Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection! Please help.


  • This topic is locked This topic is locked
10 replies to this topic

#1 skartissue

skartissue

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 21 January 2013 - 04:18 PM

I've recently been getting a bluescreen on windows 7 and my storage drive disappears from the 'My computer' window. I have to go to device manager and scan for hardware changes for it to show up again. Here is my DDS log.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Robbie at 12:54:49 on 2013-01-21
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\soundman.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\USBScan\USBScan.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [Google Update] "c:\users\robbie\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [jimbii] c:\program files\mybrowsercash addon\updater.exe
mRun: [USBScan.exe] c:\program files\usbscan\USBScan.exe -Hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{04738071-D678-4107-99AF-839948108E97} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robbie\appdata\roaming\mozilla\firefox\profiles\th4boaso.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100293&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\robbie\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\robbie\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dmvsc;dmvsc
R? HTCAND32;HTC Device Driver
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? StorSvc;Storage Service
R? Synth3dVsc;Microsoft Virtual 3D Video Transport Driver
R? terminpt;Microsoft Remote Desktop Input Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? tsusbhub;Remote Deskotop USB Hub
R? VGPU;VGPU
R? WDC_SAM;WD SCSI Pass Thru driver
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SbieDrv;SbieDrv
S? X6XSEx_Pr143;X6XSEx_Pr143
.
=============== Created Last 30 ================
.
2013-01-17 16:54:55 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-17 16:54:54 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-17 16:54:52 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-17 16:53:36 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-17 16:53:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-17 05:43:58 -------- d-----w- c:\users\robbie\appdata\local\Programs
2013-01-17 01:06:10 -------- d-----w- C:\Dredd.2012.BDRip.XviD-SPARKS
2013-01-17 00:50:20 -------- d-----w- C:\The.Hobbit.2012.DVDSCR.XviD-SHOWTiME
2013-01-11 07:59:54 -------- d-----w- C:\sqlitebrowser_200_b1_win
2013-01-01 23:26:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-01 23:26:11 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-01 23:21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-01 23:21:15 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-01 23:21:15 149536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-01-01 23:21:14 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-01-01 23:21:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-01 23:21:04 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-01-01 23:21:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-01 23:20:57 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-01 23:20:56 757280 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-01-01 23:20:54 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-01-01 23:20:52 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-01-01 23:20:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-01 22:56:49 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-01 22:56:20 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2013-01-09 07:59:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 07:59:02 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-08 19:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 13:10:43.37 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 23 January 2013 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

What can you tell me about this Mybrowsercash addon?
Did you installed this?
mRun: [jimbii] c:\program files\mybrowsercash addon\updater.exe
<<<>>>

Let start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 skartissue

skartissue
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 January 2013 - 11:19 AM

Hello and THANK YOU Nasdaq.
Yes I did install My Browser Cash about a year ago, but it's useless and I thought I had deleted it. I guess not.

Here's my TDSKiller Report, no objects found.
08:03:19.0708 5240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:03:21.0725 5240 ============================================================
08:03:21.0725 5240 Current date / time: 2013/01/23 08:03:21.0725
08:03:21.0725 5240 SystemInfo:
08:03:21.0725 5240
08:03:21.0725 5240 OS Version: 6.1.7601 ServicePack: 1.0
08:03:21.0725 5240 Product type: Workstation
08:03:21.0725 5240 ComputerName: COMPAQ
08:03:21.0725 5240 UserName: Robbie
08:03:21.0725 5240 Windows directory: C:\Windows
08:03:21.0725 5240 System windows directory: C:\Windows
08:03:21.0725 5240 Processor architecture: Intel x86
08:03:21.0725 5240 Number of processors: 1
08:03:21.0725 5240 Page size: 0x1000
08:03:21.0725 5240 Boot type: Normal boot
08:03:21.0725 5240 ============================================================
08:03:23.0037 5240 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
08:03:23.0044 5240 Drive \Device\Harddisk5\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:03:23.0208 5240 ============================================================
08:03:23.0208 5240 \Device\Harddisk0\DR0:
08:03:23.0232 5240 MBR partitions:
08:03:23.0232 5240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:03:23.0232 5240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
08:03:23.0232 5240 \Device\Harddisk5\DR5:
08:03:23.0232 5240 MBR partitions:
08:03:23.0232 5240 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x140631C
08:03:23.0232 5240 \Device\Harddisk5\DR5\Partition2: MBR, Type 0x7, StartLBA 0x140635B, BlocksNum 0x24027F55
08:03:23.0232 5240 ============================================================
08:03:23.0255 5240 C: <-> \Device\Harddisk0\DR0\Partition2
08:03:23.0302 5240 D: <-> \Device\Harddisk5\DR5\Partition2
08:03:23.0326 5240 F: <-> \Device\Harddisk5\DR5\Partition1
08:03:23.0326 5240 G: <-> \Device\Harddisk5\DR5\Partition2
08:03:23.0326 5240 ============================================================
08:03:23.0326 5240 Initialize success
08:03:23.0326 5240 ============================================================
08:03:30.0814 0692 ============================================================
08:03:30.0814 0692 Scan started
08:03:30.0814 0692 Mode: Manual;
08:03:30.0814 0692 ============================================================
08:03:31.0284 0692 ================ Scan system memory ========================
08:03:31.0284 0692 System memory - ok
08:03:31.0291 0692 ================ Scan services =============================
08:03:31.0393 0692 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:03:31.0401 0692 !SASCORE - ok
08:03:31.0948 0692 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
08:03:31.0956 0692 1394ohci - ok
08:03:32.0010 0692 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:03:32.0010 0692 ACPI - ok
08:03:32.0049 0692 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:03:32.0049 0692 AcpiPmi - ok
08:03:32.0237 0692 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:03:32.0245 0692 AdobeFlashPlayerUpdateSvc - ok
08:03:32.0307 0692 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:03:32.0315 0692 adp94xx - ok
08:03:32.0354 0692 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:03:32.0362 0692 adpahci - ok
08:03:32.0401 0692 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:03:32.0409 0692 adpu320 - ok
08:03:32.0463 0692 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:03:32.0463 0692 AeLookupSvc - ok
08:03:32.0541 0692 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
08:03:32.0549 0692 AFD - ok
08:03:32.0651 0692 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
08:03:32.0682 0692 AgereSoftModem - ok
08:03:32.0768 0692 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:03:32.0768 0692 agp440 - ok
08:03:32.0815 0692 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:03:32.0815 0692 aic78xx - ok
08:03:33.0034 0692 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\Windows\system32\drivers\ALCXWDM.SYS
08:03:33.0174 0692 ALCXWDM - ok
08:03:33.0237 0692 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
08:03:33.0245 0692 ALG - ok
08:03:33.0291 0692 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
08:03:33.0291 0692 aliide - ok
08:03:33.0323 0692 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:03:33.0323 0692 amdagp - ok
08:03:33.0346 0692 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
08:03:33.0346 0692 amdide - ok
08:03:33.0409 0692 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:03:33.0416 0692 AmdK8 - ok
08:03:33.0440 0692 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:03:33.0440 0692 AmdPPM - ok
08:03:33.0479 0692 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:03:33.0479 0692 amdsata - ok
08:03:33.0510 0692 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:03:33.0510 0692 amdsbs - ok
08:03:33.0557 0692 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:03:33.0557 0692 amdxata - ok
08:03:33.0596 0692 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
08:03:33.0596 0692 AppID - ok
08:03:33.0671 0692 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:03:33.0671 0692 AppIDSvc - ok
08:03:33.0695 0692 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
08:03:33.0703 0692 Appinfo - ok
08:03:33.0828 0692 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:03:33.0828 0692 Apple Mobile Device - ok
08:03:33.0867 0692 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
08:03:33.0867 0692 AppMgmt - ok
08:03:33.0937 0692 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
08:03:33.0945 0692 arc - ok
08:03:33.0992 0692 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:03:33.0992 0692 arcsas - ok
08:03:34.0078 0692 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
08:03:34.0078 0692 aswFsBlk - ok
08:03:34.0132 0692 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:03:34.0132 0692 aswMonFlt - ok
08:03:34.0171 0692 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
08:03:34.0171 0692 aswRdr - ok
08:03:34.0234 0692 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:03:34.0257 0692 aswSnx - ok
08:03:34.0312 0692 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:03:34.0320 0692 aswSP - ok
08:03:34.0351 0692 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
08:03:34.0351 0692 aswTdi - ok
08:03:34.0406 0692 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:34.0414 0692 AsyncMac - ok
08:03:34.0484 0692 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
08:03:34.0484 0692 atapi - ok
08:03:34.0562 0692 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
08:03:34.0578 0692 Ati External Event Utility - ok
08:03:34.0820 0692 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:03:34.0968 0692 atikmdag - ok
08:03:35.0078 0692 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:03:35.0085 0692 AudioEndpointBuilder - ok
08:03:35.0117 0692 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:03:35.0125 0692 Audiosrv - ok
08:03:35.0265 0692 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:03:35.0265 0692 avast! Antivirus - ok
08:03:35.0320 0692 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:03:35.0328 0692 AxInstSV - ok
08:03:35.0390 0692 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
08:03:35.0398 0692 b06bdrv - ok
08:03:35.0437 0692 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:03:35.0445 0692 b57nd60x - ok
08:03:35.0523 0692 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
08:03:35.0523 0692 BDESVC - ok
08:03:35.0554 0692 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
08:03:35.0554 0692 Beep - ok
08:03:35.0617 0692 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
08:03:35.0625 0692 BFE - ok
08:03:35.0703 0692 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
08:03:35.0726 0692 BITS - ok
08:03:35.0773 0692 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:03:35.0773 0692 blbdrive - ok
08:03:35.0898 0692 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:03:35.0906 0692 Bonjour Service - ok
08:03:35.0945 0692 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:03:35.0953 0692 bowser - ok
08:03:36.0023 0692 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:03:36.0023 0692 BrFiltLo - ok
08:03:36.0039 0692 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:03:36.0046 0692 BrFiltUp - ok
08:03:36.0093 0692 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:03:36.0093 0692 BridgeMP - ok
08:03:36.0171 0692 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
08:03:36.0179 0692 Browser - ok
08:03:36.0210 0692 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:03:36.0218 0692 Brserid - ok
08:03:36.0250 0692 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:36.0250 0692 BrSerWdm - ok
08:03:36.0281 0692 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:36.0281 0692 BrUsbMdm - ok
08:03:36.0304 0692 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:36.0304 0692 BrUsbSer - ok
08:03:36.0328 0692 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:03:36.0335 0692 BTHMODEM - ok
08:03:36.0421 0692 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
08:03:36.0429 0692 bthserv - ok
08:03:36.0507 0692 catchme - ok
08:03:36.0539 0692 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:03:36.0546 0692 cdfs - ok
08:03:36.0601 0692 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:03:36.0601 0692 cdrom - ok
08:03:36.0648 0692 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
08:03:36.0656 0692 CertPropSvc - ok
08:03:36.0726 0692 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
08:03:36.0734 0692 circlass - ok
08:03:36.0820 0692 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
08:03:36.0820 0692 CLFS - ok
08:03:36.0914 0692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:03:36.0921 0692 clr_optimization_v2.0.50727_32 - ok
08:03:37.0046 0692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:03:37.0046 0692 clr_optimization_v4.0.30319_32 - ok
08:03:37.0093 0692 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:03:37.0093 0692 CmBatt - ok
08:03:37.0117 0692 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:03:37.0125 0692 cmdide - ok
08:03:37.0195 0692 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
08:03:37.0203 0692 CNG - ok
08:03:37.0242 0692 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:03:37.0250 0692 Compbatt - ok
08:03:37.0296 0692 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:03:37.0296 0692 CompositeBus - ok
08:03:37.0328 0692 COMSysApp - ok
08:03:37.0359 0692 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:03:37.0367 0692 crcdisk - ok
08:03:37.0453 0692 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:03:37.0460 0692 CryptSvc - ok
08:03:37.0500 0692 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
08:03:37.0507 0692 CSC - ok
08:03:37.0578 0692 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
08:03:37.0585 0692 CscService - ok
08:03:37.0648 0692 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:03:37.0656 0692 DcomLaunch - ok
08:03:37.0695 0692 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
08:03:37.0703 0692 defragsvc - ok
08:03:37.0750 0692 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:03:37.0757 0692 DfsC - ok
08:03:37.0804 0692 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:03:37.0812 0692 Dhcp - ok
08:03:37.0859 0692 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
08:03:37.0859 0692 discache - ok
08:03:37.0898 0692 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
08:03:37.0906 0692 Disk - ok
08:03:37.0937 0692 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
08:03:37.0945 0692 dmvsc - ok
08:03:37.0968 0692 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:03:37.0976 0692 Dnscache - ok
08:03:38.0000 0692 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
08:03:38.0007 0692 dot3svc - ok
08:03:38.0031 0692 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
08:03:38.0039 0692 DPS - ok
08:03:38.0078 0692 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:03:38.0078 0692 drmkaud - ok
08:03:38.0132 0692 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:03:38.0171 0692 DXGKrnl - ok
08:03:38.0210 0692 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:03:38.0218 0692 E1G60 - ok
08:03:38.0289 0692 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
08:03:38.0296 0692 EapHost - ok
08:03:38.0414 0692 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
08:03:38.0515 0692 ebdrv - ok
08:03:38.0570 0692 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
08:03:38.0578 0692 EFS - ok
08:03:38.0640 0692 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:03:38.0656 0692 ehRecvr - ok
08:03:38.0679 0692 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
08:03:38.0679 0692 ehSched - ok
08:03:38.0747 0692 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:03:38.0762 0692 elxstor - ok
08:03:38.0778 0692 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:03:38.0778 0692 ErrDev - ok
08:03:38.0864 0692 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
08:03:38.0887 0692 EventSystem - ok
08:03:38.0965 0692 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
08:03:38.0973 0692 exfat - ok
08:03:39.0004 0692 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:03:39.0004 0692 fastfat - ok
08:03:39.0059 0692 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
08:03:39.0083 0692 Fax - ok
08:03:39.0137 0692 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
08:03:39.0137 0692 fdc - ok
08:03:39.0161 0692 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
08:03:39.0168 0692 fdPHost - ok
08:03:39.0192 0692 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
08:03:39.0200 0692 FDResPub - ok
08:03:39.0223 0692 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:03:39.0231 0692 FileInfo - ok
08:03:39.0254 0692 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:03:39.0254 0692 Filetrace - ok
08:03:39.0278 0692 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:03:39.0278 0692 flpydisk - ok
08:03:39.0317 0692 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:03:39.0325 0692 FltMgr - ok
08:03:39.0379 0692 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
08:03:39.0403 0692 FontCache - ok
08:03:39.0473 0692 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:03:39.0473 0692 FontCache3.0.0.0 - ok
08:03:39.0504 0692 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:03:39.0512 0692 FsDepends - ok
08:03:39.0559 0692 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:03:39.0559 0692 Fs_Rec - ok
08:03:39.0590 0692 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:03:39.0590 0692 fvevol - ok
08:03:39.0637 0692 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:03:39.0637 0692 gagp30kx - ok
08:03:39.0692 0692 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:39.0692 0692 GEARAspiWDM - ok
08:03:39.0773 0692 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
08:03:39.0796 0692 gpsvc - ok
08:03:39.0812 0692 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:03:39.0812 0692 hcw85cir - ok
08:03:39.0835 0692 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:03:39.0843 0692 HDAudBus - ok
08:03:39.0859 0692 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:03:39.0867 0692 HidBatt - ok
08:03:39.0890 0692 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:03:39.0898 0692 HidBth - ok
08:03:39.0921 0692 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
08:03:39.0929 0692 HidIr - ok
08:03:39.0968 0692 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
08:03:39.0976 0692 hidserv - ok
08:03:40.0007 0692 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:03:40.0031 0692 HidUsb - ok
08:03:40.0085 0692 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:03:40.0093 0692 hkmsvc - ok
08:03:40.0132 0692 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:03:40.0140 0692 HomeGroupListener - ok
08:03:40.0195 0692 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:03:40.0203 0692 HomeGroupProvider - ok
08:03:40.0250 0692 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:03:40.0250 0692 HpSAMD - ok
08:03:40.0312 0692 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:03:40.0320 0692 HTCAND32 - ok
08:03:40.0382 0692 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:03:40.0390 0692 HTTP - ok
08:03:40.0460 0692 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:03:40.0460 0692 hwpolicy - ok
08:03:40.0507 0692 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:03:40.0507 0692 i8042prt - ok
08:03:40.0554 0692 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:03:40.0562 0692 iaStorV - ok
08:03:40.0640 0692 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:03:40.0671 0692 idsvc - ok
08:03:40.0695 0692 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:03:40.0695 0692 iirsp - ok
08:03:40.0754 0692 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
08:03:40.0770 0692 IKEEXT - ok
08:03:40.0817 0692 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
08:03:40.0817 0692 intelide - ok
08:03:40.0848 0692 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:03:40.0856 0692 intelppm - ok
08:03:40.0895 0692 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:03:40.0903 0692 IPBusEnum - ok
08:03:40.0918 0692 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:40.0926 0692 IpFilterDriver - ok
08:03:40.0981 0692 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:03:40.0997 0692 iphlpsvc - ok
08:03:41.0028 0692 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:03:41.0036 0692 IPMIDRV - ok
08:03:41.0059 0692 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:03:41.0067 0692 IPNAT - ok
08:03:41.0168 0692 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:03:41.0200 0692 iPod Service - ok
08:03:41.0231 0692 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:03:41.0231 0692 IRENUM - ok
08:03:41.0254 0692 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:03:41.0254 0692 isapnp - ok
08:03:41.0293 0692 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:03:41.0309 0692 iScsiPrt - ok
08:03:41.0356 0692 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:03:41.0356 0692 kbdclass - ok
08:03:41.0403 0692 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:03:41.0403 0692 kbdhid - ok
08:03:41.0426 0692 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
08:03:41.0434 0692 KeyIso - ok
08:03:41.0481 0692 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:03:41.0489 0692 KSecDD - ok
08:03:41.0551 0692 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:03:41.0559 0692 KSecPkg - ok
08:03:41.0606 0692 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
08:03:41.0622 0692 KtmRm - ok
08:03:41.0684 0692 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
08:03:41.0708 0692 LanmanServer - ok
08:03:41.0762 0692 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:03:41.0770 0692 LanmanWorkstation - ok
08:03:41.0817 0692 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:03:41.0825 0692 lltdio - ok
08:03:41.0864 0692 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:03:41.0879 0692 lltdsvc - ok
08:03:41.0926 0692 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
08:03:41.0934 0692 lmhosts - ok
08:03:41.0973 0692 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:03:41.0981 0692 LSI_FC - ok
08:03:42.0012 0692 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:03:42.0012 0692 LSI_SAS - ok
08:03:42.0028 0692 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:03:42.0028 0692 LSI_SAS2 - ok
08:03:42.0051 0692 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:03:42.0051 0692 LSI_SCSI - ok
08:03:42.0083 0692 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
08:03:42.0090 0692 luafv - ok
08:03:42.0122 0692 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:03:42.0129 0692 Mcx2Svc - ok
08:03:42.0153 0692 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
08:03:42.0153 0692 megasas - ok
08:03:42.0176 0692 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:03:42.0184 0692 MegaSR - ok
08:03:42.0223 0692 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
08:03:42.0223 0692 MMCSS - ok
08:03:42.0247 0692 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
08:03:42.0254 0692 Modem - ok
08:03:42.0293 0692 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:03:42.0293 0692 monitor - ok
08:03:42.0333 0692 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:03:42.0333 0692 mouclass - ok
08:03:42.0364 0692 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:03:42.0372 0692 mouhid - ok
08:03:42.0395 0692 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:03:42.0395 0692 mountmgr - ok
08:03:42.0489 0692 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:03:42.0497 0692 MozillaMaintenance - ok
08:03:42.0520 0692 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
08:03:42.0528 0692 mpio - ok
08:03:42.0551 0692 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:03:42.0551 0692 mpsdrv - ok
08:03:42.0629 0692 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:03:42.0645 0692 MpsSvc - ok
08:03:42.0676 0692 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:03:42.0684 0692 MRxDAV - ok
08:03:42.0731 0692 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:42.0739 0692 mrxsmb - ok
08:03:42.0801 0692 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:42.0809 0692 mrxsmb10 - ok
08:03:42.0833 0692 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:42.0840 0692 mrxsmb20 - ok
08:03:42.0872 0692 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
08:03:42.0879 0692 msahci - ok
08:03:42.0918 0692 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:03:42.0926 0692 msdsm - ok
08:03:42.0950 0692 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
08:03:42.0965 0692 MSDTC - ok
08:03:43.0012 0692 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:03:43.0012 0692 Msfs - ok
08:03:43.0036 0692 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:03:43.0043 0692 mshidkmdf - ok
08:03:43.0067 0692 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:03:43.0067 0692 msisadrv - ok
08:03:43.0114 0692 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:03:43.0129 0692 MSiSCSI - ok
08:03:43.0145 0692 msiserver - ok
08:03:43.0200 0692 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:03:43.0200 0692 MSKSSRV - ok
08:03:43.0215 0692 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:43.0223 0692 MSPCLOCK - ok
08:03:43.0254 0692 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:03:43.0262 0692 MSPQM - ok
08:03:43.0309 0692 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:03:43.0317 0692 MsRPC - ok
08:03:43.0356 0692 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:03:43.0356 0692 mssmbios - ok
08:03:43.0379 0692 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:03:43.0387 0692 MSTEE - ok
08:03:43.0418 0692 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:03:43.0418 0692 MTConfig - ok
08:03:43.0442 0692 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
08:03:43.0450 0692 Mup - ok
08:03:43.0497 0692 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
08:03:43.0512 0692 napagent - ok
08:03:43.0583 0692 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:03:43.0590 0692 NativeWifiP - ok
08:03:43.0653 0692 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:03:43.0661 0692 NDIS - ok
08:03:43.0684 0692 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:43.0723 0692 NdisCap - ok
08:03:43.0754 0692 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:43.0754 0692 NdisTapi - ok
08:03:43.0777 0692 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:43.0785 0692 Ndisuio - ok
08:03:43.0824 0692 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:43.0832 0692 NdisWan - ok
08:03:43.0902 0692 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:03:43.0902 0692 NDProxy - ok
08:03:43.0933 0692 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:03:43.0933 0692 NetBIOS - ok
08:03:44.0003 0692 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:03:44.0011 0692 NetBT - ok
08:03:44.0027 0692 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
08:03:44.0035 0692 Netlogon - ok
08:03:44.0089 0692 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
08:03:44.0105 0692 Netman - ok
08:03:44.0605 0692 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
08:03:44.0628 0692 netprofm - ok
08:03:44.0660 0692 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:03:44.0667 0692 NetTcpPortSharing - ok
08:03:44.0714 0692 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:03:44.0714 0692 nfrd960 - ok
08:03:44.0753 0692 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:03:44.0769 0692 NlaSvc - ok
08:03:44.0849 0692 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
08:03:44.0849 0692 NPF - ok
08:03:44.0873 0692 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:03:44.0873 0692 Npfs - ok
08:03:44.0919 0692 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
08:03:44.0927 0692 nsi - ok
08:03:45.0060 0692 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:03:45.0060 0692 nsiproxy - ok
08:03:45.0310 0692 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:03:45.0333 0692 Ntfs - ok
08:03:45.0365 0692 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
08:03:45.0373 0692 Null - ok
08:03:45.0404 0692 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:03:45.0404 0692 nvraid - ok
08:03:45.0443 0692 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:03:45.0451 0692 nvstor - ok
08:03:45.0513 0692 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:03:45.0513 0692 nv_agp - ok
08:03:45.0529 0692 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:03:45.0732 0692 ohci1394 - ok
08:03:45.0787 0692 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:03:45.0794 0692 p2pimsvc - ok
08:03:45.0958 0692 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
08:03:45.0982 0692 p2psvc - ok
08:03:46.0029 0692 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:03:46.0029 0692 Parport - ok
08:03:46.0083 0692 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:03:46.0083 0692 partmgr - ok
08:03:46.0107 0692 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:03:46.0115 0692 Parvdm - ok
08:03:46.0138 0692 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:03:46.0146 0692 PcaSvc - ok
08:03:46.0169 0692 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
08:03:46.0169 0692 pci - ok
08:03:46.0201 0692 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
08:03:46.0201 0692 pciide - ok
08:03:46.0232 0692 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:03:46.0232 0692 pcmcia - ok
08:03:46.0263 0692 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
08:03:46.0263 0692 pcw - ok
08:03:46.0333 0692 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:03:46.0349 0692 PEAUTH - ok
08:03:46.0419 0692 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:03:46.0458 0692 PeerDistSvc - ok
08:03:46.0544 0692 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
08:03:46.0607 0692 pla - ok
08:03:46.0669 0692 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:03:46.0685 0692 PlugPlay - ok
08:03:46.0740 0692 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:03:46.0748 0692 PNRPAutoReg - ok
08:03:46.0779 0692 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:03:46.0787 0692 PNRPsvc - ok
08:03:46.0833 0692 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:03:46.0849 0692 PolicyAgent - ok
08:03:46.0888 0692 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
08:03:46.0896 0692 Power - ok
08:03:46.0943 0692 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:03:46.0951 0692 PptpMiniport - ok
08:03:46.0974 0692 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
08:03:46.0982 0692 Processor - ok
08:03:47.0021 0692 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
08:03:47.0029 0692 ProfSvc - ok
08:03:47.0052 0692 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:03:47.0052 0692 ProtectedStorage - ok
08:03:47.0076 0692 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:03:47.0083 0692 Psched - ok
08:03:47.0154 0692 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:03:47.0201 0692 ql2300 - ok
08:03:47.0224 0692 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:03:47.0232 0692 ql40xx - ok
08:03:47.0255 0692 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
08:03:47.0271 0692 QWAVE - ok
08:03:47.0591 0692 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:03:47.0591 0692 QWAVEdrv - ok
08:03:47.0623 0692 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:03:47.0623 0692 RasAcd - ok
08:03:47.0693 0692 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:47.0693 0692 RasAgileVpn - ok
08:03:47.0716 0692 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
08:03:47.0732 0692 RasAuto - ok
08:03:47.0763 0692 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:47.0763 0692 Rasl2tp - ok
08:03:48.0052 0692 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
08:03:48.0068 0692 RasMan - ok
08:03:48.0091 0692 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:48.0091 0692 RasPppoe - ok
08:03:48.0123 0692 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:03:48.0130 0692 RasSstp - ok
08:03:48.0162 0692 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:03:48.0169 0692 rdbss - ok
08:03:48.0201 0692 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:48.0208 0692 rdpbus - ok
08:03:48.0240 0692 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:48.0240 0692 RDPCDD - ok
08:03:48.0287 0692 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:03:48.0294 0692 RDPDR - ok
08:03:48.0326 0692 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:03:48.0326 0692 RDPENCDD - ok
08:03:48.0357 0692 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:03:48.0357 0692 RDPREFMP - ok
08:03:48.0419 0692 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:03:48.0427 0692 RdpVideoMiniport - ok
08:03:48.0482 0692 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:03:48.0482 0692 RDPWD - ok
08:03:48.0544 0692 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:03:48.0560 0692 rdyboost - ok
08:03:48.0591 0692 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
08:03:48.0607 0692 RemoteAccess - ok
08:03:48.0638 0692 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:03:48.0654 0692 RemoteRegistry - ok
08:03:48.0740 0692 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
08:03:48.0755 0692 rpcapd - ok
08:03:48.0779 0692 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:03:48.0794 0692 RpcEptMapper - ok
08:03:48.0833 0692 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
08:03:48.0841 0692 RpcLocator - ok
08:03:48.0873 0692 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
08:03:48.0880 0692 RpcSs - ok
08:03:48.0919 0692 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:03:48.0927 0692 rspndr - ok
08:03:48.0966 0692 [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
08:03:48.0974 0692 RTL8023xp - ok
08:03:48.0998 0692 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:03:48.0998 0692 s3cap - ok
08:03:49.0029 0692 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
08:03:49.0037 0692 SamSs - ok
08:03:49.0108 0692 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:03:49.0108 0692 SASDIFSV - ok
08:03:49.0139 0692 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:03:49.0147 0692 SASKUTIL - ok
08:03:49.0256 0692 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
08:03:49.0264 0692 SbieDrv - ok
08:03:49.0311 0692 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
08:03:49.0311 0692 SbieSvc - ok
08:03:49.0350 0692 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:03:49.0358 0692 sbp2port - ok
08:03:49.0397 0692 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:03:49.0405 0692 SCardSvr - ok
08:03:49.0483 0692 [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
08:03:49.0483 0692 SCDEmu - ok
08:03:49.0506 0692 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:03:49.0514 0692 scfilter - ok
08:03:49.0553 0692 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
08:03:49.0592 0692 Schedule - ok
08:03:49.0616 0692 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:03:49.0616 0692 SCPolicySvc - ok
08:03:49.0647 0692 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:03:49.0655 0692 SDRSVC - ok
08:03:49.0709 0692 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:03:49.0717 0692 secdrv - ok
08:03:49.0741 0692 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
08:03:49.0749 0692 seclogon - ok
08:03:49.0795 0692 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
08:03:49.0795 0692 SENS - ok
08:03:49.0983 0692 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:03:50.0131 0692 SensrSvc - ok
08:03:50.0186 0692 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:03:50.0194 0692 Serenum - ok
08:03:50.0217 0692 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
08:03:50.0217 0692 Serial - ok
08:03:50.0241 0692 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:03:50.0241 0692 sermouse - ok
08:03:50.0366 0692 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
08:03:50.0374 0692 SessionEnv - ok
08:03:50.0405 0692 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:03:50.0405 0692 sffdisk - ok
08:03:50.0420 0692 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:03:50.0428 0692 sffp_mmc - ok
08:03:50.0444 0692 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:03:50.0444 0692 sffp_sd - ok
08:03:50.0459 0692 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:03:50.0459 0692 sfloppy - ok
08:03:50.0530 0692 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:03:50.0538 0692 SharedAccess - ok
08:03:50.0584 0692 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:03:50.0600 0692 ShellHWDetection - ok
08:03:50.0631 0692 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:03:50.0631 0692 sisagp - ok
08:03:50.0678 0692 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:03:50.0686 0692 SiSRaid2 - ok
08:03:50.0709 0692 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:03:50.0709 0692 SiSRaid4 - ok
08:03:50.0749 0692 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:03:50.0749 0692 Smb - ok
08:03:50.0819 0692 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:03:50.0827 0692 SNMPTRAP - ok
08:03:50.0842 0692 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
08:03:50.0850 0692 spldr - ok
08:03:50.0881 0692 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
08:03:50.0897 0692 Spooler - ok
08:03:51.0045 0692 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
08:03:51.0155 0692 sppsvc - ok
08:03:51.0186 0692 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:03:51.0194 0692 sppuinotify - ok
08:03:51.0256 0692 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:03:51.0280 0692 srv - ok
08:03:51.0350 0692 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:03:51.0358 0692 srv2 - ok
08:03:51.0381 0692 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:03:51.0389 0692 srvnet - ok
08:03:51.0420 0692 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:03:51.0428 0692 SSDPSRV - ok
08:03:51.0459 0692 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:03:51.0475 0692 SstpSvc - ok
08:03:51.0514 0692 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:03:51.0522 0692 stexstor - ok
08:03:51.0584 0692 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
08:03:51.0600 0692 StiSvc - ok
08:03:51.0624 0692 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:03:51.0631 0692 storflt - ok
08:03:51.0655 0692 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
08:03:51.0655 0692 StorSvc - ok
08:03:51.0709 0692 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:03:51.0709 0692 storvsc - ok
08:03:51.0741 0692 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:03:51.0749 0692 swenum - ok
08:03:51.0795 0692 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
08:03:51.0827 0692 swprv - ok
08:03:51.0842 0692 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
08:03:51.0858 0692 Synth3dVsc - ok
08:03:51.0967 0692 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
08:03:52.0053 0692 SysMain - ok
08:03:52.0108 0692 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:03:52.0124 0692 TabletInputService - ok
08:03:52.0204 0692 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
08:03:52.0211 0692 TapiSrv - ok
08:03:52.0282 0692 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
08:03:52.0290 0692 TBS - ok
08:03:52.0383 0692 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:03:52.0454 0692 Tcpip - ok
08:03:52.0555 0692 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:03:52.0571 0692 TCPIP6 - ok
08:03:52.0625 0692 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:03:52.0633 0692 tcpipreg - ok
08:03:52.0665 0692 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:03:52.0665 0692 TDPIPE - ok
08:03:52.0727 0692 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:03:52.0727 0692 TDTCP - ok
08:03:52.0774 0692 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:03:52.0782 0692 tdx - ok
08:03:52.0805 0692 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:03:52.0805 0692 TermDD - ok
08:03:52.0829 0692 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
08:03:52.0829 0692 terminpt - ok
08:03:52.0891 0692 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
08:03:52.0907 0692 TermService - ok
08:03:52.0930 0692 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
08:03:52.0938 0692 Themes - ok
08:03:52.0961 0692 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
08:03:52.0961 0692 THREADORDER - ok
08:03:53.0008 0692 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
08:03:53.0016 0692 TrkWks - ok
08:03:53.0094 0692 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:03:53.0094 0692 TrustedInstaller - ok
08:03:53.0141 0692 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:53.0141 0692 tssecsrv - ok
08:03:53.0165 0692 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:03:53.0172 0692 TsUsbFlt - ok
08:03:53.0196 0692 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:03:53.0196 0692 TsUsbGD - ok
08:03:53.0219 0692 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
08:03:53.0227 0692 tsusbhub - ok
08:03:53.0407 0692 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:03:53.0407 0692 tunnel - ok
08:03:53.0430 0692 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:03:53.0430 0692 uagp35 - ok
08:03:53.0446 0692 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:03:53.0454 0692 udfs - ok
08:03:53.0508 0692 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:03:53.0516 0692 UI0Detect - ok
08:03:53.0625 0692 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:03:53.0633 0692 uliagpkx - ok
08:03:53.0711 0692 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:03:53.0719 0692 umbus - ok
08:03:53.0758 0692 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:03:53.0758 0692 UmPass - ok
08:03:53.0782 0692 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
08:03:53.0797 0692 UmRdpService - ok
08:03:53.0907 0692 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
08:03:53.0985 0692 upnphost - ok
08:03:54.0165 0692 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
08:03:54.0172 0692 USBAAPL - ok
08:03:54.0240 0692 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:54.0248 0692 usbccgp - ok
08:03:54.0279 0692 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:03:54.0279 0692 usbcir - ok
08:03:54.0544 0692 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:03:54.0669 0692 usbehci - ok
08:03:54.0748 0692 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:03:54.0748 0692 usbhub - ok
08:03:54.0810 0692 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:03:54.0810 0692 usbohci - ok
08:03:54.0849 0692 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:03:54.0849 0692 usbprint - ok
08:03:54.0880 0692 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:03:54.0888 0692 usbscan - ok
08:03:54.0904 0692 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:03:54.0912 0692 USBSTOR - ok
08:03:54.0935 0692 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:03:54.0935 0692 usbuhci - ok
08:03:54.0974 0692 [ B71DA871254D96D0349639D03E4C1CC1 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
08:03:54.0998 0692 USB_RNDIS - ok
08:03:55.0208 0692 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
08:03:55.0216 0692 UxSms - ok
08:03:55.0240 0692 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
08:03:55.0248 0692 VaultSvc - ok
08:03:55.0287 0692 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:03:55.0287 0692 vdrvroot - ok
08:03:55.0318 0692 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
08:03:55.0373 0692 vds - ok
08:03:55.0404 0692 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:55.0404 0692 vga - ok
08:03:55.0427 0692 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:03:55.0435 0692 VgaSave - ok
08:03:55.0451 0692 VGPU - ok
08:03:55.0482 0692 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:03:55.0482 0692 vhdmp - ok
08:03:55.0529 0692 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:03:55.0529 0692 viaagp - ok
08:03:55.0552 0692 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:03:55.0560 0692 ViaC7 - ok
08:03:55.0591 0692 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
08:03:55.0591 0692 viaide - ok
08:03:55.0654 0692 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:03:55.0669 0692 vmbus - ok
08:03:55.0693 0692 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:03:55.0693 0692 VMBusHID - ok
08:03:55.0732 0692 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:03:55.0732 0692 volmgr - ok
08:03:55.0771 0692 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:03:55.0779 0692 volmgrx - ok
08:03:55.0810 0692 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:03:55.0818 0692 volsnap - ok
08:03:55.0833 0692 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:03:55.0841 0692 vsmraid - ok
08:03:55.0935 0692 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
08:03:55.0951 0692 VSS - ok
08:03:56.0005 0692 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:03:56.0005 0692 vwifibus - ok
08:03:56.0044 0692 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
08:03:56.0060 0692 W32Time - ok
08:03:56.0083 0692 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:03:56.0083 0692 WacomPen - ok
08:03:56.0123 0692 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:03:56.0123 0692 WANARP - ok
08:03:56.0146 0692 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:03:56.0146 0692 Wanarpv6 - ok
08:03:56.0232 0692 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
08:03:56.0255 0692 wbengine - ok
08:03:56.0294 0692 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:03:56.0310 0692 WbioSrvc - ok
08:03:56.0341 0692 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:03:56.0357 0692 wcncsvc - ok
08:03:56.0380 0692 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:03:56.0396 0692 WcsPlugInService - ok
08:03:56.0435 0692 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
08:03:56.0435 0692 Wd - ok
08:03:56.0498 0692 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
08:03:56.0498 0692 WDC_SAM - ok
08:03:56.0544 0692 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:03:56.0560 0692 Wdf01000 - ok
08:03:56.0591 0692 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:03:56.0607 0692 WdiServiceHost - ok
08:03:56.0623 0692 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:03:56.0630 0692 WdiSystemHost - ok
08:03:56.0662 0692 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
08:03:56.0841 0692 WebClient - ok
08:03:56.0873 0692 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:03:56.0880 0692 Wecsvc - ok
08:03:56.0912 0692 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:03:56.0919 0692 wercplsupport - ok
08:03:56.0958 0692 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
08:03:56.0966 0692 WerSvc - ok
08:03:57.0005 0692 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:03:57.0013 0692 WfpLwf - ok
08:03:57.0177 0692 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:03:57.0177 0692 WIMMount - ok
08:03:57.0263 0692 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:03:57.0271 0692 WinDefend - ok
08:03:57.0287 0692 WinHttpAutoProxySvc - ok
08:03:57.0365 0692 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:03:57.0365 0692 Winmgmt - ok
08:03:57.0490 0692 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
08:03:57.0529 0692 WinRM - ok
08:03:57.0701 0692 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:03:57.0701 0692 WinUsb - ok
08:03:57.0748 0692 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:03:57.0771 0692 Wlansvc - ok
08:03:57.0974 0692 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:03:57.0998 0692 wlidsvc - ok
08:03:58.0060 0692 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:03:58.0068 0692 WmiAcpi - ok
08:03:58.0115 0692 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:03:58.0115 0692 wmiApSrv - ok
08:03:58.0201 0692 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:03:58.0232 0692 WMPNetworkSvc - ok
08:03:58.0271 0692 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:03:58.0279 0692 WPCSvc - ok
08:03:58.0310 0692 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:03:58.0318 0692 WPDBusEnum - ok
08:03:58.0349 0692 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:03:58.0349 0692 ws2ifsl - ok
08:03:58.0404 0692 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
08:03:58.0412 0692 wscsvc - ok
08:03:58.0435 0692 WSearch - ok
08:03:58.0560 0692 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:03:58.0623 0692 wuauserv - ok
08:03:58.0654 0692 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:03:58.0654 0692 WudfPf - ok
08:03:58.0693 0692 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:03:58.0701 0692 WUDFRd - ok
08:03:58.0748 0692 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:03:58.0755 0692 wudfsvc - ok
08:03:58.0787 0692 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:03:58.0794 0692 WwanSvc - ok
08:03:58.0927 0692 [ CBB769B5B5291C6FCDF9314A85C8142C ] X6XSEx_Pr143 C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys
08:03:58.0927 0692 X6XSEx_Pr143 - ok
08:03:58.0951 0692 ================ Scan global ===============================
08:03:59.0005 0692 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
08:03:59.0076 0692 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
08:03:59.0107 0692 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
08:03:59.0154 0692 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:03:59.0216 0692 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:03:59.0232 0692 [Global] - ok
08:03:59.0240 0692 ================ Scan MBR ==================================
08:03:59.0248 0692 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:03:59.0482 0692 \Device\Harddisk0\DR0 - ok
08:03:59.0490 0692 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk5\DR5
08:03:59.0779 0692 \Device\Harddisk5\DR5 - ok
08:03:59.0787 0692 ================ Scan VBR ==================================
08:03:59.0818 0692 [ 7F92D2C0BA5DBBF55A432260FE471D61 ] \Device\Harddisk0\DR0\Partition1
08:03:59.0826 0692 \Device\Harddisk0\DR0\Partition1 - ok
08:03:59.0857 0692 [ 8934C7D1396759B2ADC34AD89F7A527B ] \Device\Harddisk0\DR0\Partition2
08:03:59.0857 0692 \Device\Harddisk0\DR0\Partition2 - ok
08:03:59.0880 0692 [ B668CA6382C04EE5FC46A41CB9395837 ] \Device\Harddisk5\DR5\Partition1
08:03:59.0888 0692 \Device\Harddisk5\DR5\Partition1 - ok
08:03:59.0904 0692 [ 3A77AA5B0B48867372DE8F70908C476B ] \Device\Harddisk5\DR5\Partition2
08:03:59.0904 0692 \Device\Harddisk5\DR5\Partition2 - ok
08:03:59.0919 0692 ============================================================
08:03:59.0919 0692 Scan finished
08:03:59.0919 0692 ============================================================
08:03:59.0951 4284 Detected object count: 0
08:03:59.0951 4284 Actual detected object count: 0

When I opened aswMBR a window tells me "The procedure entry point aswscnGetVirusID could not be located in the dynamic link library aswScan.dll." but the program still opened up. Here is the scan results:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-23 08:09:01
-----------------------------
08:09:01.829 OS Version: Windows 6.1.7601 Service Pack 1
08:09:01.829 Number of processors: 1 586 0x2F02
08:09:01.836 ComputerName: COMPAQ UserName: Robbie
08:09:04.710 Initialize success
08:15:06.079 AVAST engine error: 2
08:15:10.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:15:10.271 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
08:15:10.287 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP1T0L0-2c
08:15:10.287 Disk 5 Vendor: WDC_WD3200AAJS-00RYA0 12.01B01 Size: 305245MB BusType: 3
08:15:10.349 Disk 0 MBR read successfully
08:15:10.349 Disk 0 MBR scan
08:15:10.349 Disk 0 Windows XP default MBR code
08:15:10.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:15:10.412 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190680 MB offset 206848
08:15:10.427 Disk 0 scanning sectors +390719488
08:15:10.521 Disk 0 scanning C:\Windows\system32\drivers
08:15:16.396 Service scanning
08:15:32.472 Modules scanning
08:15:48.044 Disk 0 trace - called modules:
08:15:48.083 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
08:15:48.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85062298]
08:15:48.115 3 CLASSPNP.SYS[8738f59e] -> nt!IofCallDriver -> [0x84bc9918]
08:15:48.130 5 ACPI.sys[86da53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x842fd908]
08:15:48.146 Scan finished successfully
08:16:06.567 Disk 0 MBR has been saved successfully to "C:\Users\Robbie\Desktop\MBR.dat"
08:16:06.583 The log file has been saved successfully to "C:\Users\Robbie\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 23 January 2013 - 11:42 AM

Lets continue

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#5 skartissue

skartissue
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 January 2013 - 12:44 PM

Here's the combofix log:

ComboFix 13-01-23.01 - Robbie 01/23/2013 9:18.3.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1215.673 [GMT -8:00]
Running from: c:\users\Robbie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robbie\AppData\Roaming\svighost.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 17:28 . 2013-01-23 17:29 -------- d-----w- c:\users\Robbie\AppData\Local\temp
2013-01-23 17:28 . 2013-01-23 17:28 -------- d-----w- c:\users\Roberto\AppData\Local\temp
2013-01-23 17:28 . 2013-01-23 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-23 17:28 . 2013-01-23 17:28 -------- d-----w- c:\users\Mcx1-COMPAQ\AppData\Local\temp
2013-01-23 17:28 . 2013-01-23 17:28 -------- d-----w- c:\users\Mcx1-COMPAQ.Compaq\AppData\Local\temp
2013-01-23 17:28 . 2013-01-23 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 00:11 . 2013-01-23 00:11 -------- d-----w- c:\program files\FreeTime
2013-01-17 16:54 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-17 16:54 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-17 16:54 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-17 16:53 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-17 16:53 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-17 05:43 . 2013-01-17 05:43 -------- d-----w- c:\users\Robbie\AppData\Local\Programs
2013-01-17 01:06 . 2013-01-17 01:22 -------- d-----w- C:\Dredd.2012.BDRip.XviD-SPARKS
2013-01-17 00:50 . 2013-01-17 00:53 -------- d-----w- C:\The.Hobbit.2012.DVDSCR.XviD-SHOWTiME
2013-01-11 07:59 . 2013-01-11 07:59 -------- d-----w- C:\sqlitebrowser_200_b1_win
2013-01-01 23:26 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-01 23:26 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-01 23:21 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-01 23:21 . 2012-11-16 16:33 149536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-01-01 23:21 . 2012-11-14 01:48 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-01 23:21 . 2012-11-14 01:51 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-01-01 23:21 . 2012-11-14 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-01 23:21 . 2012-11-14 01:52 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-01-01 23:21 . 2012-11-14 01:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-01 23:20 . 2012-11-14 02:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-01 23:20 . 2012-11-16 16:33 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-01-01 23:20 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-01-01 23:20 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-01-01 23:20 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-01 22:56 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-01 22:56 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 10:29 . 2012-08-06 11:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8003101C-53B3-4D17-A8D3-7CBA153B9915}\offreg.dll
2013-01-09 07:59 . 2012-04-01 23:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 07:59 . 2011-05-21 13:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 00:49 . 2011-05-01 08:38 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-08 19:29 . 2012-11-08 19:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-10-30 23:51 . 2012-08-06 00:02 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-08-06 00:02 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-08-06 00:02 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-08-06 00:02 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51 . 2012-08-06 00:02 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-08-06 00:00 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-08-06 00:00 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-19 10:52 . 2013-01-10 19:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\ERDNT\cache\user32.dll
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-30 4763008]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-08-23 4866520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"jimbii"="c:\program files\MyBrowserCash Addon\updater.exe" [2011-06-27 360960]
"USBScan.exe"="c:\program files\USBScan\USBScan.exe" [2011-12-09 488960]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-08-23 4866520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\Free Ride Games\X6XSEx_Pr143.Sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19054587
*NewlyCreated* - 42717401
*NewlyCreated* - ASWMBR
*Deregistered* - 19054587
*Deregistered* - 42717401
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:59]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411423683-2829448076-2938132232-1001Core.job
- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 21:56]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3411423683-2829448076-2938132232-1001UA.job
- c:\users\Robbie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 21:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?ourmark=3&sid=100293&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-23 09:31:29
ComboFix-quarantined-files.txt 2013-01-23 17:31
.
Pre-Run: 1,524,510,720 bytes free
Post-Run: 5,576,388,608 bytes free
.
- - End Of File - - 79199F2052FC272CCD98DBF760922F33

and here's the Adwcleaner log:

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 09:41:13
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Robbie - COMPAQ
# Boot Mode : Normal
# Running from : C:\Users\Robbie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\searchplugins\Askcom.xml
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Robbie\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Robbie\AppData\Roaming\iWin
Folder Found : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\FCTB

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-3411423683-2829448076-2938132232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-3411423683-2829448076-2938132232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7ix0ezy.default\prefs.js

[OK] File is clean.

File : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.ClearCacheDate", 9);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DNSCatch", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DisplayEULA", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.EBOMode", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.FirstLaunchShown", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.LoadLayoutDate.100293", 9);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.ShowRecommendedOptions", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.StateReportDate", "1320713545090");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeInstallSaved", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeinstall.homepage", "hxxp%3A//www.msn.com/[...]
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeinstall.search", "Bing");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.customNewTab", false);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.helpUsImprove", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.hideOthers", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.partnerauth", false);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.processAddrBar", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.restoreSearch", false);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.searchHistory", true);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2[...]
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.showFirstLaunchOptions", false);
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.tb_lang", "en");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.tool_id", "100293");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_id", "103958700");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_key", "4cec223371c83c18bfc11821cb2aac909ba[...]
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_layouts", "100293");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_lnames", "SocialRibbons");
Found : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.yahooSearch", true);
Found : user_pref("keyword.URL", "hxxp://serp.freecause.com/?ourmark=3&sid=100293&q=");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6005 octets] - [23/01/2013 09:41:13]

########## EOF - C:\AdwCleaner[R1].txt - [6065 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 23 January 2013 - 01:44 PM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please refer to my previous post and download and run the Security Check tool.
Post the log for my review.

Let me know what problem persists on this computer.

#7 skartissue

skartissue
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 January 2013 - 02:26 PM

Here is the AdwCleaner log:

# AdwCleaner v2.107 - Logfile created 01/23/2013 at 11:15:50
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Robbie - COMPAQ
# Boot Mode : Normal
# Running from : C:\Users\Robbie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\searchplugins\Askcom.xml
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Robbie\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Robbie\AppData\Roaming\iWin
Folder Deleted : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\FCTB

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\j7ix0ezy.default\prefs.js

[OK] File is clean.

File : C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\prefs.js

C:\Users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\th4boaso.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.ClearCacheDate", 9);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DNSCatch", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DisplayEULA", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.EBOMode", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.FirstLaunchShown", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.LoadLayoutDate.100293", 9);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.ShowRecommendedOptions", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.StateReportDate", "1320713545090");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeInstallSaved", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeinstall.homepage", "hxxp%3A//www.msn.com/[...]
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.beforeinstall.search", "Bing");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.customNewTab", false);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.helpUsImprove", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.hideOthers", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.partnerauth", false);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.processAddrBar", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.restoreSearch", false);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.searchHistory", true);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2[...]
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.showFirstLaunchOptions", false);
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.tb_lang", "en");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.tool_id", "100293");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_id", "103958700");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_key", "4cec223371c83c18bfc11821cb2aac909ba[...]
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_layouts", "100293");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.user_lnames", "SocialRibbons");
Deleted : user_pref("freecause0b9cd8dd0f8a98b451b32a4c4297fb2d.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://serp.freecause.com/?ourmark=3&sid=100293&q=");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Robbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6134 octets] - [23/01/2013 09:41:13]
AdwCleaner[S1].txt - [5972 octets] - [23/01/2013 11:15:50]

########## EOF - C:\AdwCleaner[S1].txt - [6032 octets] ##########

Here's Security Check log:

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Wise Registry Cleaner 6.14
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Mozilla Firefox (18.0.1)
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Everything seems to be running fine right now. My storage drive is back in the my computer window and it has the proper letter (D:) instead of (G:), everything looks good.

#8 skartissue

skartissue
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 January 2013 - 02:28 PM

Looks like my Java version is out of date. Updating it now.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 23 January 2013 - 04:39 PM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 skartissue

skartissue
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 27 January 2013 - 12:16 AM

The problem is back! :( I get a bluescreen and my storage drive disappears. When I try to bring it back through device manager and 'scanning for hardware changes' it changes the letter of the drive to G: instead of D: ....Help?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 27 January 2013 - 09:23 AM

Looks like some hardware or a problem with the BIOS.

Start a new topic in this forum.
Windows 7 Forum
http://www.bleepingcomputer.com/forums/forum167.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users