.0925 4280 COMSysApp - ok
16:15:45.0929 4280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:15:45.0929 4280 crcdisk - ok
16:15:45.0935 4280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:15:45.0936 4280 CryptSvc - ok
16:15:45.0944 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:15:45.0947 4280 DcomLaunch - ok
16:15:45.0952 4280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:15:45.0954 4280 defragsvc - ok
16:15:45.0958 4280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:15:45.0959 4280 DfsC - ok
16:15:45.0964 4280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:15:45.0966 4280 Dhcp - ok
16:15:45.0969 4280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:15:45.0970 4280 discache - ok
16:15:45.0973 4280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:15:45.0973 4280 Disk - ok
16:15:45.0978 4280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:15:45.0979 4280 Dnscache - ok
16:15:45.0984 4280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:15:45.0986 4280 dot3svc - ok
16:15:45.0990 4280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:15:45.0991 4280 DPS - ok
16:15:45.0995 4280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:15:45.0995 4280 drmkaud - ok
16:15:46.0006 4280 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:15:46.0009 4280 DXGKrnl - ok
16:15:46.0013 4280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:15:46.0014 4280 EapHost - ok
16:15:46.0042 4280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:15:46.0067 4280 ebdrv - ok
16:15:46.0071 4280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:15:46.0072 4280 EFS - ok
16:15:46.0080 4280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:15:46.0086 4280 ehRecvr - ok
16:15:46.0089 4280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:15:46.0090 4280 ehSched - ok
16:15:46.0097 4280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:15:46.0102 4280 elxstor - ok
16:15:46.0104 4280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:15:46.0105 4280 ErrDev - ok
16:15:46.0114 4280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:15:46.0116 4280 EventSystem - ok
16:15:46.0120 4280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:15:46.0122 4280 exfat - ok
16:15:46.0127 4280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:15:46.0128 4280 fastfat - ok
16:15:46.0137 4280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:15:46.0142 4280 Fax - ok
16:15:46.0146 4280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:15:46.0147 4280 fdc - ok
16:15:46.0150 4280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:15:46.0151 4280 fdPHost - ok
16:15:46.0154 4280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:15:46.0154 4280 FDResPub - ok
16:15:46.0157 4280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:15:46.0158 4280 FileInfo - ok
16:15:46.0161 4280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:15:46.0162 4280 Filetrace - ok
16:15:46.0165 4280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:15:46.0165 4280 flpydisk - ok
16:15:46.0170 4280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:15:46.0172 4280 FltMgr - ok
16:15:46.0187 4280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:15:46.0192 4280 FontCache - ok
16:15:46.0195 4280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:15:46.0196 4280 FontCache3.0.0.0 - ok
16:15:46.0199 4280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:15:46.0200 4280 FsDepends - ok
16:15:46.0203 4280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:15:46.0203 4280 Fs_Rec - ok
16:15:46.0208 4280 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:15:46.0210 4280 fvevol - ok
16:15:46.0213 4280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:15:46.0214 4280 gagp30kx - ok
16:15:46.0223 4280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:15:46.0226 4280 gpsvc - ok
16:15:46.0231 4280 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:15:46.0232 4280 gupdate - ok
16:15:46.0235 4280 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:15:46.0236 4280 gupdatem - ok
16:15:46.0239 4280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:15:46.0240 4280 hcw85cir - ok
16:15:46.0247 4280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:15:46.0251 4280 HdAudAddService - ok
16:15:46.0255 4280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:46.0256 4280 HDAudBus - ok
16:15:46.0259 4280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:15:46.0260 4280 HidBatt - ok
16:15:46.0263 4280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:15:46.0264 4280 HidBth - ok
16:15:46.0268 4280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:15:46.0268 4280 HidIr - ok
16:15:46.0271 4280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:15:46.0272 4280 hidserv - ok
16:15:46.0275 4280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:15:46.0275 4280 HidUsb - ok
16:15:46.0279 4280 [ C6FF685E2EA55C3AC5C90B9E7D6930C0 ] hitmanpro35 C:\Windows\system32\drivers\hitmanpro36.sys
16:15:46.0280 4280 hitmanpro35 - ok
16:15:46.0283 4280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:15:46.0284 4280 hkmsvc - ok
16:15:46.0289 4280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:15:46.0290 4280 HomeGroupListener - ok
16:15:46.0296 4280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:15:46.0297 4280 HomeGroupProvider - ok
16:15:46.0300 4280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:15:46.0301 4280 HpSAMD - ok
16:15:46.0309 4280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:15:46.0315 4280 HTTP - ok
16:15:46.0318 4280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:15:46.0319 4280 hwpolicy - ok
16:15:46.0322 4280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:15:46.0323 4280 i8042prt - ok
16:15:46.0330 4280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:15:46.0335 4280 iaStorV - ok
16:15:46.0344 4280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:15:46.0351 4280 idsvc - ok
16:15:46.0355 4280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:15:46.0356 4280 iirsp - ok
16:15:46.0365 4280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:15:46.0369 4280 IKEEXT - ok
16:15:46.0374 4280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:15:46.0374 4280 intelide - ok
16:15:46.0378 4280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:15:46.0379 4280 intelppm - ok
16:15:46.0382 4280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:15:46.0384 4280 IPBusEnum - ok
16:15:46.0387 4280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:46.0388 4280 IpFilterDriver - ok
16:15:46.0395 4280 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:15:46.0398 4280 iphlpsvc - ok
16:15:46.0401 4280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:15:46.0402 4280 IPMIDRV - ok
16:15:46.0405 4280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:15:46.0406 4280 IPNAT - ok
16:15:46.0410 4280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:15:46.0410 4280 IRENUM - ok
16:15:46.0413 4280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:15:46.0414 4280 isapnp - ok
16:15:46.0419 4280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:15:46.0421 4280 iScsiPrt - ok
16:15:46.0424 4280 [ AD1A85CA5535CC0EE40E0BADFB8DFB27 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:15:46.0425 4280 ISWKL - ok
16:15:46.0434 4280 [ 9DFAE38F2E13C003EEB62AEAEAE61259 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:15:46.0437 4280 IswSvc - ok
16:15:46.0440 4280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:46.0440 4280 kbdclass - ok
16:15:46.0443 4280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:46.0444 4280 kbdhid - ok
16:15:46.0447 4280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:15:46.0448 4280 KeyIso - ok
16:15:46.0451 4280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:15:46.0453 4280 KSecDD - ok
16:15:46.0457 4280 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:15:46.0458 4280 KSecPkg - ok
16:15:46.0461 4280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:15:46.0462 4280 ksthunk - ok
16:15:46.0467 4280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:15:46.0471 4280 KtmRm - ok
16:15:46.0479 4280 [ 86F06574763A0E7CDCD57DD85632E44F ] LADF_BakerCOnly C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys
16:15:46.0483 4280 LADF_BakerCOnly - ok
16:15:46.0490 4280 [ 89B4981F949A14148365DE8D98A310B5 ] LADF_BakerROnly C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys
16:15:46.0494 4280 LADF_BakerROnly - ok
16:15:46.0499 4280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:15:46.0500 4280 LanmanServer - ok
16:15:46.0504 4280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:15:46.0506 4280 LanmanWorkstation - ok
16:15:46.0510 4280 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
16:15:46.0511 4280 LGBusEnum - ok
16:15:46.0513 4280 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
16:15:46.0514 4280 LGVirHid - ok
16:15:46.0517 4280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:15:46.0518 4280 lltdio - ok
16:15:46.0522 4280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:15:46.0526 4280 lltdsvc - ok
16:15:46.0529 4280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:15:46.0530 4280 lmhosts - ok
16:15:46.0534 4280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:15:46.0535 4280 LSI_FC - ok
16:15:46.0539 4280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:15:46.0540 4280 LSI_SAS - ok
16:15:46.0544 4280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:15:46.0545 4280 LSI_SAS2 - ok
16:15:46.0549 4280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:15:46.0550 4280 LSI_SCSI - ok
16:15:46.0553 4280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:15:46.0554 4280 luafv - ok
16:15:46.0558 4280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:15:46.0559 4280 Mcx2Svc - ok
16:15:46.0563 4280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:15:46.0564 4280 megasas - ok
16:15:46.0568 4280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:15:46.0571 4280 MegaSR - ok
16:15:46.0574 4280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:15:46.0575 4280 MMCSS - ok
16:15:46.0578 4280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:15:46.0579 4280 Modem - ok
16:15:46.0582 4280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:15:46.0582 4280 monitor - ok
16:15:46.0586 4280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:15:46.0586 4280 mouclass - ok
16:15:46.0589 4280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:15:46.0590 4280 mouhid - ok
16:15:46.0593 4280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:15:46.0594 4280 mountmgr - ok
16:15:46.0598 4280 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:15:46.0600 4280 MozillaMaintenance - ok
16:15:46.0604 4280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:15:46.0605 4280 mpio - ok
16:15:46.0609 4280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:15:46.0610 4280 mpsdrv - ok
16:15:46.0619 4280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:15:46.0622 4280 MpsSvc - ok
16:15:46.0627 4280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:15:46.0628 4280 MRxDAV - ok
16:15:46.0633 4280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:46.0635 4280 mrxsmb - ok
16:15:46.0641 4280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:46.0645 4280 mrxsmb10 - ok
16:15:46.0649 4280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:46.0651 4280 mrxsmb20 - ok
16:15:46.0654 4280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:15:46.0655 4280 msahci - ok
16:15:46.0659 4280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:15:46.0660 4280 msdsm - ok
16:15:46.0664 4280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:15:46.0666 4280 MSDTC - ok
16:15:46.0672 4280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:15:46.0673 4280 Msfs - ok
16:15:46.0675 4280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:15:46.0676 4280 mshidkmdf - ok
16:15:46.0679 4280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:15:46.0679 4280 msisadrv - ok
16:15:46.0683 4280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:15:46.0685 4280 MSiSCSI - ok
16:15:46.0688 4280 msiserver - ok
16:15:46.0691 4280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:15:46.0692 4280 MSKSSRV - ok
16:15:46.0695 4280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:46.0696 4280 MSPCLOCK - ok
16:15:46.0699 4280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:15:46.0699 4280 MSPQM - ok
16:15:46.0704 4280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:15:46.0707 4280 MsRPC - ok
16:15:46.0712 4280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:46.0712 4280 mssmbios - ok
16:15:46.0715 4280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:15:46.0716 4280 MSTEE - ok
16:15:46.0719 4280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:15:46.0719 4280 MTConfig - ok
16:15:46.0722 4280 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:15:46.0722 4280 MTsensor - ok
16:15:46.0725 4280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:15:46.0726 4280 Mup - ok
16:15:46.0732 4280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:15:46.0737 4280 napagent - ok
16:15:46.0742 4280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:15:46.0745 4280 NativeWifiP - ok
16:15:46.0757 4280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:15:46.0766 4280 NDIS - ok
16:15:46.0770 4280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:46.0770 4280 NdisCap - ok
16:15:46.0773 4280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:46.0774 4280 NdisTapi - ok
16:15:46.0777 4280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:46.0778 4280 Ndisuio - ok
16:15:46.0782 4280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:46.0783 4280 NdisWan - ok
16:15:46.0787 4280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:15:46.0787 4280 NDProxy - ok
16:15:46.0790 4280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:15:46.0791 4280 NetBIOS - ok
16:15:46.0797 4280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:15:46.0799 4280 NetBT - ok
16:15:46.0802 4280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:15:46.0803 4280 Netlogon - ok
16:15:46.0808 4280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:15:46.0810 4280 Netman - ok
16:15:46.0817 4280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:15:46.0819 4280 netprofm - ok
16:15:46.0829 4280 [ 6560E0240BDA43DFE3BDD5FDF7C6670D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
16:15:46.0836 4280 netr28x - ok
16:15:46.0840 4280 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:46.0841 4280 NetTcpPortSharing - ok
16:15:46.0845 4280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:15:46.0846 4280 nfrd960 - ok
16:15:46.0851 4280 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:15:46.0853 4280 NlaSvc - ok
16:15:46.0856 4280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:15:46.0857 4280 Npfs - ok
16:15:46.0860 4280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:15:46.0861 4280 nsi - ok
16:15:46.0864 4280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:15:46.0865 4280 nsiproxy - ok
16:15:46.0884 4280 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:15:46.0900 4280 Ntfs - ok
16:15:46.0903 4280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:15:46.0904 4280 Null - ok
16:15:46.0909 4280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:15:46.0912 4280 nvraid - ok
16:15:46.0917 4280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:15:46.0919 4280 nvstor - ok
16:15:46.0923 4280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:15:46.0924 4280 nv_agp - ok
16:15:46.0928 4280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:15:46.0929 4280 ohci1394 - ok
16:15:46.0934 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:15:46.0936 4280 p2pimsvc - ok
16:15:46.0942 4280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:15:46.0945 4280 p2psvc - ok
16:15:46.0948 4280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:15:46.0950 4280 Parport - ok
16:15:46.0952 4280 Partizan - ok
16:15:46.0956 4280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:15:46.0957 4280 partmgr - ok
16:15:46.0962 4280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:15:46.0963 4280 PcaSvc - ok
16:15:46.0967 4280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:15:46.0969 4280 pci - ok
16:15:46.0972 4280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:15:46.0972 4280 pciide - ok
16:15:46.0977 4280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:15:46.0979 4280 pcmcia - ok
16:15:46.0982 4280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:15:46.0982 4280 pcw - ok
16:15:46.0989 4280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:15:46.0994 4280 PEAUTH - ok
16:15:47.0011 4280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:15:47.0012 4280 PerfHost - ok
16:15:47.0030 4280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:15:47.0042 4280 pla - ok
16:15:47.0050 4280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:15:47.0052 4280 PlugPlay - ok
16:15:47.0055 4280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:15:47.0057 4280 PNRPAutoReg - ok
16:15:47.0062 4280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:15:47.0064 4280 PNRPsvc - ok
16:15:47.0070 4280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:15:47.0073 4280 PolicyAgent - ok
16:15:47.0079 4280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:15:47.0081 4280 Power - ok
16:15:47.0084 4280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:15:47.0085 4280 PptpMiniport - ok
16:15:47.0089 4280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:15:47.0090 4280 Processor - ok
16:15:47.0094 4280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:15:47.0096 4280 ProfSvc - ok
16:15:47.0099 4280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:15:47.0099 4280 ProtectedStorage - ok
16:15:47.0103 4280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:15:47.0104 4280 Psched - ok
16:15:47.0118 4280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:15:47.0130 4280 ql2300 - ok
16:15:47.0135 4280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:15:47.0136 4280 ql40xx - ok
16:15:47.0140 4280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:15:47.0143 4280 QWAVE - ok
16:15:47.0147 4280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:15:47.0148 4280 QWAVEdrv - ok
16:15:47.0151 4280 [ 81BEBBFFE45855B7FAF204C517FBEEF1 ] RalinkRegistryWriter C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
16:15:47.0152 4280 RalinkRegistryWriter - ok
16:15:47.0155 4280 [ 0878786C69B92E2A239B94F96F2AA963 ] RalinkRegistryWriter64 C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
16:15:47.0156 4280 RalinkRegistryWriter64 - ok
16:15:47.0159 4280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:15:47.0160 4280 RasAcd - ok
16:15:47.0163 4280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:47.0164 4280 RasAgileVpn - ok
16:15:47.0167 4280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:15:47.0169 4280 RasAuto - ok
16:15:47.0173 4280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:47.0174 4280 Rasl2tp - ok
16:15:47.0179 4280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:15:47.0181 4280 RasMan - ok
16:15:47.0185 4280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:47.0186 4280 RasPppoe - ok
16:15:47.0189 4280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:15:47.0189 4280 RasSstp - ok
16:15:47.0195 4280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:15:47.0197 4280 rdbss - ok
16:15:47.0200 4280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:15:47.0201 4280 rdpbus - ok
16:15:47.0203 4280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:47.0204 4280 RDPCDD - ok
16:15:47.0208 4280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:15:47.0209 4280 RDPENCDD - ok
16:15:47.0213 4280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:15:47.0214 4280 RDPREFMP - ok
16:15:47.0219 4280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:15:47.0224 4280 RDPWD - ok
16:15:47.0228 4280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:15:47.0230 4280 rdyboost - ok
16:15:47.0233 4280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:15:47.0235 4280 RemoteAccess - ok
16:15:47.0239 4280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:15:47.0241 4280 RemoteRegistry - ok
16:15:47.0245 4280 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:15:47.0245 4280 RimUsb - ok
16:15:47.0249 4280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:15:47.0250 4280 RpcEptMapper - ok
16:15:47.0253 4280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:15:47.0254 4280 RpcLocator - ok
16:15:47.0260 4280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:15:47.0263 4280 RpcSs - ok
16:15:47.0266 4280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:15:47.0267 4280 rspndr - ok
16:15:47.0270 4280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:15:47.0271 4280 SamSs - ok
16:15:47.0273 4280 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:15:47.0273 4280 SASDIFSV - ok
16:15:47.0276 4280 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:15:47.0276 4280 SASKUTIL - ok
16:15:47.0281 4280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:15:47.0282 4280 sbp2port - ok
16:15:47.0286 4280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:15:47.0289 4280 SCardSvr - ok
16:15:47.0292 4280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:15:47.0293 4280 scfilter - ok
16:15:47.0304 4280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:15:47.0309 4280 Schedule - ok
16:15:47.0313 4280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:15:47.0314 4280 SCPolicySvc - ok
16:15:47.0318 4280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:15:47.0321 4280 SDRSVC - ok
16:15:47.0324 4280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:15:47.0324 4280 secdrv - ok
16:15:47.0328 4280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:15:47.0329 4280 seclogon - ok
16:15:47.0332 4280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:15:47.0333 4280 SENS - ok
16:15:47.0336 4280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:15:47.0337 4280 SensrSvc - ok
16:15:47.0340 4280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:15:47.0341 4280 Serenum - ok
16:15:47.0344 4280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:15:47.0345 4280 Serial - ok
16:15:47.0348 4280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:15:47.0349 4280 sermouse - ok
16:15:47.0357 4280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:15:47.0359 4280 SessionEnv - ok
16:15:47.0362 4280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:15:47.0363 4280 sffdisk - ok
16:15:47.0365 4280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:15:47.0366 4280 sffp_mmc - ok
16:15:47.0369 4280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:15:47.0370 4280 sffp_sd - ok
16:15:47.0372 4280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:15:47.0373 4280 sfloppy - ok
16:15:47.0378 4280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:15:47.0382 4280 SharedAccess - ok
16:15:47.0388 4280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:15:47.0391 4280 ShellHWDetection - ok
16:15:47.0394 4280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:15:47.0395 4280 SiSRaid2 - ok
16:15:47.0398 4280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:15:47.0399 4280 SiSRaid4 - ok
16:15:47.0403 4280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:15:47.0404 4280 Smb - ok
16:15:47.0410 4280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:15:47.0412 4280 SNMPTRAP - ok
16:15:47.0414 4280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:15:47.0415 4280 spldr - ok
16:15:47.0423 4280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:15:47.0426 4280 Spooler - ok
16:15:47.0456 4280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:15:47.0470 4280 sppsvc - ok
16:15:47.0474 4280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:15:47.0476 4280 sppuinotify - ok
16:15:47.0483 4280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:15:47.0485 4280 srv - ok
16:15:47.0493 4280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:15:47.0497 4280 srv2 - ok
16:15:47.0502 4280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:15:47.0505 4280 srvnet - ok
16:15:47.0509 4280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:15:47.0510 4280 SSDPSRV - ok
16:15:47.0514 4280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:15:47.0515 4280 SstpSvc - ok
16:15:47.0518 4280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:15:47.0519 4280 stexstor - ok
16:15:47.0522 4280 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:15:47.0522 4280 StillCam - ok
16:15:47.0529 4280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:15:47.0533 4280 stisvc - ok
16:15:47.0536 4280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:15:47.0536 4280 swenum - ok
16:15:47.0542 4280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:15:47.0548 4280 swprv - ok
16:15:47.0564 4280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:15:47.0578 4280 SysMain - ok
16:15:47.0582 4280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:15:47.0584 4280 TabletInputService - ok
16:15:47.0589 4280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:15:47.0592 4280 TapiSrv - ok
16:15:47.0595 4280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:15:47.0597 4280 TBS - ok
16:15:47.0618 4280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:15:47.0637 4280 Tcpip - ok
16:15:47.0659 4280 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:15:47.0666 4280 TCPIP6 - ok
16:15:47.0672 4280 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:15:47.0673 4280 tcpipreg - ok
16:15:47.0677 4280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:15:47.0678 4280 TDPIPE - ok
16:15:47.0681 4280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:15:47.0682 4280 TDTCP - ok
16:15:47.0685 4280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:15:47.0686 4280 tdx - ok
16:15:47.0690 4280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:15:47.0690 4280 TermDD - ok
16:15:47.0698 4280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:15:47.0704 4280 TermService - ok
16:15:47.0707 4280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:15:47.0709 4280 Themes - ok
16:15:47.0712 4280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:15:47.0713 4280 THREADORDER - ok
16:15:47.0717 4280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:15:47.0718 4280 TrkWks - ok
16:15:47.0722 4280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:15:47.0724 4280 TrustedInstaller - ok
16:15:47.0728 4280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:47.0729 4280 tssecsrv - ok
16:15:47.0732 4280 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:15:47.0733 4280 TsUsbFlt - ok
16:15:47.0736 4280 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:15:47.0737 4280 TsUsbGD - ok
16:15:47.0740 4280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:15:47.0741 4280 tunnel - ok
16:15:47.0745 4280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:15:47.0746 4280 uagp35 - ok
16:15:47.0751 4280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:15:47.0754 4280 udfs - ok
16:15:47.0760 4280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:15:47.0762 4280 UI0Detect - ok
16:15:47.0765 4280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:15:47.0766 4280 uliagpkx - ok
16:15:47.0769 4280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:15:47.0770 4280 umbus - ok
16:15:47.0773 4280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:15:47.0773 4280 UmPass - ok
16:15:47.0779 4280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:15:47.0781 4280 upnphost - ok
16:15:47.0785 4280 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:15:47.0787 4280 usbaudio - ok
16:15:47.0791 4280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:47.0792 4280 usbccgp - ok
16:15:47.0797 4280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:15:47.0798 4280 usbcir - ok
16:15:47.0801 4280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:15:47.0802 4280 usbehci - ok
16:15:47.0808 4280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:15:47.0812 4280 usbhub - ok
16:15:47.0816 4280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:15:47.0817 4280 usbohci - ok
16:15:47.0819 4280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:15:47.0820 4280 usbprint - ok
16:15:47.0824 4280 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:47.0825 4280 USBSTOR - ok
16:15:47.0828 4280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:15:47.0829 4280 usbuhci - ok
16:15:47.0832 4280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:15:47.0834 4280 UxSms - ok
16:15:47.0836 4280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:15:47.0837 4280 VaultSvc - ok
16:15:47.0840 4280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:15:47.0840 4280 vdrvroot - ok
16:15:47.0848 4280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:15:47.0854 4280 vds - ok
16:15:47.0857 4280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:47.0858 4280 vga - ok
16:15:47.0861 4280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:15:47.0861 4280 VgaSave - ok
16:15:47.0866 4280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:15:47.0868 4280 vhdmp - ok
16:15:47.0871 4280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:15:47.0871 4280 viaide - ok
16:15:47.0874 4280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:15:47.0875 4280 volmgr - ok
16:15:47.0881 4280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:15:47.0884 4280 volmgrx - ok
16:15:47.0888 4280 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:15:47.0891 4280 volsnap - ok
16:15:47.0898 4280 [ DBB357B5C3D97039CDD010E01D165870 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
16:15:47.0900 4280 Vsdatant - ok
16:15:47.0904 4280 vsmon - ok
16:15:47.0908 4280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:15:47.0910 4280 vsmraid - ok
16:15:47.0927 4280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:15:47.0943 4280 VSS - ok
16:15:47.0947 4280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:47.0948 4280 vwifibus - ok
16:15:47.0951 4280 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:47.0951 4280 vwififlt - ok
16:15:47.0958 4280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:15:47.0963 4280 W32Time - ok
16:15:47.0968 4280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:15:47.0968 4280 WacomPen - ok
16:15:47.0971 4280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:15:47.0972 4280 WANARP - ok
16:15:47.0975 4280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:15:47.0975 4280 Wanarpv6 - ok
16:15:47.0991 4280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:15:48.0005 4280 WatAdminSvc - ok
16:15:48.0023 4280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:15:48.0038 4280 wbengine - ok
16:15:48.0043 4280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:15:48.0046 4280 WbioSrvc - ok
16:15:48.0052 4280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:15:48.0056 4280 wcncsvc - ok
16:15:48.0060 4280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:15:48.0062 4280 WcsPlugInService - ok
16:15:48.0065 4280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:15:48.0065 4280 Wd - ok
16:15:48.0068 4280 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:15:48.0069 4280 WDC_SAM - ok
16:15:48.0076 4280 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:15:48.0081 4280 Wdf01000 - ok
16:15:48.0085 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:15:48.0087 4280 WdiServiceHost - ok
16:15:48.0089 4280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:15:48.0090 4280 WdiSystemHost - ok
16:15:48.0095 4280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:15:48.0098 4280 WebClient - ok
16:15:48.0103 4280 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:15:48.0106 4280 Wecsvc - ok
16:15:48.0109 4280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:15:48.0111 4280 wercplsupport - ok
16:15:48.0114 4280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:15:48.0116 4280 WerSvc - ok
16:15:48.0118 4280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:48.0119 4280 WfpLwf - ok
16:15:48.0122 4280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:15:48.0123 4280 WIMMount - ok
16:15:48.0125 4280 WinDefend - ok
16:15:48.0129 4280 WinHttpAutoProxySvc - ok
16:15:48.0138 4280 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:15:48.0139 4280 Winmgmt - ok
16:15:48.0156 4280 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:15:48.0173 4280 WinRM - ok
16:15:48.0179 4280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:15:48.0181 4280 WinUsb - ok
16:15:48.0190 4280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:15:48.0195 4280 Wlansvc - ok
16:15:48.0221 4280 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:15:48.0230 4280 wlidsvc - ok
16:15:48.0234 4280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:15:48.0234 4280 WmiAcpi - ok
16:15:48.0240 4280 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:15:48.0242 4280 wmiApSrv - ok
16:15:48.0244 4280 WMPNetworkSvc - ok
16:15:48.0248 4280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:15:48.0250 4280 WPCSvc - ok
16:15:48.0253 4280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:15:48.0255 4280 WPDBusEnum - ok
16:15:48.0258 4280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:15:48.0258 4280 ws2ifsl - ok
16:15:48.0262 4280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:15:48.0264 4280 wscsvc - ok
16:15:48.0266 4280 WSearch - ok
16:15:48.0297 4280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:15:48.0324 4280 wuauserv - ok
16:15:48.0328 4280 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:15:48.0329 4280 WudfPf - ok
16:15:48.0333 4280 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:15:48.0335 4280 WUDFRd - ok
16:15:48.0338 4280 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:15:48.0340 4280 wudfsvc - ok
16:15:48.0344 4280 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:15:48.0347 4280 WwanSvc - ok
16:15:48.0351 4280 ================ Scan global ===============================
16:15:48.0353 4280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:15:48.0357 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:15:48.0362 4280 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:15:48.0365 4280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:15:48.0370 4280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:15:48.0372 4280 [Global] - ok
16:15:48.0372 4280 ================ Scan MBR ==================================
16:15:48.0374 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:15:48.0424 4280 \Device\Harddisk0\DR0 - ok
16:15:48.0426 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:15:48.0429 4280 \Device\Harddisk1\DR1 - ok
16:15:48.0429 4280 ================ Scan VBR ==================================
16:15:48.0431 4280 [ 78EB614FB2D6FD69F9C1B545EF08AC1C ] \Device\Harddisk0\DR0\Partition1
16:15:48.0432 4280 \Device\Harddisk0\DR0\Partition1 - ok
16:15:48.0434 4280 [ 434ACD1DD7FD445D1BC36FE7604989E8 ] \Device\Harddisk0\DR0\Partition2
16:15:48.0435 4280 \Device\Harddisk0\DR0\Partition2 - ok
16:15:48.0437 4280 [ B6909B0C6A9683B2DC894A98A84D721A ] \Device\Harddisk1\DR1\Partition1
16:15:48.0438 4280 \Device\Harddisk1\DR1\Partition1 - ok
16:15:48.0438 4280 ============================================================
16:15:48.0438 4280 Scan finished
16:15:48.0438 4280 ============================================================
16:15:48.0445 3512 Detected object count: 0
16:15:48.0445 3512 Actual detected object count: 0









aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 16:17:12
-----------------------------
16:17:12.955 OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:12.955 Number of processors: 6 586 0xA00
16:17:12.955 ComputerName: AMDPC UserName:
16:17:13.045 Initialize success
16:24:28.798 AVAST engine defs: 12111201
16:31:09.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
16:31:09.499 Disk 0 Vendor: M4-CT064M4SSD2 0002 Size: 61057MB BusType: 3
16:31:09.500 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
16:31:09.502 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
16:31:09.504 Disk 0 MBR read successfully
16:31:09.505 Disk 0 MBR scan
16:31:09.508 Disk 0 Windows 7 default MBR code
16:31:09.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:31:09.513 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
16:31:09.518 Disk 0 scanning C:\Windows\system32\drivers
16:31:11.692 Service scanning
16:31:17.632 Modules scanning
16:31:17.636 Disk 0 trace - called modules:
16:31:17.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:31:17.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073d9060]
16:31:17.646 3 CLASSPNP.SYS[fffff880011a443f] -> nt!IofCallDriver -> [0xfffffa8006dce520]
16:31:17.649 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006dca680]
16:31:17.746 AVAST engine scan C:\Windows
16:31:18.231 AVAST engine scan C:\Windows\system32
16:32:19.422 AVAST engine scan C:\Windows\system32\drivers
16:32:22.311 AVAST engine scan C:\Users\Lauren
16:32:41.357 AVAST engine scan C:\ProgramData
16:32:43.630 Scan finished successfully
16:35:14.596 Disk 0 MBR has been saved successfully to "C:\Users\Lauren\Desktop\MBR.dat"
16:35:14.596 The log file has been saved successfully to "C:\Users\Lauren\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 12 November 2012 - 04:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 13 November 2012 - 09:26 AM

I am still getting redirected. Most recently to bts.scour.com






ComboFix 12-11-12.03 - Lauren 11/13/2012 9:14.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6566 [GMT -5:00]
Running from: c:\users\Lauren\Downloads\ComboFix.exe
Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-13 to 2012-11-13 )))))))))))))))))))))))))))))))
.
.
2012-11-13 14:17 . 2012-11-13 14:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 08:36 . 2012-11-13 08:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93FCCDF4-85C8-422F-9C34-4D7332BC58D6}\offreg.dll
2012-11-13 07:52 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93FCCDF4-85C8-422F-9C34-4D7332BC58D6}\mpengine.dll
2012-11-12 14:38 . 2012-11-12 14:38 -------- d-----w- c:\users\Lauren\AppData\Roaming\CheckPoint
2012-11-12 14:37 . 2012-11-12 14:37 -------- d-----w- c:\program files\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:37 -------- d-----w- c:\program files (x86)\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:33 -------- d-----w- c:\programdata\CheckPoint
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\program files (x86)\STPViewer
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\users\Lauren\AppData\Local\Programs
2012-11-01 20:31 . 2012-11-01 20:31 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-10-23 16:05 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-23 16:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-01 14:26 . 2012-08-06 20:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-01 14:26 . 2012-08-06 20:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-08 17:09 . 2011-03-28 22:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 21:04 . 2012-01-05 14:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 17:38 . 2012-10-23 16:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-10-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-08 73392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-01-05 25160]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2009-07-15 210720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-07-15 625152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f34f5f7e-6e64-46ee-991a-4146763fd0f7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9628280-408b-41e0-8655-bce9b1ce0258.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"ISW"="" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1kkpavpk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-12 09:38; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: !HIDDEN! 1970-01-16 08:37; {4DCA2C2C-E6E5-11E1-8270-B8AC6F996F26}; c:\users\Lauren\AppData\Local\{4DCA2C2C-E6E5-11E1-8270-B8AC6F996F26}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-13 09:19:05
ComboFix-quarantined-files.txt 2012-11-13 14:19
ComboFix2.txt 2012-11-12 20:02
.
Pre-Run: 7,099,834,368 bytes free
Post-Run: 7,187,140,608 bytes free
.
- - End Of File - - 014FC5EEFF5E8B4A281C6CB0C444002F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 13 November 2012 - 01:01 PM

Greetings rileyroo27

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 14 November 2012 - 05:47 AM

I have to test it a bit more to see if it is still redirecting.


05:01:35.0863 4508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:01:36.0160 4508 ============================================================
05:01:36.0160 4508 Current date / time: 2012/11/14 05:01:36.0160
05:01:36.0160 4508 SystemInfo:
05:01:36.0160 4508
05:01:36.0160 4508 OS Version: 6.1.7601 ServicePack: 1.0
05:01:36.0160 4508 Product type: Workstation
05:01:36.0160 4508 ComputerName: AMDPC
05:01:36.0160 4508 UserName: Lauren
05:01:36.0160 4508 Windows directory: C:\Windows
05:01:36.0160 4508 System windows directory: C:\Windows
05:01:36.0160 4508 Running under WOW64
05:01:36.0160 4508 Processor architecture: Intel x64
05:01:36.0160 4508 Number of processors: 6
05:01:36.0160 4508 Page size: 0x1000
05:01:36.0160 4508 Boot type: Normal boot
05:01:36.0160 4508 ============================================================
05:01:36.0347 4508 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:01:36.0347 4508 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:01:36.0347 4508 ============================================================
05:01:36.0347 4508 \Device\Harddisk0\DR0:
05:01:36.0347 4508 MBR partitions:
05:01:36.0347 4508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:01:36.0347 4508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
05:01:36.0347 4508 \Device\Harddisk1\DR1:
05:01:36.0347 4508 MBR partitions:
05:01:36.0347 4508 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
05:01:36.0347 4508 ============================================================
05:01:36.0347 4508 C: <-> \Device\Harddisk0\DR0\Partition2
05:01:36.0362 4508 D: <-> \Device\Harddisk1\DR1\Partition1
05:01:36.0362 4508 ============================================================
05:01:36.0362 4508 Initialize success
05:01:36.0362 4508 ============================================================
05:01:37.0298 2620 ============================================================
05:01:37.0298 2620 Scan started
05:01:37.0298 2620 Mode: Manual;
05:01:37.0298 2620 ============================================================
05:01:37.0423 2620 ================ Scan system memory ========================
05:01:37.0423 2620 System memory - ok
05:01:37.0423 2620 ================ Scan services =============================
05:01:37.0423 2620 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
05:01:37.0423 2620 !SASCORE - ok
05:01:37.0454 2620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
05:01:37.0454 2620 1394ohci - ok
05:01:37.0470 2620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:01:37.0470 2620 ACPI - ok
05:01:37.0470 2620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:01:37.0470 2620 AcpiPmi - ok
05:01:37.0470 2620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
05:01:37.0486 2620 adp94xx - ok
05:01:37.0486 2620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
05:01:37.0486 2620 adpahci - ok
05:01:37.0486 2620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
05:01:37.0501 2620 adpu320 - ok
05:01:37.0501 2620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:01:37.0501 2620 AeLookupSvc - ok
05:01:37.0501 2620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
05:01:37.0517 2620 AFD - ok
05:01:37.0517 2620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
05:01:37.0517 2620 agp440 - ok
05:01:37.0517 2620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
05:01:37.0517 2620 ALG - ok
05:01:37.0517 2620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
05:01:37.0517 2620 aliide - ok
05:01:37.0532 2620 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
05:01:37.0532 2620 AMD External Events Utility - ok
05:01:37.0532 2620 AMD FUEL Service - ok
05:01:37.0532 2620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
05:01:37.0532 2620 amdide - ok
05:01:37.0532 2620 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
05:01:37.0532 2620 amdiox64 - ok
05:01:37.0548 2620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
05:01:37.0548 2620 AmdK8 - ok
05:01:37.0626 2620 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
05:01:37.0688 2620 amdkmdag - ok
05:01:37.0704 2620 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
05:01:37.0704 2620 amdkmdap - ok
05:01:37.0704 2620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
05:01:37.0704 2620 AmdPPM - ok
05:01:37.0720 2620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:01:37.0720 2620 amdsata - ok
05:01:37.0720 2620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
05:01:37.0720 2620 amdsbs - ok
05:01:37.0720 2620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:01:37.0720 2620 amdxata - ok
05:01:37.0720 2620 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
05:01:37.0720 2620 AODDriver4.01 - ok
05:01:37.0735 2620 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
05:01:37.0735 2620 AODDriver4.1 - ok
05:01:37.0735 2620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
05:01:37.0735 2620 AppID - ok
05:01:37.0735 2620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:01:37.0735 2620 AppIDSvc - ok
05:01:37.0735 2620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
05:01:37.0735 2620 Appinfo - ok
05:01:37.0751 2620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
05:01:37.0751 2620 arc - ok
05:01:37.0751 2620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
05:01:37.0751 2620 arcsas - ok
05:01:37.0751 2620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:01:37.0751 2620 AsyncMac - ok
05:01:37.0751 2620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
05:01:37.0751 2620 atapi - ok
05:01:37.0766 2620 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
05:01:37.0766 2620 AtiHDAudioService - ok
05:01:37.0766 2620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:01:37.0766 2620 AudioEndpointBuilder - ok
05:01:37.0782 2620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
05:01:37.0782 2620 AudioSrv - ok
05:01:37.0782 2620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:01:37.0782 2620 AxInstSV - ok
05:01:37.0798 2620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
05:01:37.0798 2620 b06bdrv - ok
05:01:37.0798 2620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
05:01:37.0798 2620 b57nd60a - ok
05:01:37.0813 2620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
05:01:37.0813 2620 BDESVC - ok
05:01:37.0813 2620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
05:01:37.0813 2620 Beep - ok
05:01:37.0829 2620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
05:01:37.0829 2620 BFE - ok
05:01:37.0829 2620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
05:01:37.0844 2620 BITS - ok
05:01:37.0844 2620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
05:01:37.0844 2620 blbdrive - ok
05:01:37.0844 2620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:01:37.0844 2620 bowser - ok
05:01:37.0860 2620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
05:01:37.0860 2620 BrFiltLo - ok
05:01:37.0860 2620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
05:01:37.0860 2620 BrFiltUp - ok
05:01:37.0860 2620 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
05:01:37.0860 2620 BridgeMP - ok
05:01:37.0860 2620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
05:01:37.0876 2620 Browser - ok
05:01:37.0876 2620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:01:37.0876 2620 Brserid - ok
05:01:37.0876 2620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:01:37.0876 2620 BrSerWdm - ok
05:01:37.0876 2620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:01:37.0876 2620 BrUsbMdm - ok
05:01:37.0891 2620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:01:37.0891 2620 BrUsbSer - ok
05:01:37.0891 2620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
05:01:37.0891 2620 BTHMODEM - ok
05:01:37.0891 2620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
05:01:37.0891 2620 bthserv - ok
05:01:37.0891 2620 catchme - ok
05:01:37.0907 2620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:01:37.0907 2620 cdfs - ok
05:01:37.0907 2620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
05:01:37.0907 2620 cdrom - ok
05:01:37.0907 2620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
05:01:37.0907 2620 CertPropSvc - ok
05:01:37.0922 2620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
05:01:37.0922 2620 circlass - ok
05:01:37.0922 2620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
05:01:37.0922 2620 CLFS - ok
05:01:37.0938 2620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:01:37.0938 2620 clr_optimization_v2.0.50727_32 - ok
05:01:37.0938 2620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:01:37.0938 2620 clr_optimization_v2.0.50727_64 - ok
05:01:37.0954 2620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:01:37.0954 2620 clr_optimization_v4.0.30319_32 - ok
05:01:37.0954 2620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:01:37.0954 2620 clr_optimization_v4.0.30319_64 - ok
05:01:37.0969 2620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
05:01:37.0969 2620 CmBatt - ok
05:01:37.0969 2620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:01:37.0969 2620 cmdide - ok
05:01:37.0969 2620 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
05:01:37.0985 2620 CNG - ok
05:01:37.0985 2620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
05:01:37.0985 2620 Compbatt - ok
05:01:37.0985 2620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
05:01:37.0985 2620 CompositeBus - ok
05:01:37.0985 2620 COMSysApp - ok
05:01:38.0000 2620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
05:01:38.0000 2620 crcdisk - ok
05:01:38.0000 2620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:01:38.0000 2620 CryptSvc - ok
05:01:38.0016 2620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
05:01:38.0016 2620 DcomLaunch - ok
05:01:38.0016 2620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
05:01:38.0016 2620 defragsvc - ok
05:01:38.0032 2620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:01:38.0032 2620 DfsC - ok
05:01:38.0032 2620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
05:01:38.0032 2620 Dhcp - ok
05:01:38.0032 2620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
05:01:38.0032 2620 discache - ok
05:01:38.0032 2620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
05:01:38.0032 2620 Disk - ok
05:01:38.0047 2620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:01:38.0047 2620 Dnscache - ok
05:01:38.0047 2620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
05:01:38.0047 2620 dot3svc - ok
05:01:38.0063 2620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
05:01:38.0063 2620 DPS - ok
05:01:38.0063 2620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:01:38.0063 2620 drmkaud - ok
05:01:38.0078 2620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:01:38.0078 2620 DXGKrnl - ok
05:01:38.0078 2620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
05:01:38.0078 2620 EapHost - ok
05:01:38.0110 2620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
05:01:38.0125 2620 ebdrv - ok
05:01:38.0141 2620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
05:01:38.0141 2620 EFS - ok
05:01:38.0141 2620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
05:01:38.0141 2620 ehRecvr - ok
05:01:38.0156 2620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
05:01:38.0156 2620 ehSched - ok
05:01:38.0156 2620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
05:01:38.0172 2620 elxstor - ok
05:01:38.0172 2620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:01:38.0172 2620 ErrDev - ok
05:01:38.0172 2620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
05:01:38.0172 2620 EventSystem - ok
05:01:38.0188 2620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
05:01:38.0188 2620 exfat - ok
05:01:38.0188 2620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:01:38.0188 2620 fastfat - ok
05:01:38.0203 2620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
05:01:38.0203 2620 Fax - ok
05:01:38.0203 2620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
05:01:38.0203 2620 fdc - ok
05:01:38.0203 2620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
05:01:38.0203 2620 fdPHost - ok
05:01:38.0219 2620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
05:01:38.0219 2620 FDResPub - ok
05:01:38.0219 2620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:01:38.0219 2620 FileInfo - ok
05:01:38.0219 2620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:01:38.0219 2620 Filetrace - ok
05:01:38.0219 2620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
05:01:38.0219 2620 flpydisk - ok
05:01:38.0234 2620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:01:38.0234 2620 FltMgr - ok
05:01:38.0250 2620 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
05:01:38.0250 2620 FontCache - ok
05:01:38.0266 2620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:01:38.0266 2620 FontCache3.0.0.0 - ok
05:01:38.0266 2620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:01:38.0266 2620 FsDepends - ok
05:01:38.0266 2620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:01:38.0266 2620 Fs_Rec - ok
05:01:38.0266 2620 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:01:38.0266 2620 fvevol - ok
05:01:38.0281 2620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
05:01:38.0281 2620 gagp30kx - ok
05:01:38.0281 2620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
05:01:38.0281 2620 gpsvc - ok
05:01:38.0297 2620 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:01:38.0297 2620 gupdate - ok
05:01:38.0297 2620 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:01:38.0297 2620 gupdatem - ok
05:01:38.0297 2620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:01:38.0297 2620 hcw85cir - ok
05:01:38.0312 2620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:01:38.0312 2620 HdAudAddService - ok
05:01:38.0312 2620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
05:01:38.0312 2620 HDAudBus - ok
05:01:38.0328 2620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
05:01:38.0328 2620 HidBatt - ok
05:01:38.0328 2620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
05:01:38.0328 2620 HidBth - ok
05:01:38.0328 2620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
05:01:38.0328 2620 HidIr - ok
05:01:38.0328 2620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
05:01:38.0328 2620 hidserv - ok
05:01:38.0344 2620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
05:01:38.0344 2620 HidUsb - ok
05:01:38.0344 2620 [ C6FF685E2EA55C3AC5C90B9E7D6930C0 ] hitmanpro35 C:\Windows\system32\drivers\hitmanpro36.sys
05:01:38.0344 2620 hitmanpro35 - ok
05:01:38.0344 2620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:01:38.0344 2620 hkmsvc - ok
05:01:38.0344 2620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:01:38.0344 2620 HomeGroupListener - ok
05:01:38.0359 2620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:01:38.0359 2620 HomeGroupProvider - ok
05:01:38.0359 2620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:01:38.0359 2620 HpSAMD - ok
05:01:38.0375 2620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:01:38.0375 2620 HTTP - ok
05:01:38.0375 2620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:01:38.0375 2620 hwpolicy - ok
05:01:38.0375 2620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:01:38.0375 2620 i8042prt - ok
05:01:38.0390 2620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:01:38.0390 2620 iaStorV - ok
05:01:38.0406 2620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:01:38.0406 2620 idsvc - ok
05:01:38.0406 2620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
05:01:38.0422 2620 iirsp - ok
05:01:38.0422 2620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
05:01:38.0422 2620 IKEEXT - ok
05:01:38.0437 2620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
05:01:38.0437 2620 intelide - ok
05:01:38.0437 2620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
05:01:38.0437 2620 intelppm - ok
05:01:38.0437 2620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:01:38.0437 2620 IPBusEnum - ok
05:01:38.0437 2620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:01:38.0453 2620 IpFilterDriver - ok
05:01:38.0453 2620 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
05:01:38.0453 2620 iphlpsvc - ok
05:01:38.0453 2620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:01:38.0453 2620 IPMIDRV - ok
05:01:38.0468 2620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:01:38.0468 2620 IPNAT - ok
05:01:38.0468 2620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:01:38.0468 2620 IRENUM - ok
05:01:38.0468 2620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:01:38.0468 2620 isapnp - ok
05:01:38.0468 2620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:01:38.0484 2620 iScsiPrt - ok
05:01:38.0484 2620 [ AD1A85CA5535CC0EE40E0BADFB8DFB27 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
05:01:38.0484 2620 ISWKL - ok
05:01:38.0484 2620 [ 9DFAE38F2E13C003EEB62AEAEAE61259 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
05:01:38.0500 2620 IswSvc - ok
05:01:38.0500 2620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
05:01:38.0500 2620 kbdclass - ok
05:01:38.0500 2620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
05:01:38.0500 2620 kbdhid - ok
05:01:38.0500 2620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
05:01:38.0500 2620 KeyIso - ok
05:01:38.0515 2620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:01:38.0515 2620 KSecDD - ok
05:01:38.0515 2620 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:01:38.0515 2620 KSecPkg - ok
05:01:38.0515 2620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
05:01:38.0515 2620 ksthunk - ok
05:01:38.0531 2620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
05:01:38.0531 2620 KtmRm - ok
05:01:38.0531 2620 [ 86F06574763A0E7CDCD57DD85632E44F ] LADF_BakerCOnly C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys
05:01:38.0546 2620 LADF_BakerCOnly - ok
05:01:38.0546 2620 [ 89B4981F949A14148365DE8D98A310B5 ] LADF_BakerROnly C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys
05:01:38.0546 2620 LADF_BakerROnly - ok
05:01:38.0562 2620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
05:01:38.0562 2620 LanmanServer - ok
05:01:38.0562 2620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:01:38.0562 2620 LanmanWorkstation - ok
05:01:38.0562 2620 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
05:01:38.0562 2620 LGBusEnum - ok
05:01:38.0562 2620 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
05:01:38.0562 2620 LGVirHid - ok
05:01:38.0578 2620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:01:38.0578 2620 lltdio - ok
05:01:38.0578 2620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:01:38.0578 2620 lltdsvc - ok
05:01:38.0578 2620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
05:01:38.0578 2620 lmhosts - ok
05:01:38.0593 2620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
05:01:38.0593 2620 LSI_FC - ok
05:01:38.0593 2620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
05:01:38.0593 2620 LSI_SAS - ok
05:01:38.0593 2620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
05:01:38.0593 2620 LSI_SAS2 - ok
05:01:38.0609 2620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
05:01:38.0609 2620 LSI_SCSI - ok
05:01:38.0609 2620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
05:01:38.0609 2620 luafv - ok
05:01:38.0609 2620 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
05:01:38.0609 2620 Mcx2Svc - ok
05:01:38.0609 2620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
05:01:38.0609 2620 megasas - ok
05:01:38.0624 2620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
05:01:38.0624 2620 MegaSR - ok
05:01:38.0624 2620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
05:01:38.0624 2620 MMCSS - ok
05:01:38.0624 2620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
05:01:38.0624 2620 Modem - ok
05:01:38.0640 2620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:01:38.0640 2620 monitor - ok
05:01:38.0640 2620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
05:01:38.0640 2620 mouclass - ok
05:01:38.0640 2620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:01:38.0640 2620 mouhid - ok
05:01:38.0640 2620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:01:38.0640 2620 mountmgr - ok
05:01:38.0656 2620 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
05:01:38.0656 2620 MozillaMaintenance - ok
05:01:38.0656 2620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
05:01:38.0656 2620 mpio - ok
05:01:38.0656 2620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:01:38.0656 2620 mpsdrv - ok
05:01:38.0671 2620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
05:01:38.0671 2620 MpsSvc - ok
05:01:38.0671 2620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:01:38.0687 2620 MRxDAV - ok
05:01:38.0687 2620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:01:38.0687 2620 mrxsmb - ok
05:01:38.0687 2620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:01:38.0702 2620 mrxsmb10 - ok
05:01:38.0702 2620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:01:38.0702 2620 mrxsmb20 - ok
05:01:38.0702 2620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
05:01:38.0702 2620 msahci - ok
05:01:38.0702 2620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:01:38.0718 2620 msdsm - ok
05:01:38.0718 2620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
05:01:38.0718 2620 MSDTC - ok
05:01:38.0718 2620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:01:38.0718 2620 Msfs - ok
05:01:38.0718 2620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:01:38.0718 2620 mshidkmdf - ok
05:01:38.0734 2620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:01:38.0734 2620 msisadrv - ok
05:01:38.0734 2620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:01:38.0734 2620 MSiSCSI - ok
05:01:38.0734 2620 msiserver - ok
05:01:38.0734 2620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:01:38.0734 2620 MSKSSRV - ok
05:01:38.0749 2620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:01:38.0749 2620 MSPCLOCK - ok
05:01:38.0749 2620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:01:38.0749 2620 MSPQM - ok
05:01:38.0749 2620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:01:38.0749 2620 MsRPC - ok
05:01:38.0765 2620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
05:01:38.0765 2620 mssmbios - ok
05:01:38.0765 2620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:01:38.0765 2620 MSTEE - ok
05:01:38.0765 2620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
05:01:38.0765 2620 MTConfig - ok
05:01:38.0765 2620 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
05:01:38.0765 2620 MTsensor - ok
05:01:38.0780 2620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
05:01:38.0780 2620 Mup - ok
05:01:38.0780 2620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
05:01:38.0780 2620 napagent - ok
05:01:38.0796 2620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:01:38.0796 2620 NativeWifiP - ok
05:01:38.0812 2620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:01:38.0812 2620 NDIS - ok
05:01:38.0812 2620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:01:38.0812 2620 NdisCap - ok
05:01:38.0827 2620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:01:38.0827 2620 NdisTapi - ok
05:01:38.0827 2620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:01:38.0827 2620 Ndisuio - ok
05:01:38.0827 2620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:01:38.0827 2620 NdisWan - ok
05:01:38.0827 2620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:01:38.0843 2620 NDProxy - ok
05:01:38.0843 2620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:01:38.0843 2620 NetBIOS - ok
05:01:38.0843 2620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:01:38.0843 2620 NetBT - ok
05:01:38.0843 2620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
05:01:38.0843 2620 Netlogon - ok
05:01:38.0858 2620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
05:01:38.0858 2620 Netman - ok
05:01:38.0858 2620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
05:01:38.0858 2620 netprofm - ok
05:01:38.0874 2620 [ 6560E0240BDA43DFE3BDD5FDF7C6670D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
05:01:38.0874 2620 netr28x - ok
05:01:38.0890 2620 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:01:38.0890 2620 NetTcpPortSharing - ok
05:01:38.0890 2620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
05:01:38.0890 2620 nfrd960 - ok
05:01:38.0890 2620 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
05:01:38.0890 2620 NlaSvc - ok
05:01:38.0905 2620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:01:38.0905 2620 Npfs - ok
05:01:38.0905 2620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
05:01:38.0905 2620 nsi - ok
05:01:38.0905 2620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:01:38.0905 2620 nsiproxy - ok
05:01:38.0921 2620 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:01:38.0936 2620 Ntfs - ok
05:01:38.0952 2620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
05:01:38.0952 2620 Null - ok
05:01:38.0952 2620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:01:38.0952 2620 nvraid - ok
05:01:38.0952 2620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:01:38.0968 2620 nvstor - ok
05:01:38.0968 2620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:01:38.0968 2620 nv_agp - ok
05:01:38.0968 2620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:01:38.0968 2620 ohci1394 - ok
05:01:38.0983 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:01:38.0983 2620 p2pimsvc - ok
05:01:38.0983 2620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
05:01:38.0983 2620 p2psvc - ok
05:01:38.0983 2620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
05:01:38.0999 2620 Parport - ok
05:01:38.0999 2620 Partizan - ok
05:01:38.0999 2620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:01:38.0999 2620 partmgr - ok
05:01:38.0999 2620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:01:38.0999 2620 PcaSvc - ok
05:01:39.0014 2620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
05:01:39.0014 2620 pci - ok
05:01:39.0014 2620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
05:01:39.0014 2620 pciide - ok
05:01:39.0014 2620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
05:01:39.0014 2620 pcmcia - ok
05:01:39.0014 2620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
05:01:39.0030 2620 pcw - ok
05:01:39.0030 2620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:01:39.0030 2620 PEAUTH - ok
05:01:39.0046 2620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
05:01:39.0046 2620 PerfHost - ok
05:01:39.0077 2620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
05:01:39.0077 2620 pla - ok
05:01:39.0092 2620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:01:39.0092 2620 PlugPlay - ok
05:01:39.0092 2620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:01:39.0092 2620 PNRPAutoReg - ok
05:01:39.0108 2620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:01:39.0108 2620 PNRPsvc - ok
05:01:39.0108 2620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:01:39.0108 2620 PolicyAgent - ok
05:01:39.0124 2620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
05:01:39.0124 2620 Power - ok
05:01:39.0124 2620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:01:39.0124 2620 PptpMiniport - ok
05:01:39.0124 2620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
05:01:39.0124 2620 Processor - ok
05:01:39.0124 2620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
05:01:39.0139 2620 ProfSvc - ok
05:01:39.0139 2620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:01:39.0139 2620 ProtectedStorage - ok
05:01:39.0139 2620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:01:39.0139 2620 Psched - ok
05:01:39.0155 2620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
05:01:39.0170 2620 ql2300 - ok
05:01:39.0170 2620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
05:01:39.0170 2620 ql40xx - ok
05:01:39.0170 2620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
05:01:39.0186 2620 QWAVE - ok
05:01:39.0186 2620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:01:39.0186 2620 QWAVEdrv - ok
05:01:39.0186 2620 [ 81BEBBFFE45855B7FAF204C517FBEEF1 ] RalinkRegistryWriter C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
05:01:39.0186 2620 RalinkRegistryWriter - ok
05:01:39.0186 2620 [ 0878786C69B92E2A239B94F96F2AA963 ] RalinkRegistryWriter64 C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
05:01:39.0186 2620 RalinkRegistryWriter64 - ok
05:01:39.0202 2620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:01:39.0202 2620 RasAcd - ok
05:01:39.0202 2620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:01:39.0202 2620 RasAgileVpn - ok
05:01:39.0202 2620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
05:01:39.0202 2620 RasAuto - ok
05:01:39.0202 2620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:01:39.0202 2620 Rasl2tp - ok
05:01:39.0217 2620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
05:01:39.0217 2620 RasMan - ok
05:01:39.0217 2620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:01:39.0217 2620 RasPppoe - ok
05:01:39.0233 2620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:01:39.0233 2620 RasSstp - ok
05:01:39.0233 2620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:01:39.0233 2620 rdbss - ok
05:01:39.0233 2620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
05:01:39.0233 2620 rdpbus - ok
05:01:39.0233 2620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:01:39.0233 2620 RDPCDD - ok
05:01:39.0248 2620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:01:39.0248 2620 RDPENCDD - ok
05:01:39.0248 2620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:01:39.0248 2620 RDPREFMP - ok
05:01:39.0248 2620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:01:39.0264 2620 RDPWD - ok
05:01:39.0264 2620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:01:39.0264 2620 rdyboost - ok
05:01:39.0264 2620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
05:01:39.0264 2620 RemoteAccess - ok
05:01:39.0280 2620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:01:39.0280 2620 RemoteRegistry - ok
05:01:39.0280 2620 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
05:01:39.0280 2620 RimUsb - ok
05:01:39.0280 2620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:01:39.0280 2620 RpcEptMapper - ok
05:01:39.0280 2620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
05:01:39.0280 2620 RpcLocator - ok
05:01:39.0295 2620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
05:01:39.0295 2620 RpcSs - ok
05:01:39.0295 2620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:01:39.0295 2620 rspndr - ok
05:01:39.0295 2620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
05:01:39.0311 2620 SamSs - ok
05:01:39.0311 2620 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
05:01:39.0311 2620 SASDIFSV - ok
05:01:39.0311 2620 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
05:01:39.0311 2620 SASKUTIL - ok
05:01:39.0311 2620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:01:39.0311 2620 sbp2port - ok
05:01:39.0311 2620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:01:39.0326 2620 SCardSvr - ok
05:01:39.0326 2620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:01:39.0326 2620 scfilter - ok
05:01:39.0342 2620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
05:01:39.0342 2620 Schedule - ok
05:01:39.0342 2620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:01:39.0342 2620 SCPolicySvc - ok
05:01:39.0342 2620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:01:39.0342 2620 SDRSVC - ok
05:01:39.0358 2620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:01:39.0358 2620 secdrv - ok
05:01:39.0358 2620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
05:01:39.0358 2620 seclogon - ok
05:01:39.0358 2620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
05:01:39.0358 2620 SENS - ok
05:01:39.0358 2620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:01:39.0358 2620 SensrSvc - ok
05:01:39.0373 2620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
05:01:39.0373 2620 Serenum - ok
05:01:39.0373 2620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
05:01:39.0373 2620 Serial - ok
05:01:39.0373 2620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
05:01:39.0373 2620 sermouse - ok
05:01:39.0389 2620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
05:01:39.0389 2620 SessionEnv - ok
05:01:39.0389 2620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:01:39.0389 2620 sffdisk - ok
05:01:39.0389 2620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:01:39.0389 2620 sffp_mmc - ok
05:01:39.0389 2620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:01:39.0404 2620 sffp_sd - ok
05:01:39.0404 2620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
05:01:39.0404 2620 sfloppy - ok
05:01:39.0404 2620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
05:01:39.0404 2620 SharedAccess - ok
05:01:39.0420 2620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:01:39.0420 2620 ShellHWDetection - ok
05:01:39.0420 2620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
05:01:39.0420 2620 SiSRaid2 - ok
05:01:39.0420 2620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
05:01:39.0420 2620 SiSRaid4 - ok
05:01:39.0436 2620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:01:39.0436 2620 Smb - ok
05:01:39.0436 2620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:01:39.0436 2620 SNMPTRAP - ok
05:01:39.0436 2620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
05:01:39.0436 2620 spldr - ok
05:01:39.0451 2620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
05:01:39.0451 2620 Spooler - ok
05:01:39.0482 2620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
05:01:39.0498 2620 sppsvc - ok
05:01:39.0498 2620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:01:39.0498 2620 sppuinotify - ok
05:01:39.0514 2620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
05:01:39.0514 2620 srv - ok
05:01:39.0514 2620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:01:39.0514 2620 srv2 - ok
05:01:39.0529 2620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:01:39.0529 2620 srvnet - ok
05:01:39.0529 2620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:01:39.0529 2620 SSDPSRV - ok
05:01:39.0545 2620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:01:39.0545 2620 SstpSvc - ok
05:01:39.0545 2620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
05:01:39.0545 2620 stexstor - ok
05:01:39.0545 2620 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
05:01:39.0545 2620 StillCam - ok
05:01:39.0545 2620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
05:01:39.0560 2620 stisvc - ok
05:01:39.0560 2620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
05:01:39.0560 2620 swenum - ok
05:01:39.0560 2620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
05:01:39.0576 2620 swprv - ok
05:01:39.0592 2620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
05:01:39.0592 2620 SysMain - ok
05:01:39.0607 2620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:01:39.0607 2620 TabletInputService - ok
05:01:39.0607 2620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
05:01:39.0607 2620 TapiSrv - ok
05:01:39.0623 2620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
05:01:39.0623 2620 TBS - ok
05:01:39.0638 2620 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:01:39.0654 2620 Tcpip - ok
05:01:39.0685 2620 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:01:39.0685 2620 TCPIP6 - ok
05:01:39.0685 2620 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:01:39.0685 2620 tcpipreg - ok
05:01:39.0701 2620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:01:39.0701 2620 TDPIPE - ok
05:01:39.0701 2620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:01:39.0701 2620 TDTCP - ok
05:01:39.0701 2620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:01:39.0701 2620 tdx - ok
05:01:39.0716 2620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
05:01:39.0716 2620 TermDD - ok
05:01:39.0716 2620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
05:01:39.0732 2620 TermService - ok
05:01:39.0732 2620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
05:01:39.0732 2620 Themes - ok
05:01:39.0732 2620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
05:01:39.0732 2620 THREADORDER - ok
05:01:39.0732 2620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
05:01:39.0732 2620 TrkWks - ok
05:01:39.0748 2620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:01:39.0748 2620 TrustedInstaller - ok
05:01:39.0748 2620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:01:39.0748 2620 tssecsrv - ok
05:01:39.0748 2620 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:01:39.0748 2620 TsUsbFlt - ok
05:01:39.0748 2620 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
05:01:39.0748 2620 TsUsbGD - ok
05:01:39.0763 2620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:01:39.0763 2620 tunnel - ok
05:01:39.0763 2620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
05:01:39.0763 2620 uagp35 - ok
05:01:39.0763 2620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:01:39.0779 2620 udfs - ok
05:01:39.0779 2620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:01:39.0779 2620 UI0Detect - ok
05:01:39.0779 2620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:01:39.0779 2620 uliagpkx - ok
05:01:39.0779 2620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
05:01:39.0794 2620 umbus - ok
05:01:39.0794 2620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
05:01:39.0794 2620 UmPass - ok
05:01:39.0794 2620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
05:01:39.0794 2620 upnphost - ok
05:01:39.0810 2620 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
05:01:39.0810 2620 usbaudio - ok
05:01:39.0810 2620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:01:39.0810 2620 usbccgp - ok
05:01:39.0810 2620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:01:39.0810 2620 usbcir - ok
05:01:39.0810 2620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
05:01:39.0826 2620 usbehci - ok
05:01:39.0826 2620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:01:39.0826 2620 usbhub - ok
05:01:39.0826 2620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
05:01:39.0826 2620 usbohci - ok
05:01:39.0841 2620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
05:01:39.0841 2620 usbprint - ok
05:01:39.0841 2620 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:01:39.0841 2620 USBSTOR - ok
05:01:39.0841 2620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
05:01:39.0841 2620 usbuhci - ok
05:01:39.0841 2620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
05:01:39.0841 2620 UxSms - ok
05:01:39.0857 2620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
05:01:39.0857 2620 VaultSvc - ok
05:01:39.0857 2620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:01:39.0857 2620 vdrvroot - ok
05:01:39.0857 2620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
05:01:39.0872 2620 vds - ok
05:01:39.0872 2620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:01:39.0872 2620 vga - ok
05:01:39.0872 2620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
05:01:39.0872 2620 VgaSave - ok
05:01:39.0872 2620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:01:39.0888 2620 vhdmp - ok
05:01:39.0888 2620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
05:01:39.0888 2620 viaide - ok
05:01:39.0888 2620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:01:39.0888 2620 volmgr - ok
05:01:39.0888 2620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:01:39.0904 2620 volmgrx - ok
05:01:39.0904 2620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:01:39.0904 2620 volsnap - ok
05:01:39.0919 2620 [ DBB357B5C3D97039CDD010E01D165870 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
05:01:39.0919 2620 Vsdatant - ok
05:01:39.0919 2620 vsmon - ok
05:01:39.0919 2620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
05:01:39.0919 2620 vsmraid - ok
05:01:39.0935 2620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
05:01:39.0950 2620 VSS - ok
05:01:39.0966 2620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
05:01:39.0966 2620 vwifibus - ok
05:01:39.0966 2620 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
05:01:39.0966 2620 vwififlt - ok
05:01:39.0966 2620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
05:01:39.0982 2620 W32Time - ok
05:01:39.0982 2620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
05:01:39.0982 2620 WacomPen - ok
05:01:39.0982 2620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:01:39.0982 2620 WANARP - ok
05:01:39.0982 2620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:01:39.0982 2620 Wanarpv6 - ok
05:01:39.0997 2620 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
05:01:40.0013 2620 WatAdminSvc - ok
05:01:40.0028 2620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
05:01:40.0044 2620 wbengine - ok
05:01:40.0060 2620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:01:40.0060 2620 WbioSrvc - ok
05:01:40.0060 2620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:01:40.0060 2620 wcncsvc - ok
05:01:40.0075 2620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:01:40.0075 2620 WcsPlugInService - ok
05:01:40.0075 2620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
05:01:40.0075 2620 Wd - ok
05:01:40.0075 2620 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
05:01:40.0075 2620 WDC_SAM - ok
05:01:40.0091 2620 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:01:40.0091 2620 Wdf01000 - ok
05:01:40.0091 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:01:40.0091 2620 WdiServiceHost - ok
05:01:40.0091 2620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:01:40.0091 2620 WdiSystemHost - ok
05:01:40.0106 2620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
05:01:40.0106 2620 WebClient - ok
05:01:40.0106 2620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:01:40.0106 2620 Wecsvc - ok
05:01:40.0122 2620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:01:40.0122 2620 wercplsupport - ok
05:01:40.0122 2620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
05:01:40.0122 2620 WerSvc - ok
05:01:40.0122 2620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:01:40.0122 2620 WfpLwf - ok
05:01:40.0122 2620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:01:40.0122 2620 WIMMount - ok
05:01:40.0138 2620 WinDefend - ok
05:01:40.0138 2620 WinHttpAutoProxySvc - ok
05:01:40.0138 2620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:01:40.0138 2620 Winmgmt - ok
05:01:40.0169 2620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
05:01:40.0184 2620 WinRM - ok
05:01:40.0184 2620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
05:01:40.0184 2620 WinUsb - ok
05:01:40.0200 2620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
05:01:40.0200 2620 Wlansvc - ok
05:01:40.0231 2620 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:01:40.0231 2620 wlidsvc - ok
05:01:40.0231 2620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
05:01:40.0231 2620 WmiAcpi - ok
05:01:40.0247 2620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:01:40.0247 2620 wmiApSrv - ok
05:01:40.0247 2620 WMPNetworkSvc - ok
05:01:40.0247 2620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:01:40.0247 2620 WPCSvc - ok
05:01:40.0262 2620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:01:40.0262 2620 WPDBusEnum - ok
05:01:40.0262 2620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:01:40.0262 2620 ws2ifsl - ok
05:01:40.0262 2620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
05:01:40.0262 2620 wscsvc - ok
05:01:40.0262 2620 WSearch - ok
05:01:40.0294 2620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
05:01:40.0309 2620 wuauserv - ok
05:01:40.0309 2620 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:01:40.0309 2620 WudfPf - ok
05:01:40.0325 2620 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:01:40.0325 2620 WUDFRd - ok
05:01:40.0325 2620 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:01:40.0325 2620 wudfsvc - ok
05:01:40.0325 2620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
05:01:40.0325 2620 WwanSvc - ok
05:01:40.0340 2620 ================ Scan global ===============================
05:01:40.0340 2620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:01:40.0340 2620 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:01:40.0340 2620 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
05:01:40.0356 2620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:01:40.0356 2620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:01:40.0356 2620 [Global] - ok
05:01:40.0356 2620 ================ Scan MBR ==================================
05:01:40.0356 2620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:01:40.0403 2620 \Device\Harddisk0\DR0 - ok
05:01:40.0403 2620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
05:01:40.0418 2620 \Device\Harddisk1\DR1 - ok
05:01:40.0418 2620 ================ Scan VBR ==================================
05:01:40.0418 2620 [ 78EB614FB2D6FD69F9C1B545EF08AC1C ] \Device\Harddisk0\DR0\Partition1
05:01:40.0418 2620 \Device\Harddisk0\DR0\Partition1 - ok
05:01:40.0418 2620 [ 434ACD1DD7FD445D1BC36FE7604989E8 ] \Device\Harddisk0\DR0\Partition2
05:01:40.0418 2620 \Device\Harddisk0\DR0\Partition2 - ok
05:01:40.0418 2620 [ B6909B0C6A9683B2DC894A98A84D721A ] \Device\Harddisk1\DR1\Partition1
05:01:40.0418 2620 \Device\Harddisk1\DR1\Partition1 - ok
05:01:40.0418 2620 ============================================================
05:01:40.0418 2620 Scan finished
05:01:40.0418 2620 ============================================================
05:01:40.0418 5872 Detected object count: 0
05:01:40.0418 5872 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 16:17:12
-----------------------------
16:17:12.955 OS Version: Windows x64 6.1.7601 Service Pack 1
16:17:12.955 Number of processors: 6 586 0xA00
16:17:12.955 ComputerName: AMDPC UserName:
16:17:13.045 Initialize success
16:24:28.798 AVAST engine defs: 12111201
16:31:09.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
16:31:09.499 Disk 0 Vendor: M4-CT064M4SSD2 0002 Size: 61057MB BusType: 3
16:31:09.500 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
16:31:09.502 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
16:31:09.504 Disk 0 MBR read successfully
16:31:09.505 Disk 0 MBR scan
16:31:09.508 Disk 0 Windows 7 default MBR code
16:31:09.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:31:09.513 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
16:31:09.518 Disk 0 scanning C:\Windows\system32\drivers
16:31:11.692 Service scanning
16:31:17.632 Modules scanning
16:31:17.636 Disk 0 trace - called modules:
16:31:17.640 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:31:17.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073d9060]
16:31:17.646 3 CLASSPNP.SYS[fffff880011a443f] -> nt!IofCallDriver -> [0xfffffa8006dce520]
16:31:17.649 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006dca680]
16:31:17.746 AVAST engine scan C:\Windows
16:31:18.231 AVAST engine scan C:\Windows\system32
16:32:19.422 AVAST engine scan C:\Windows\system32\drivers
16:32:22.311 AVAST engine scan C:\Users\Lauren
16:32:41.357 AVAST engine scan C:\ProgramData
16:32:43.630 Scan finished successfully
16:35:14.596 Disk 0 MBR has been saved successfully to "C:\Users\Lauren\Desktop\MBR.dat"
16:35:14.596 The log file has been saved successfully to "C:\Users\Lauren\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 05:03:22
-----------------------------
05:03:22.344 OS Version: Windows x64 6.1.7601 Service Pack 1
05:03:22.344 Number of processors: 6 586 0xA00
05:03:22.344 ComputerName: AMDPC UserName:
05:03:22.485 Initialize success
05:10:29.301 AVAST engine defs: 12111400
05:10:50.533 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
05:10:50.533 Disk 0 Vendor: M4-CT064M4SSD2 0002 Size: 61057MB BusType: 3
05:10:50.548 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
05:10:50.548 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
05:10:50.548 Disk 0 MBR read successfully
05:10:50.548 Disk 0 MBR scan
05:10:50.548 Disk 0 Windows 7 default MBR code
05:10:50.548 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
05:10:50.548 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
05:10:50.564 Disk 0 scanning C:\Windows\system32\drivers
05:10:52.685 Service scanning
05:10:58.317 Modules scanning
05:10:58.317 Disk 0 trace - called modules:
05:10:58.317 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
05:10:58.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073dd060]
05:10:58.317 3 CLASSPNP.SYS[fffff880011af43f] -> nt!IofCallDriver -> [0xfffffa8006dd2520]
05:10:58.333 5 ACPI.sys[fffff88000efe7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006dce680]
05:10:58.442 AVAST engine scan C:\Windows
05:10:58.957 AVAST engine scan C:\Windows\system32
05:12:01.232 AVAST engine scan C:\Windows\system32\drivers
05:12:03.728 AVAST engine scan C:\Users\Lauren
05:12:24.788 AVAST engine scan C:\ProgramData
05:12:27.159 Scan finished successfully
05:16:23.063 Disk 0 MBR has been saved successfully to "C:\Users\Lauren\Desktop\MBR.dat"
05:16:23.078 The log file has been saved successfully to "C:\Users\Lauren\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 14 November 2012 - 07:56 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 16 November 2012 - 11:09 AM

Give me another day to test it... I thought it was OK before running this script and then the last page I tried to open redirected!

ComboFix 12-11-16.02 - Lauren 11/16/2012 11:02:01.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6432 [GMT -5:00]
Running from: c:\users\Lauren\Downloads\ComboFix.exe
Command switches used :: c:\users\Lauren\Desktop\CFScript.txt
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 16:05 . 2012-11-16 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 15:56 . 2012-11-16 15:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E5EE1D-9847-453D-A3EE-0126E3077BBD}\offreg.dll
2012-11-16 15:31 . 2012-10-17 06:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E5EE1D-9847-453D-A3EE-0126E3077BBD}\mpengine.dll
2012-11-12 14:38 . 2012-11-12 14:38 -------- d-----w- c:\users\Lauren\AppData\Roaming\CheckPoint
2012-11-12 14:37 . 2012-11-12 14:37 -------- d-----w- c:\program files\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:37 -------- d-----w- c:\program files (x86)\CheckPoint
2012-11-12 14:33 . 2012-11-12 14:33 -------- d-----w- c:\programdata\CheckPoint
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\users\Lauren\AppData\Roaming\SUPERAntiSpyware.com
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-08 17:18 . 2012-11-08 17:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\program files (x86)\STPViewer
2012-11-05 18:53 . 2012-11-05 18:53 -------- d-----w- c:\users\Lauren\AppData\Local\Programs
2012-11-01 20:31 . 2012-11-01 20:31 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-10-23 16:05 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-23 16:04 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 19:15 . 2012-08-06 20:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 19:15 . 2012-08-06 20:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-08 17:09 . 2011-03-28 22:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-07 21:04 . 2012-01-05 14:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 17:38 . 2012-10-23 16:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-10-01 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-08 73392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-01-05 25160]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-08 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2009-07-15 210720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-07-15 625152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 16:58]
.
2012-11-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f34f5f7e-6e64-46ee-991a-4146763fd0f7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9628280-408b-41e0-8655-bce9b1ce0258.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"ISW"="" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\1kkpavpk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-12 09:38; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 11:07:22
ComboFix-quarantined-files.txt 2012-11-16 16:07
ComboFix2.txt 2012-11-13 14:19
ComboFix3.txt 2012-11-12 20:02
.
Pre-Run: 6,883,115,008 bytes free
Post-Run: 6,965,977,088 bytes free
.
- - End Of File - - 542F8A16FC0B10B813FCD5B516240A3E

#14 rileyroo27

rileyroo27
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 16 November 2012 - 11:12 AM

Still redirecting from google using Mozilla... last instance went to: http://hajocacorp.iarbiz.com/Rbn2mo6VT98=-2|VE_Bs4ta6ssHpmRpUrsCu90tBjBDvv

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 16 November 2012 - 01:22 PM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users