Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Malware - Playing Audio/Taking Data


  • This topic is locked This topic is locked
21 replies to this topic

#1 chindsiv

chindsiv

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 July 2013 - 11:55 AM

Hi All,
 

Last week I accidentally allowed what I now believe to be a phony Adobe update to install on my desktop. Instantly the PC was running slowly, and over the next day it crashed (BlueScreen) twice. I began to notice audio playing in the form of commercials and ads, some in languages I didn't recognize. I assumed these were just hidden on a webpage that I had up at the time. The next day one of my accounts to was locked due to a suspicious change in the access pattern. Later on, the audio ads came on, but then the song "Anything you can do, I can do better" started playing loudly. I exited every webpage and program, and the song still repeated a 15-ish second clip.

I ran a Microsoft Security Essentials scan on the all files. 2 Trojans were found, and I had them removed. The audio continued, however. My PC began to crash repeatedly. I booted into safe mode, transferred MBAM to the PC using a USB drive, and installed the program. However, I couldn't update MBAM because I couldn't connect to the internet (even in Safe-Mode with networking). I ran a full scan, but MBAM couldn't find anything.

 

I decided to attempt to wipe everything and re-install windows & using a disc that I borrowed. I put my important documents onto a USB flash drive, and inserted the disc. The disc would not auto-run on restart, so I ran it manually and reinstalled. I installed all 139+ windows updates, installed MSE, adobe flash player, and java. After doing all of this, I plugged my speakers  back into the PC (they were playing off of my phone to keep me sane), and do my dismay the audio ads were still playing, along with that song.

I ran another MSE scan which came up with nothing. I left my PC on at night, and woke up to ads/commercials playing. However, the PC was at the windows updating screen, which appeared to be installing a service pack and was on step 2/3. Pissed off, I assumed that whatever was being installed at that point was due to the malware and I just shut my PC off. I haven't touched it since.

I don't know what to do at this point. Could the virus/mlware be underneath my OS? Possibly made itself its own partition that pulls itself in when I try to reinstall? (This was what I was told by a friend).
 

Is there any software that will remove this issue? I'm a the point now where I'd like to just wipe everything, but I may not be able to get my hands on a windows 7 or 8 disc that isn't expired (without paying).

Thank you for any help!

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 01 July 2013 - 09:47 PM



Hello chindsiv

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 July 2013 - 05:17 PM

Hey Gringo,

 

Thanks for helping me out. Here are the two logs:

1)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.25.2
Run by Chas at 15:00:46 on 2013-07-02
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3070.1170 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.reddit.com/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{567E6348-3E4E-4B4D-A378-933BB380C38A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E26BDA95-76E2-49A1-AE3E-45DE1390442E} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-6-28 1256192]
.
=============== Created Last 30 ================
.
2013-06-30 10:31:27 -------- d-----w- C:\Windows\System32\SPReview
2013-06-30 10:29:45 -------- d-----w- C:\Windows\System32\EventProviders
2013-06-30 03:53:56 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05A94772-2CE7-4E0E-AE9E-3BB2D5A187FC}\mpengine.dll
2013-06-29 20:14:01 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2013-06-29 20:14:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-06-29 20:12:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2013-06-29 20:11:59 571904 ----a-w- C:\Windows\System32\mspbda.dll
2013-06-29 20:10:59 88576 ----a-w- C:\Windows\System32\drivers\wanarp.sys
2013-06-29 20:09:59 67072 ----a-w- C:\Windows\System32\wsnmp32.dll
2013-06-29 20:08:59 38912 ----a-w- C:\Windows\System32\drivers\CompositeBus.sys
2013-06-29 20:07:28 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2013-06-29 20:06:54 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2013-06-29 20:06:54 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2013-06-29 20:06:54 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2013-06-29 20:00:29 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2013-06-29 20:00:29 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2013-06-29 20:00:17 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2013-06-29 19:06:25 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-06-29 19:06:25 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-06-29 19:06:25 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-06-29 19:06:24 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-06-29 19:06:23 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-06-29 19:06:23 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-06-29 19:06:23 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-06-29 19:05:05 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-06-29 19:05:05 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-06-29 19:05:04 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-06-29 19:05:04 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-06-29 19:05:04 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-06-29 19:05:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-06-29 19:05:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-06-29 19:05:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-06-29 19:05:03 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-06-29 19:05:02 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-06-29 04:33:26 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-06-29 04:33:26 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2013-06-29 04:33:26 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-06-29 04:32:10 -------- d-----w- C:\ProgramData\Battle.net
2013-06-29 03:10:31 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-29 03:10:31 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-29 03:10:21 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 03:07:06 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-29 03:07:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 03:05:19 -------- d-----w- C:\Users\Chas\AppData\Local\Adobe
2013-06-29 02:38:25 -------- d-----w- C:\Windows\SysWow64\Wat
2013-06-29 02:38:25 -------- d-----w- C:\Windows\System32\Wat
2013-06-29 01:46:10 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-06-29 01:45:36 878368 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-29 01:45:36 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-29 01:45:36 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-29 01:45:35 6207776 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-29 01:45:35 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-29 01:45:35 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-29 01:44:51 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-06-29 01:44:51 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-29 01:43:19 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-06-29 01:43:10 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-06-29 01:32:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-06-29 01:32:23 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-06-29 01:32:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-06-29 01:32:23 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-06-29 00:51:38 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-06-29 00:51:37 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-06-29 00:51:37 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-06-29 00:51:37 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-06-29 00:51:37 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-06-29 00:51:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-06-29 00:49:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-06-29 00:49:26 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-06-29 00:49:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-06-29 00:49:26 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-06-29 00:49:25 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-06-29 00:49:24 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-06-29 00:49:24 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-06-29 00:41:35 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-06-29 00:41:34 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-06-29 00:41:34 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-06-29 00:41:34 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-06-29 00:41:34 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-06-28 23:45:18 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-06-28 23:45:18 31232 ----a-w- C:\Windows\System32\prevhost.exe
2013-06-28 23:42:42 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-28 23:42:42 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-28 23:42:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-28 23:42:40 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-28 23:42:40 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-28 23:42:40 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-28 23:42:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-06-28 23:42:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-06-28 23:40:59 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-28 23:39:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2013-06-28 23:24:12 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-06-28 23:24:11 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-06-28 23:24:11 1118720 ----a-w- C:\Windows\System32\sbe.dll
2013-06-28 23:24:10 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2013-06-28 23:24:10 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2013-06-28 23:24:10 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2013-06-28 23:22:59 642944 ----a-w- C:\Windows\System32\winload.efi
2013-06-28 23:17:14 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-28 23:17:14 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-28 23:17:13 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-28 23:17:13 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-28 23:17:13 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-28 23:17:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-28 23:16:26 77312 ----a-w- C:\Windows\System32\packager.dll
2013-06-28 23:16:25 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-06-28 23:11:32 67072 ----a-w- C:\Windows\splwow64.exe
2013-06-28 23:11:32 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-06-28 23:07:00 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F069D7F-FEC4-4EB7-8199-87928001E490}\gapaengine.dll
2013-06-28 23:06:54 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 23:06:48 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-06-28 22:53:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-28 22:53:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-28 22:52:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-28 22:52:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-28 22:52:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-28 22:46:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-28 22:46:46 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-28 22:46:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-28 22:46:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-28 22:11:28 -------- d-----w- C:\Users\Chas\AppData\Local\VirtualStore
2013-06-28 13:46:13 -------- d-----w- C:\Windows\Panther
2013-06-18 20:31:03 -------- d-----w- C:\NVIDIA
.
==================== Find3M  ====================
.
2013-07-02 20:51:51 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-07-02 20:51:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 15:14:01.89 ===============

 

2)

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 6/28/2013 3:09:02 PM
System Uptime: 7/2/2013 2:41:25 PM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0CT017
Processor: Intel® Core™2 CPU          6320  @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 249.455 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 6/29/2013 3:00:22 AM - Windows Update
RP10: 6/30/2013 3:00:39 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Java 7 Update 25
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
7/2/2013 2:57:53 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
7/2/2013 2:57:53 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
7/2/2013 2:56:52 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:53 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:55:52 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/2/2013 2:36:43 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63AA156-D534-4BAC-9BF1-55359CF5EC30}  and APPID  {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}  to the user Chas-PC\UpdatusUser SID (S-1-5-21-515461773-2998553637-4167277022-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/2/2013 2:12:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.153.915.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9607.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/2/2013 2:12:21 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.153.915.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9607.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/30/2013 4:32:16 AM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The client of a component requested an operation which is not valid given the state of the component instance.
6/28/2013 9:53:52 PM, Error: Service Control Manager [7000]  - The Computer Browser service failed to start due to the following error:  The pipe has been ended.
6/28/2013 8:39:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Print Spooler service to connect.
6/28/2013 8:39:34 PM, Error: Service Control Manager [7000]  - The Print Spooler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/28/2013 8:39:26 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
6/28/2013 8:27:05 PM, Error: Service Control Manager [7034]  - The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
6/28/2013 8:27:05 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 2 time(s).
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Extensible Authentication Protocol service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/28/2013 8:27:05 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 7:49:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
6/28/2013 7:47:20 PM, Error: Service Control Manager [7023]  -
6/28/2013 7:40:33 PM, Error: Service Control Manager [7023]  - The Software Protection service terminated with the following error:  The media is write protected.
6/28/2013 7:40:30 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WSWNDA3100v2 service to connect.
6/28/2013 7:40:30 PM, Error: Service Control Manager [7000]  - The WSWNDA3100v2 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/28/2013 7:40:17 PM, Error: Service Control Manager [7034]  - The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
6/28/2013 7:40:17 PM, Error: Service Control Manager [7031]  - The WSWNDA3100v2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
6/28/2013 7:39:18 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v2.0.50727_X86 service to connect.
6/28/2013 7:33:35 PM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
6/28/2013 5:28:02 PM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/28/2013 5:14:13 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/28/2013 4:51:12 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error:  An instance of the service is already running.
6/28/2013 4:02:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:02:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:02:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:02:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:02:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:02:22 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/28/2013 4:01:16 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: Chas-PC\Chas   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:01:16 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: Chas-PC\Chas   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 4:01:16 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: Chas-PC\Chas   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved
6/28/2013 3:55:55 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/28/2013 3:38:19 PM, Error: Service Control Manager [7030]  - The WSWNDA3100v2 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
 

 

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 02 July 2013 - 08:51 PM



Hello chindsiv

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 July 2013 - 11:08 PM

Things seem to be running a bit faster now. However, when ADW required a restart I walked away for a few. When I came back windows was at the boot screen stating that the system had shut down correctly. I didn't see what happened. However, here are the logs:

 

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 23:12:17
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Chas - CHAS-PC
# Boot Mode : Normal
# Running from : C:\Users\Chas\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [510 octets] - [02/07/2013 23:12:17]

########## EOF - C:\AdwCleaner[S1].txt - [569 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x64
Ran by Chas on Tue 07/02/2013 at 23:34:53.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/03/2013 at  0:03:19.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 03 July 2013 - 12:23 AM


Hello chindsiv

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 03 July 2013 - 09:09 AM

Gringo,

After making my last post, I shut down my PC before bed. Early this morning I tried to start up, and before loading my desktop the PC Blue-Screened and crashed. It loaded my desktop when I attempted booting the second time. I downloaded CowboFix to my desktop. When I double clicked, nothing appeared, and a few seconds later my PC crashed again (Blue Screen).

I ran out of time and had to leave for work. I'm leaving straight from work to go out of town and I won't be back until Sunday, July 7th.

Please keep this thread open while I'm gone. I will attempt to run ComboFix when I return on Sunday, along with any other programs that you suggest while I am gone.

Thanks for your help so far!



 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 03 July 2013 - 12:58 PM


Hello chindsiv

run these when you come back

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 07 July 2013 - 02:14 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 07 July 2013 - 09:04 PM

Gringo,

I ran ComboFix. Here is the log:

 

ComboFix 13-07-08.02 - Chas 07/07/2013  18:04:11.1.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3070.1617 [GMT -7:00]
Running from: c:\users\Chas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Setup.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 01:11 . 2013-07-08 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-03 06:34 . 2013-07-03 06:34 -------- d-----w- c:\windows\ERUNT
2013-07-03 06:34 . 2013-07-03 06:34 -------- d-----w- C:\JRT
2013-07-03 02:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-07-03 02:13 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-03 02:13 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-03 02:13 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-07-03 02:13 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-03 02:13 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-03 02:12 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-03 02:12 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-03 02:12 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-03 02:12 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-03 02:12 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-03 02:12 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-03 02:12 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-03 02:12 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-03 02:12 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-03 02:12 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-02 22:14 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A28AF07-700F-4897-9A91-9CC5AFF57AA7}\mpengine.dll
2013-06-30 10:31 . 2013-06-30 10:31 -------- d-----w- c:\windows\system32\SPReview
2013-06-30 10:29 . 2013-06-30 10:29 -------- d-----w- c:\windows\system32\EventProviders
2013-06-30 03:53 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-29 20:14 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-29 20:14 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-06-29 20:12 . 2010-11-20 13:27 263168 ----a-w- c:\windows\system32\spwizui.dll
2013-06-29 20:11 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll
2013-06-29 20:10 . 2010-11-20 13:27 222720 ----a-w- c:\windows\system32\wwanconn.dll
2013-06-29 20:09 . 2010-11-20 13:27 67072 ----a-w- c:\windows\system32\wsnmp32.dll
2013-06-29 20:08 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2013-06-29 20:07 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-06-29 20:06 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-06-29 20:06 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-06-29 20:06 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-06-29 20:00 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-06-29 20:00 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-06-29 20:00 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-06-29 19:06 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-06-29 19:06 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-06-29 19:06 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-06-29 19:06 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-06-29 19:06 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-06-29 19:06 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-06-29 19:06 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-06-29 19:05 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-06-29 19:05 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-06-29 19:05 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-06-29 19:05 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-06-29 19:05 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-06-29 19:05 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-06-29 19:05 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-06-29 19:05 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-06-29 19:05 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-06-29 19:05 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-06-29 19:05 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-06-29 10:02 . 2013-06-29 10:02 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-06-29 04:33 . 2013-06-29 04:36 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-06-29 04:33 . 2013-06-29 04:33 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-06-29 04:33 . 2013-06-29 04:33 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-06-29 04:32 . 2013-06-29 04:32 -------- d-----w- c:\programdata\Battle.net
2013-06-29 03:10 . 2013-06-29 03:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-29 03:10 . 2013-06-29 03:09 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-29 03:10 . 2013-06-29 03:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-29 03:10 . 2013-06-29 03:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 03:09 . 2013-06-29 03:09 -------- d-----w- c:\program files (x86)\Java
2013-06-29 03:09 . 2013-06-29 03:09 -------- d-----w- c:\programdata\McAfee
2013-06-29 03:07 . 2013-06-29 03:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-29 03:07 . 2013-06-29 03:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 03:07 . 2013-06-29 03:07 -------- d-----w- c:\windows\SysWow64\Macromed
2013-06-29 03:06 . 2013-06-29 03:06 -------- d-----w- c:\windows\system32\Macromed
2013-06-29 02:38 . 2013-06-29 02:38 -------- d-----w- c:\windows\SysWow64\Wat
2013-06-29 02:38 . 2013-06-29 02:38 -------- d-----w- c:\windows\system32\Wat
2013-06-29 01:32 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-29 01:32 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-29 01:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-29 01:32 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-29 00:54 . 2013-06-03 00:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-29 00:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-06-29 00:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-06-29 00:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-06-29 00:51 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-06-29 00:51 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-06-29 00:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-06-29 00:49 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-29 00:49 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-29 00:49 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-29 00:49 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-29 00:49 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-29 00:49 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-29 00:49 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-29 00:41 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-29 00:41 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-29 00:41 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-29 00:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-06-29 00:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-06-28 23:45 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-06-28 23:45 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-06-28 23:42 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-06-28 23:42 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-06-28 23:42 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-28 23:42 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-06-28 23:42 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-06-28 23:42 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-06-28 23:42 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-06-28 23:42 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-06-28 23:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-06-28 23:39 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2013-06-28 23:24 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-06-28 23:24 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2013-06-28 23:24 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2013-06-28 23:24 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2013-06-28 23:24 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2013-06-28 23:24 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2013-06-28 23:22 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2013-06-28 23:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-06-28 23:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-06-28 23:11 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-28 23:11 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-06-28 23:07 . 2013-06-28 23:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F069D7F-FEC4-4EB7-8199-87928001E490}\gapaengine.dll
2013-06-28 23:06 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-06-28 22:53 . 2013-06-28 22:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-28 22:53 . 2013-06-28 22:54 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-28 22:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-06-28 22:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-06-28 22:52 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 20:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-07-02 20:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2013-6-28 8453376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.reddit.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-07-07  18:32:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-08 01:32
.
Pre-Run: 261,877,194,752 bytes free
Post-Run: 262,721,298,432 bytes free
.
- - End Of File - - 3E000F2BEBAE976641986E7EF31BE3B4
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

When it finished running, I attempted to open Internet Explorer and received this error message:

"Illegal operation attempted on a registry key that has been marked for deletion."

 

I restarted my PC as you instructed. When it went to boot back up, it crashed (BlueScreen).

The second attempt to reboot was successful though.

I will now run the other programs and report back to you.

 

Thanks!



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 07 July 2013 - 09:33 PM

OK and after you run those let me know how the computer is running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 07 July 2013 - 10:13 PM

First Log:

 

19:22:00.0709 2508  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:22:01.0598 2508  ============================================================
19:22:01.0598 2508  Current date / time: 2013/07/07 19:22:01.0598
19:22:01.0598 2508  SystemInfo:
19:22:01.0598 2508 
19:22:01.0598 2508  OS Version: 6.1.7601 ServicePack: 1.0
19:22:01.0598 2508  Product type: Workstation
19:22:01.0598 2508  ComputerName: CHAS-PC
19:22:01.0598 2508  UserName: Chas
19:22:01.0598 2508  Windows directory: C:\Windows
19:22:01.0598 2508  System windows directory: C:\Windows
19:22:01.0598 2508  Running under WOW64
19:22:01.0598 2508  Processor architecture: Intel x64
19:22:01.0598 2508  Number of processors: 2
19:22:01.0598 2508  Page size: 0x1000
19:22:01.0598 2508  Boot type: Normal boot
19:22:01.0598 2508  ============================================================
19:22:11.0151 2508  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:22:11.0211 2508  ============================================================
19:22:11.0211 2508  \Device\Harddisk0\DR0:
19:22:11.0241 2508  MBR partitions:
19:22:11.0241 2508  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
19:22:11.0241 2508  ============================================================
19:22:12.0231 2508  C: <-> \Device\Harddisk0\DR0\Partition1
19:22:12.0231 2508  ============================================================
19:22:12.0231 2508  Initialize success
19:22:12.0231 2508  ============================================================
19:23:29.0378 2156  ============================================================
19:23:29.0378 2156  Scan started
19:23:29.0378 2156  Mode: Manual; SigCheck; TDLFS;
19:23:29.0378 2156  ============================================================
19:23:30.0688 2156  ================ Scan system memory ========================
19:23:30.0688 2156  System memory - ok
19:23:30.0688 2156  ================ Scan services =============================
19:23:32.0560 2156  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:23:32.0857 2156  1394ohci - ok
19:23:32.0981 2156  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:23:33.0044 2156  ACPI - ok
19:23:33.0169 2156  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:23:33.0371 2156  AcpiPmi - ok
19:23:33.0481 2156  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:23:33.0512 2156  adp94xx - ok
19:23:33.0590 2156  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:23:33.0621 2156  adpahci - ok
19:23:33.0668 2156  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:23:33.0715 2156  adpu320 - ok
19:23:33.0808 2156  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:23:34.0448 2156  AeLookupSvc - ok
19:23:34.0557 2156  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:23:34.0635 2156  AFD - ok
19:23:34.0697 2156  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:23:34.0744 2156  agp440 - ok
19:23:34.0775 2156  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:23:34.0838 2156  ALG - ok
19:23:34.0931 2156  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:23:34.0947 2156  aliide - ok
19:23:34.0978 2156  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:23:34.0994 2156  amdide - ok
19:23:35.0087 2156  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:23:35.0197 2156  AmdK8 - ok
19:23:35.0212 2156  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:23:35.0259 2156  AmdPPM - ok
19:23:35.0337 2156  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:23:35.0368 2156  amdsata - ok
19:23:35.0415 2156  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:23:35.0462 2156  amdsbs - ok
19:23:35.0477 2156  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:23:35.0493 2156  amdxata - ok
19:23:35.0555 2156  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:23:37.0240 2156  AppID - ok
19:23:37.0271 2156  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:23:37.0349 2156  AppIDSvc - ok
19:23:37.0459 2156  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:23:37.0521 2156  Appinfo - ok
19:23:37.0615 2156  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:23:37.0646 2156  AppMgmt - ok
19:23:37.0708 2156  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:23:37.0739 2156  arc - ok
19:23:37.0817 2156  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:23:37.0833 2156  arcsas - ok
19:23:37.0849 2156  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:37.0911 2156  AsyncMac - ok
19:23:37.0942 2156  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:23:37.0958 2156  atapi - ok
19:23:38.0129 2156  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:23:38.0223 2156  AudioEndpointBuilder - ok
19:23:38.0239 2156  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:23:38.0285 2156  AudioSrv - ok
19:23:38.0395 2156  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:23:38.0488 2156  AxInstSV - ok
19:23:38.0566 2156  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:23:38.0613 2156  b06bdrv - ok
19:23:38.0769 2156  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:23:38.0925 2156  b57nd60a - ok
19:23:39.0065 2156  [ 44E6E51AEDBF3E0B38A6CD5432649E57 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
19:23:39.0112 2156  BCMH43XX - ok
19:23:39.0175 2156  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:23:39.0221 2156  BDESVC - ok
19:23:39.0268 2156  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:23:39.0331 2156  Beep - ok
19:23:39.0518 2156  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:23:39.0596 2156  BFE - ok
19:23:39.0955 2156  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
19:23:40.0048 2156  BITS - ok
19:23:40.0111 2156  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:23:40.0126 2156  blbdrive - ok
19:23:40.0173 2156  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:23:40.0220 2156  bowser - ok
19:23:40.0220 2156  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:23:40.0298 2156  BrFiltLo - ok
19:23:40.0313 2156  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:23:40.0329 2156  BrFiltUp - ok
19:23:40.0360 2156  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:23:40.0423 2156  BridgeMP - ok
19:23:40.0501 2156  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:23:40.0547 2156  Browser - ok
19:23:40.0594 2156  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:23:40.0672 2156  Brserid - ok
19:23:40.0688 2156  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:40.0719 2156  BrSerWdm - ok
19:23:40.0735 2156  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:40.0781 2156  BrUsbMdm - ok
19:23:40.0781 2156  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:40.0813 2156  BrUsbSer - ok
19:23:40.0828 2156  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:23:40.0844 2156  BTHMODEM - ok
19:23:41.0171 2156  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:23:41.0218 2156  bthserv - ok
19:23:41.0281 2156  catchme - ok
19:23:41.0312 2156  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:23:41.0374 2156  cdfs - ok
19:23:41.0452 2156  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:23:41.0468 2156  cdrom - ok
19:23:41.0577 2156  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:23:41.0671 2156  CertPropSvc - ok
19:23:41.0827 2156  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:23:41.0889 2156  circlass - ok
19:23:41.0951 2156  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:23:42.0045 2156  CLFS - ok
19:23:42.0310 2156  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:42.0373 2156  clr_optimization_v2.0.50727_32 - ok
19:23:42.0700 2156  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:23:42.0747 2156  clr_optimization_v2.0.50727_64 - ok
19:23:42.0903 2156  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:23:43.0059 2156  clr_optimization_v4.0.30319_32 - ok
19:23:43.0277 2156  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:23:43.0293 2156  clr_optimization_v4.0.30319_64 - ok
19:23:43.0387 2156  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:23:43.0418 2156  CmBatt - ok
19:23:43.0480 2156  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:23:43.0511 2156  cmdide - ok
19:23:43.0667 2156  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:23:43.0730 2156  CNG - ok
19:23:43.0745 2156  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:23:43.0761 2156  Compbatt - ok
19:23:43.0839 2156  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:23:43.0901 2156  CompositeBus - ok
19:23:43.0917 2156  COMSysApp - ok
19:23:43.0948 2156  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:23:43.0964 2156  crcdisk - ok
19:23:44.0089 2156  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:23:44.0167 2156  CryptSvc - ok
19:23:44.0260 2156  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:23:44.0369 2156  CSC - ok
19:23:44.0432 2156  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:23:44.0510 2156  CscService - ok
19:23:44.0588 2156  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:23:44.0666 2156  DcomLaunch - ok
19:23:44.0744 2156  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:23:44.0806 2156  defragsvc - ok
19:23:44.0884 2156  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:23:44.0947 2156  DfsC - ok
19:23:45.0118 2156  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:23:45.0149 2156  Dhcp - ok
19:23:45.0196 2156  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:23:45.0259 2156  discache - ok
19:23:45.0321 2156  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:23:45.0337 2156  Disk - ok
19:23:45.0446 2156  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:23:45.0493 2156  Dnscache - ok
19:23:45.0633 2156  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:23:45.0711 2156  dot3svc - ok
19:23:45.0789 2156  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:23:45.0945 2156  DPS - ok
19:23:45.0976 2156  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:23:46.0101 2156  drmkaud - ok
19:23:46.0195 2156  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:23:46.0226 2156  DXGKrnl - ok
19:23:46.0288 2156  [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
19:23:46.0366 2156  e1express - ok
19:23:46.0429 2156  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:23:46.0507 2156  EapHost - ok
19:23:46.0803 2156  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:23:46.0912 2156  ebdrv - ok
19:23:46.0959 2156  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:23:47.0053 2156  EFS - ok
19:23:47.0302 2156  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:23:47.0349 2156  ehRecvr - ok
19:23:47.0396 2156  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:23:47.0458 2156  ehSched - ok
19:23:47.0630 2156  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:23:47.0708 2156  elxstor - ok
19:23:47.0833 2156  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:23:47.0864 2156  ErrDev - ok
19:23:49.0081 2156  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:23:49.0159 2156  EventSystem - ok
19:23:49.0237 2156  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:23:49.0299 2156  exfat - ok
19:23:49.0330 2156  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:23:49.0393 2156  fastfat - ok
19:23:49.0580 2156  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:23:49.0642 2156  Fax - ok
19:23:49.0673 2156  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:23:49.0720 2156  fdc - ok
19:23:49.0814 2156  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:23:49.0876 2156  fdPHost - ok
19:23:49.0892 2156  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:23:49.0954 2156  FDResPub - ok
19:23:49.0970 2156  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:23:50.0001 2156  FileInfo - ok
19:23:50.0001 2156  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:23:50.0095 2156  Filetrace - ok
19:23:50.0126 2156  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:50.0126 2156  flpydisk - ok
19:23:50.0251 2156  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:23:50.0282 2156  FltMgr - ok
19:23:50.0438 2156  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
19:23:50.0516 2156  FontCache - ok
19:23:50.0594 2156  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:23:50.0641 2156  FontCache3.0.0.0 - ok
19:23:50.0656 2156  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:23:50.0687 2156  FsDepends - ok
19:23:50.0734 2156  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:23:50.0750 2156  Fs_Rec - ok
19:23:50.0890 2156  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:23:50.0937 2156  fvevol - ok
19:23:50.0984 2156  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:23:50.0999 2156  gagp30kx - ok
19:23:51.0109 2156  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:23:51.0187 2156  gpsvc - ok
19:23:51.0233 2156  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:23:51.0280 2156  hcw85cir - ok
19:23:51.0374 2156  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:51.0405 2156  HdAudAddService - ok
19:23:51.0483 2156  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:23:51.0530 2156  HDAudBus - ok
19:23:51.0545 2156  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:23:51.0592 2156  HidBatt - ok
19:23:51.0608 2156  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:23:51.0670 2156  HidBth - ok
19:23:51.0686 2156  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:23:51.0717 2156  HidIr - ok
19:23:51.0764 2156  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
19:23:51.0826 2156  hidserv - ok
19:23:51.0951 2156  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:23:51.0982 2156  HidUsb - ok
19:23:52.0029 2156  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:23:52.0123 2156  hkmsvc - ok
19:23:52.0216 2156  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:23:52.0263 2156  HomeGroupListener - ok
19:23:52.0310 2156  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:23:52.0372 2156  HomeGroupProvider - ok
19:23:52.0435 2156  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:23:52.0466 2156  HpSAMD - ok
19:23:52.0606 2156  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:23:52.0684 2156  HTTP - ok
19:23:52.0747 2156  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:23:52.0762 2156  hwpolicy - ok
19:23:52.0887 2156  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:23:52.0918 2156  i8042prt - ok
19:23:53.0043 2156  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:23:53.0074 2156  iaStorV - ok
19:23:53.0324 2156  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:23:53.0417 2156  idsvc - ok
19:23:53.0589 2156  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:23:53.0651 2156  iirsp - ok
19:23:54.0010 2156  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:23:54.0135 2156  IKEEXT - ok
19:23:54.0244 2156  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:23:54.0260 2156  intelide - ok
19:23:54.0400 2156  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:23:54.0478 2156  intelppm - ok
19:23:54.0556 2156  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:23:54.0665 2156  IPBusEnum - ok
19:23:54.0759 2156  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:54.0853 2156  IpFilterDriver - ok
19:23:55.0258 2156  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:23:55.0508 2156  iphlpsvc - ok
19:23:55.0601 2156  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:23:55.0695 2156  IPMIDRV - ok
19:23:55.0804 2156  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:23:55.0898 2156  IPNAT - ok
19:23:56.0038 2156  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:23:57.0052 2156  IRENUM - ok
19:23:57.0193 2156  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:23:57.0239 2156  isapnp - ok
19:23:57.0458 2156  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:23:57.0505 2156  iScsiPrt - ok
19:23:57.0629 2156  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:23:57.0645 2156  kbdclass - ok
19:23:57.0754 2156  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:23:57.0832 2156  kbdhid - ok
19:23:57.0863 2156  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:23:57.0879 2156  KeyIso - ok
19:23:57.0941 2156  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:23:57.0988 2156  KSecDD - ok
19:23:58.0082 2156  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:23:58.0113 2156  KSecPkg - ok
19:23:58.0238 2156  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:23:58.0331 2156  ksthunk - ok
19:23:58.0519 2156  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:23:58.0612 2156  KtmRm - ok
19:23:58.0846 2156  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:23:58.0940 2156  LanmanServer - ok
19:23:59.0065 2156  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:59.0189 2156  LanmanWorkstation - ok
19:23:59.0361 2156  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:23:59.0501 2156  lltdio - ok
19:23:59.0657 2156  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:23:59.0767 2156  lltdsvc - ok
19:23:59.0813 2156  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:23:59.0876 2156  lmhosts - ok
19:24:00.0032 2156  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:24:00.0094 2156  LSI_FC - ok
19:24:00.0281 2156  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:24:00.0359 2156  LSI_SAS - ok
19:24:00.0453 2156  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:24:00.0593 2156  LSI_SAS2 - ok
19:24:00.0796 2156  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:24:00.0874 2156  LSI_SCSI - ok
19:24:00.0999 2156  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:24:01.0186 2156  luafv - ok
19:24:01.0436 2156  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:24:01.0685 2156  Mcx2Svc - ok
19:24:01.0841 2156  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:24:01.0919 2156  megasas - ok
19:24:02.0029 2156  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:24:02.0075 2156  MegaSR - ok
19:24:02.0169 2156  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:24:02.0247 2156  MMCSS - ok
19:24:02.0341 2156  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:24:02.0497 2156  Modem - ok
19:24:02.0575 2156  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:24:02.0621 2156  monitor - ok
19:24:02.0777 2156  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:24:02.0793 2156  mouclass - ok
19:24:03.0011 2156  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:24:03.0089 2156  mouhid - ok
19:24:03.0199 2156  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:24:03.0245 2156  mountmgr - ok
19:24:03.0479 2156  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:24:03.0557 2156  MpFilter - ok
19:24:03.0713 2156  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:24:03.0776 2156  mpio - ok
19:24:03.0932 2156  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:24:04.0010 2156  mpsdrv - ok
19:24:04.0431 2156  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:24:04.0603 2156  MpsSvc - ok
19:24:04.0743 2156  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:24:04.0837 2156  MRxDAV - ok
19:24:04.0993 2156  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:24:05.0164 2156  mrxsmb - ok
19:24:05.0383 2156  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:24:05.0476 2156  mrxsmb10 - ok
19:24:05.0617 2156  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:24:05.0679 2156  mrxsmb20 - ok
19:24:05.0757 2156  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:24:05.0773 2156  msahci - ok
19:24:05.0913 2156  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:24:05.0944 2156  msdsm - ok
19:24:06.0007 2156  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:24:06.0100 2156  MSDTC - ok
19:24:06.0272 2156  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:24:06.0365 2156  Msfs - ok
19:24:06.0412 2156  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:24:06.0568 2156  mshidkmdf - ok
19:24:06.0709 2156  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:24:06.0724 2156  msisadrv - ok
19:24:06.0943 2156  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:24:07.0099 2156  MSiSCSI - ok
19:24:07.0099 2156  msiserver - ok
19:24:07.0317 2156  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:24:07.0473 2156  MSKSSRV - ok
19:24:07.0894 2156  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:24:07.0910 2156  MsMpSvc - ok
19:24:07.0988 2156  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:24:08.0066 2156  MSPCLOCK - ok
19:24:08.0159 2156  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:24:08.0284 2156  MSPQM - ok
19:24:08.0487 2156  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:24:08.0549 2156  MsRPC - ok
19:24:08.0783 2156  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:24:08.0799 2156  mssmbios - ok
19:24:08.0908 2156  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:24:09.0064 2156  MSTEE - ok
19:24:09.0158 2156  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:24:09.0189 2156  MTConfig - ok
19:24:09.0236 2156  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:24:09.0251 2156  Mup - ok
19:24:09.0532 2156  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:24:09.0657 2156  napagent - ok
19:24:09.0797 2156  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:24:09.0829 2156  NativeWifiP - ok
19:24:10.0328 2156  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:24:10.0375 2156  NDIS - ok
19:24:10.0515 2156  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:24:10.0702 2156  NdisCap - ok
19:24:10.0827 2156  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:24:10.0936 2156  NdisTapi - ok
19:24:11.0139 2156  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:24:11.0264 2156  Ndisuio - ok
19:24:11.0420 2156  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:24:11.0607 2156  NdisWan - ok
19:24:11.0732 2156  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:24:11.0794 2156  NDProxy - ok
19:24:11.0903 2156  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:24:12.0044 2156  NetBIOS - ok
19:24:12.0247 2156  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:24:12.0418 2156  NetBT - ok
19:24:12.0465 2156  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:24:12.0481 2156  Netlogon - ok
19:24:12.0871 2156  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:24:12.0980 2156  Netman - ok
19:24:13.0245 2156  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:24:13.0448 2156  netprofm - ok
19:24:13.0573 2156  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:24:13.0651 2156  NetTcpPortSharing - ok
19:24:13.0822 2156  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:24:13.0916 2156  nfrd960 - ok
19:24:14.0134 2156  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:24:14.0165 2156  NisDrv - ok
19:24:14.0399 2156  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:24:14.0462 2156  NisSrv - ok
19:24:14.0727 2156  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:24:14.0805 2156  NlaSvc - ok
19:24:14.0836 2156  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:24:14.0914 2156  Npfs - ok
19:24:15.0023 2156  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:24:15.0117 2156  nsi - ok
19:24:15.0179 2156  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:24:15.0273 2156  nsiproxy - ok
19:24:16.0053 2156  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:24:16.0162 2156  Ntfs - ok
19:24:16.0256 2156  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:24:16.0396 2156  Null - ok
19:24:20.0577 2156  [ 8E6247F418B4C8AE9EEB0B532CABCC21 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:24:20.0827 2156  nvlddmkm - ok
19:24:20.0905 2156  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:24:20.0936 2156  nvraid - ok
19:24:20.0983 2156  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:24:21.0014 2156  nvstor - ok
19:24:21.0170 2156  [ 41B97DCE2B2D113B831EB197F02A7398 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:24:21.0217 2156  nvsvc - ok
19:24:21.0653 2156  [ A3A25E0509F67473B960DAF214828BE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:24:21.0685 2156  nvUpdatusService - ok
19:24:21.0747 2156  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:24:21.0778 2156  nv_agp - ok
19:24:21.0841 2156  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:24:21.0872 2156  ohci1394 - ok
19:24:21.0981 2156  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:24:22.0028 2156  p2pimsvc - ok
19:24:22.0168 2156  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:24:22.0199 2156  p2psvc - ok
19:24:22.0246 2156  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:24:22.0277 2156  Parport - ok
19:24:22.0324 2156  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:24:22.0355 2156  partmgr - ok
19:24:22.0418 2156  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:24:22.0480 2156  PcaSvc - ok
19:24:22.0511 2156  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:24:22.0527 2156  pci - ok
19:24:22.0589 2156  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:24:22.0589 2156  pciide - ok
19:24:22.0636 2156  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:24:22.0667 2156  pcmcia - ok
19:24:22.0683 2156  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:24:22.0699 2156  pcw - ok
19:24:22.0714 2156  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:24:22.0792 2156  PEAUTH - ok
19:24:22.0917 2156  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:24:23.0011 2156  PeerDistSvc - ok
19:24:23.0666 2156  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:24:23.0728 2156  PerfHost - ok
19:24:23.0900 2156  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:24:23.0993 2156  pla - ok
19:24:24.0103 2156  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:24:24.0149 2156  PlugPlay - ok
19:24:24.0212 2156  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:24:24.0243 2156  PNRPAutoReg - ok
19:24:24.0321 2156  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:24:24.0337 2156  PNRPsvc - ok
19:24:24.0461 2156  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:24:24.0555 2156  PolicyAgent - ok
19:24:24.0649 2156  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:24:24.0742 2156  Power - ok
19:24:24.0805 2156  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:24:24.0867 2156  PptpMiniport - ok
19:24:24.0914 2156  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:24:24.0976 2156  Processor - ok
19:24:25.0023 2156  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:24:25.0085 2156  ProfSvc - ok
19:24:25.0117 2156  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:24:25.0132 2156  ProtectedStorage - ok
19:24:25.0257 2156  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:24:25.0304 2156  Psched - ok
19:24:25.0663 2156  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:24:25.0709 2156  ql2300 - ok
19:24:25.0756 2156  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:24:25.0787 2156  ql40xx - ok
19:24:25.0834 2156  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:24:25.0881 2156  QWAVE - ok
19:24:25.0897 2156  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:24:25.0943 2156  QWAVEdrv - ok
19:24:25.0959 2156  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:24:26.0037 2156  RasAcd - ok
19:24:26.0131 2156  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:24:26.0177 2156  RasAgileVpn - ok
19:24:26.0240 2156  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:24:26.0302 2156  RasAuto - ok
19:24:26.0380 2156  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:24:26.0443 2156  Rasl2tp - ok
19:24:26.0536 2156  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:24:26.0630 2156  RasMan - ok
19:24:26.0692 2156  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:24:26.0770 2156  RasPppoe - ok
19:24:26.0833 2156  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:24:26.0895 2156  RasSstp - ok
19:24:27.0004 2156  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:24:27.0082 2156  rdbss - ok
19:24:27.0145 2156  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:24:27.0176 2156  rdpbus - ok
19:24:27.0207 2156  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:24:27.0269 2156  RDPCDD - ok
19:24:27.0285 2156  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:24:27.0316 2156  RDPDR - ok
19:24:27.0394 2156  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:24:27.0457 2156  RDPENCDD - ok
19:24:27.0488 2156  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:24:27.0519 2156  RDPREFMP - ok
19:24:27.0581 2156  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:24:27.0613 2156  RdpVideoMiniport - ok
19:24:27.0675 2156  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:24:27.0722 2156  RDPWD - ok
19:24:27.0831 2156  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:24:27.0862 2156  rdyboost - ok
19:24:27.0925 2156  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:24:27.0971 2156  RemoteAccess - ok
19:24:28.0049 2156  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:24:28.0127 2156  RemoteRegistry - ok
19:24:28.0174 2156  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:24:28.0252 2156  RpcEptMapper - ok
19:24:28.0299 2156  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:24:28.0346 2156  RpcLocator - ok
19:24:28.0439 2156  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:24:28.0486 2156  RpcSs - ok
19:24:28.0549 2156  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:24:28.0595 2156  rspndr - ok
19:24:28.0658 2156  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:24:28.0705 2156  s3cap - ok
19:24:28.0736 2156  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:24:28.0751 2156  SamSs - ok
19:24:28.0798 2156  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:24:28.0829 2156  sbp2port - ok
19:24:28.0907 2156  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:24:28.0985 2156  SCardSvr - ok
19:24:29.0017 2156  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:24:29.0095 2156  scfilter - ok
19:24:29.0251 2156  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:24:29.0329 2156  Schedule - ok
19:24:29.0391 2156  [ 2A50BE713FAF033420466C25979C028E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
19:24:29.0407 2156  SCMNdisP - ok
19:24:29.0453 2156  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:24:29.0500 2156  SCPolicySvc - ok
19:24:29.0563 2156  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:24:29.0609 2156  SDRSVC - ok
19:24:29.0672 2156  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:24:29.0719 2156  secdrv - ok
19:24:29.0765 2156  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:24:29.0828 2156  seclogon - ok
19:24:29.0890 2156  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
19:24:29.0968 2156  SENS - ok
19:24:29.0999 2156  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:24:30.0031 2156  SensrSvc - ok
19:24:30.0093 2156  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:24:30.0140 2156  Serenum - ok
19:24:30.0187 2156  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:24:30.0218 2156  Serial - ok
19:24:30.0265 2156  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:24:30.0311 2156  sermouse - ok
19:24:30.0389 2156  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:24:30.0452 2156  SessionEnv - ok
19:24:30.0499 2156  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:24:30.0545 2156  sffdisk - ok
19:24:30.0577 2156  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:24:30.0639 2156  sffp_mmc - ok
19:24:30.0655 2156  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:24:30.0717 2156  sffp_sd - ok
19:24:30.0779 2156  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:24:30.0811 2156  sfloppy - ok
19:24:30.0873 2156  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:24:30.0935 2156  SharedAccess - ok
19:24:30.0998 2156  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:24:31.0091 2156  ShellHWDetection - ok
19:24:31.0138 2156  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:24:31.0154 2156  SiSRaid2 - ok
19:24:31.0185 2156  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:24:31.0201 2156  SiSRaid4 - ok
19:24:31.0216 2156  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:24:31.0325 2156  Smb - ok
19:24:31.0403 2156  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:24:31.0450 2156  SNMPTRAP - ok
19:24:31.0513 2156  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:24:31.0528 2156  spldr - ok
19:24:31.0622 2156  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:24:31.0653 2156  Spooler - ok
19:24:32.0027 2156  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:24:32.0183 2156  sppsvc - ok
19:24:32.0246 2156  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:24:32.0324 2156  sppuinotify - ok
19:24:32.0417 2156  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:24:32.0495 2156  srv - ok
19:24:32.0589 2156  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:24:32.0651 2156  srv2 - ok
19:24:32.0714 2156  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:24:32.0761 2156  srvnet - ok
19:24:32.0854 2156  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:24:32.0917 2156  SSDPSRV - ok
19:24:32.0948 2156  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:24:32.0995 2156  SstpSvc - ok
19:24:33.0057 2156  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:24:33.0088 2156  stexstor - ok
19:24:33.0275 2156  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:24:33.0369 2156  stisvc - ok
19:24:33.0416 2156  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:24:33.0431 2156  storflt - ok
19:24:33.0494 2156  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:24:33.0541 2156  StorSvc - ok
19:24:33.0619 2156  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:24:33.0634 2156  storvsc - ok
19:24:33.0681 2156  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:24:33.0697 2156  swenum - ok
19:24:33.0790 2156  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:24:33.0868 2156  swprv - ok
19:24:33.0899 2156  Synth3dVsc - ok
19:24:34.0383 2156  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:24:34.0477 2156  SysMain - ok
19:24:34.0508 2156  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:24:34.0586 2156  TabletInputService - ok
19:24:34.0679 2156  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:24:34.0757 2156  TapiSrv - ok
19:24:34.0789 2156  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:24:34.0851 2156  TBS - ok
19:24:35.0241 2156  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:24:35.0319 2156  Tcpip - ok
19:24:35.0444 2156  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:24:35.0491 2156  TCPIP6 - ok
19:24:35.0537 2156  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:24:35.0584 2156  tcpipreg - ok
19:24:35.0631 2156  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:24:35.0678 2156  TDPIPE - ok
19:24:35.0725 2156  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:24:35.0756 2156  TDTCP - ok
19:24:35.0803 2156  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:24:35.0849 2156  tdx - ok
19:24:35.0896 2156  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:24:35.0912 2156  TermDD - ok
19:24:36.0068 2156  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:24:36.0255 2156  TermService - ok
19:24:36.0302 2156  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:24:36.0364 2156  Themes - ok
19:24:36.0380 2156  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:24:36.0427 2156  THREADORDER - ok
19:24:36.0458 2156  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:24:36.0551 2156  TrkWks - ok
19:24:36.0707 2156  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:24:36.0770 2156  TrustedInstaller - ok
19:24:36.0817 2156  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:24:36.0879 2156  tssecsrv - ok
19:24:36.0941 2156  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:24:37.0019 2156  TsUsbFlt - ok
19:24:37.0035 2156  tsusbhub - ok
19:24:37.0129 2156  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:24:37.0207 2156  tunnel - ok
19:24:37.0269 2156  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:24:37.0300 2156  uagp35 - ok
19:24:37.0378 2156  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:24:37.0456 2156  udfs - ok
19:24:37.0487 2156  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:24:37.0519 2156  UI0Detect - ok
19:24:37.0565 2156  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:24:37.0597 2156  uliagpkx - ok
19:24:37.0659 2156  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
19:24:37.0706 2156  umbus - ok
19:24:37.0753 2156  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:24:37.0799 2156  UmPass - ok
19:24:37.0893 2156  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:24:37.0924 2156  UmRdpService - ok
19:24:37.0987 2156  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:24:38.0049 2156  upnphost - ok
19:24:38.0096 2156  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:24:38.0143 2156  usbccgp - ok
19:24:38.0205 2156  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:24:38.0236 2156  usbcir - ok
19:24:38.0283 2156  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:24:38.0330 2156  usbehci - ok
19:24:38.0423 2156  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:24:38.0470 2156  usbhub - ok
19:24:38.0533 2156  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:24:38.0564 2156  usbohci - ok
19:24:38.0595 2156  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:24:38.0642 2156  usbprint - ok
19:24:38.0673 2156  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
19:24:38.0751 2156  USBSTOR - ok
19:24:38.0798 2156  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:24:38.0845 2156  usbuhci - ok
19:24:38.0907 2156  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:24:39.0001 2156  UxSms - ok
19:24:39.0016 2156  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:24:39.0032 2156  VaultSvc - ok
19:24:39.0094 2156  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:24:39.0094 2156  vdrvroot - ok
19:24:39.0141 2156  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:24:39.0188 2156  vds - ok
19:24:39.0281 2156  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:24:39.0313 2156  vga - ok
19:24:39.0328 2156  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:24:39.0422 2156  VgaSave - ok
19:24:39.0453 2156  VGPU - ok
19:24:39.0531 2156  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:24:39.0562 2156  vhdmp - ok
19:24:39.0609 2156  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:24:39.0625 2156  viaide - ok
19:24:39.0671 2156  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:24:39.0703 2156  vmbus - ok
19:24:39.0749 2156  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:24:39.0781 2156  VMBusHID - ok
19:24:39.0827 2156  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:24:39.0859 2156  volmgr - ok
19:24:39.0983 2156  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:24:40.0030 2156  volmgrx - ok
19:24:40.0093 2156  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:24:40.0139 2156  volsnap - ok
19:24:40.0217 2156  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:24:40.0233 2156  vsmraid - ok
19:24:40.0451 2156  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:24:40.0545 2156  VSS - ok
19:24:40.0561 2156  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:24:40.0623 2156  vwifibus - ok
19:24:40.0701 2156  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:24:40.0763 2156  vwififlt - ok
19:24:40.0826 2156  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:24:40.0888 2156  W32Time - ok
19:24:40.0919 2156  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:24:40.0966 2156  WacomPen - ok
19:24:41.0060 2156  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:24:41.0122 2156  WANARP - ok
19:24:41.0169 2156  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:24:41.0200 2156  Wanarpv6 - ok
19:24:41.0403 2156  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:24:41.0465 2156  WatAdminSvc - ok
19:24:41.0668 2156  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:24:41.0731 2156  wbengine - ok
19:24:41.0762 2156  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:24:41.0793 2156  WbioSrvc - ok
19:24:41.0871 2156  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:24:41.0933 2156  wcncsvc - ok
19:24:41.0980 2156  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:24:42.0011 2156  WcsPlugInService - ok
19:24:42.0058 2156  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:24:42.0089 2156  Wd - ok
19:24:42.0183 2156  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:24:42.0214 2156  Wdf01000 - ok
19:24:42.0261 2156  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:24:42.0323 2156  WdiServiceHost - ok
19:24:42.0339 2156  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:24:42.0355 2156  WdiSystemHost - ok
19:24:42.0433 2156  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:24:42.0511 2156  WebClient - ok
19:24:42.0542 2156  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:24:42.0604 2156  Wecsvc - ok
19:24:42.0651 2156  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:24:42.0745 2156  wercplsupport - ok
19:24:42.0807 2156  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:24:42.0854 2156  WerSvc - ok
19:24:42.0932 2156  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:24:42.0979 2156  WfpLwf - ok
19:24:42.0994 2156  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:24:43.0025 2156  WIMMount - ok
19:24:43.0057 2156  WinDefend - ok
19:24:43.0057 2156  WinHttpAutoProxySvc - ok
19:24:43.0291 2156  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:24:43.0369 2156  Winmgmt - ok
19:24:43.0805 2156  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:24:43.0899 2156  WinRM - ok
19:24:44.0117 2156  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:24:44.0180 2156  Wlansvc - ok
19:24:44.0227 2156  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:24:44.0273 2156  WmiAcpi - ok
19:24:44.0367 2156  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:24:44.0429 2156  wmiApSrv - ok
19:24:44.0476 2156  WMPNetworkSvc - ok
19:24:44.0523 2156  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:24:44.0539 2156  WPCSvc - ok
19:24:44.0601 2156  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:24:44.0632 2156  WPDBusEnum - ok
19:24:44.0710 2156  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:24:44.0773 2156  ws2ifsl - ok
19:24:44.0804 2156  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
19:24:44.0866 2156  wscsvc - ok
19:24:44.0866 2156  WSearch - ok
19:24:44.0975 2156  [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2    C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
19:24:45.0007 2156  WSWNDA3100v2 - ok
19:24:45.0365 2156  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:24:45.0443 2156  wuauserv - ok
19:24:45.0490 2156  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:24:45.0537 2156  WudfPf - ok
19:24:45.0646 2156  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:24:45.0693 2156  WUDFRd - ok
19:24:45.0724 2156  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:24:45.0771 2156  wudfsvc - ok
19:24:45.0833 2156  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:24:45.0896 2156  WwanSvc - ok
19:24:45.0911 2156  ================ Scan global ===============================
19:24:45.0958 2156  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:24:46.0067 2156  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:24:46.0099 2156  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:24:46.0177 2156  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:24:46.0223 2156  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:24:46.0223 2156  [Global] - ok
19:24:46.0223 2156  ================ Scan MBR ==================================
19:24:46.0255 2156  [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0
19:24:46.0255 2156  Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:24:46.0317 2156  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
19:24:46.0317 2156  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
19:24:47.0019 2156  ================ Scan VBR ==================================
19:24:47.0035 2156  [ 6E02017288FE6495C47F1807AA18888A ] \Device\Harddisk0\DR0\Partition1
19:24:47.0066 2156  \Device\Harddisk0\DR0\Partition1 - ok
19:24:47.0066 2156  ================ Scan active images ========================
19:24:47.0066 2156  ============================================================
19:24:47.0066 2156  Scan finished
19:24:47.0066 2156  ============================================================
19:24:47.0081 2164  Detected object count: 1
19:24:47.0081 2164  Actual detected object count: 1
19:31:35.0303 2164  \Device\Harddisk0\DR0\# - copied to quarantine
19:31:35.0303 2164  \Device\Harddisk0\DR0 - copied to quarantine
19:31:36.0052 2164  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
19:31:36.0052 2164  \Device\Harddisk0\DR0 - ok
19:31:36.0130 2164  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
19:33:34.0534 2452  Deinitialize success
 

 

 

Second Log:

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chas [Admin rights]
Mode : Remove -- Date : 07/07/2013 19:59:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] de62ec2775d5e145cdcc47d269417eb2
[BSP] 8d0976681fb099f9b62efc0cd8f7345a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07072013_195940.txt >>
RKreport[0]_S_07072013_195613.txt

 

 

The computer crashed once (BlueScreen) when I restarted the computer after running the first scan. Besides that it seems to be running decent.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 07 July 2013 - 10:22 PM


Hello chindsiv

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chindsiv

chindsiv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 08 July 2013 - 09:40 AM

Gringo,
 

Here is the log:
ComboFix 13-07-08.02 - Chas 07/08/2013   2:42.2.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3070.2181 [GMT -7:00]
Running from: c:\users\Chas\Desktop\ComboFix.exe
Command switches used :: c:\users\Chas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-08 to 2013-07-08  )))))))))))))))))))))))))))))))
.
.
2013-07-08 09:47 . 2013-07-08 09:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 02:31 . 2013-07-08 02:31 -------- d-----w- C:\TDSSKiller_Quarantine
2013-07-08 01:26 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{461FCFD5-B088-405B-96A3-430939C9A88B}\mpengine.dll
2013-07-03 06:34 . 2013-07-03 06:34 -------- d-----w- c:\windows\ERUNT
2013-07-03 06:34 . 2013-07-03 06:34 -------- d-----w- C:\JRT
2013-07-03 02:13 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-07-03 02:13 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-03 02:13 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-03 02:13 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-07-03 02:13 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-03 02:13 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-03 02:12 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-03 02:12 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-03 02:12 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-03 02:12 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-03 02:12 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-03 02:12 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-03 02:12 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-03 02:12 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-03 02:12 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-03 02:12 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-02 22:14 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-30 10:31 . 2013-06-30 10:31 -------- d-----w- c:\windows\system32\SPReview
2013-06-30 10:29 . 2013-06-30 10:29 -------- d-----w- c:\windows\system32\EventProviders
2013-06-29 20:14 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-29 20:14 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-06-29 20:12 . 2010-11-20 13:27 263168 ----a-w- c:\windows\system32\spwizui.dll
2013-06-29 20:11 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll
2013-06-29 20:10 . 2010-11-20 13:27 222720 ----a-w- c:\windows\system32\wwanconn.dll
2013-06-29 20:09 . 2010-11-20 13:27 67072 ----a-w- c:\windows\system32\wsnmp32.dll
2013-06-29 20:08 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2013-06-29 20:07 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-06-29 20:06 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-06-29 20:06 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-06-29 20:06 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-06-29 20:00 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-06-29 20:00 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-06-29 20:00 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-06-29 19:06 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-06-29 19:06 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-06-29 19:06 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-06-29 19:06 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-06-29 19:06 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-06-29 19:06 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-06-29 19:06 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-06-29 19:05 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2013-06-29 19:05 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2013-06-29 19:05 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-06-29 19:05 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-06-29 19:05 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-06-29 19:05 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2013-06-29 19:05 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-06-29 19:05 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-06-29 19:05 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2013-06-29 19:05 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2013-06-29 19:05 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2013-06-29 10:02 . 2013-06-29 10:02 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-06-29 04:33 . 2013-06-29 04:36 -------- d-----w- c:\program files (x86)\World of Warcraft
2013-06-29 04:33 . 2013-06-29 04:33 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-06-29 04:33 . 2013-06-29 04:33 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-06-29 04:32 . 2013-06-29 04:32 -------- d-----w- c:\programdata\Battle.net
2013-06-29 03:10 . 2013-06-29 03:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-29 03:10 . 2013-06-29 03:09 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-29 03:10 . 2013-06-29 03:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-29 03:10 . 2013-06-29 03:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-29 03:09 . 2013-06-29 03:09 -------- d-----w- c:\program files (x86)\Java
2013-06-29 03:09 . 2013-06-29 03:09 -------- d-----w- c:\programdata\McAfee
2013-06-29 03:07 . 2013-06-29 03:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-29 03:07 . 2013-06-29 03:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-29 03:07 . 2013-06-29 03:07 -------- d-----w- c:\windows\SysWow64\Macromed
2013-06-29 03:06 . 2013-06-29 03:06 -------- d-----w- c:\windows\system32\Macromed
2013-06-29 02:38 . 2013-06-29 02:38 -------- d-----w- c:\windows\SysWow64\Wat
2013-06-29 02:38 . 2013-06-29 02:38 -------- d-----w- c:\windows\system32\Wat
2013-06-29 01:32 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-29 01:32 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-29 01:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-29 01:32 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-29 00:54 . 2013-06-03 00:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-29 00:51 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-06-29 00:51 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-06-29 00:51 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-06-29 00:51 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-06-29 00:51 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-06-29 00:51 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-06-29 00:49 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-29 00:49 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-29 00:49 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-29 00:49 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-29 00:49 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-29 00:49 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-29 00:49 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-29 00:41 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-29 00:41 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-29 00:41 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-29 00:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-06-29 00:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-06-28 23:45 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-06-28 23:45 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-06-28 23:42 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-06-28 23:42 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-06-28 23:42 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-28 23:42 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-06-28 23:42 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-06-28 23:42 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-06-28 23:42 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-06-28 23:42 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-06-28 23:40 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-06-28 23:39 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2013-06-28 23:24 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-06-28 23:24 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2013-06-28 23:24 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2013-06-28 23:24 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2013-06-28 23:24 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2013-06-28 23:24 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2013-06-28 23:22 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2013-06-28 23:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-06-28 23:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-06-28 23:11 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-06-28 23:11 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-06-28 23:07 . 2013-06-28 23:06 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F069D7F-FEC4-4EB7-8199-87928001E490}\gapaengine.dll
2013-06-28 23:06 . 2013-05-02 15:29 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-06-28 22:53 . 2013-06-28 22:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-06-28 22:53 . 2013-06-28 22:54 -------- d-----w- c:\program files\Microsoft Security Client
2013-06-28 22:52 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-06-28 22:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 20:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-07-02 20:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2013-6-28 8453376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.reddit.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25510436.sys
SafeBoot-96678423.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-07-08  02:52:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-08 09:52
ComboFix2.txt  2013-07-08 01:32
.
Pre-Run: 257,002,074,112 bytes free
Post-Run: 257,533,140,992 bytes free
.
- - End Of File - - FCC81879F9E4B81977F6DEBCC2BBDC5D
A36C5E4F47E84449FF07ED3517B43A31
 

 


Again, I had to restart my computer due to the "Illegal operation attempted on a registry key that has been marked for deletion" error, but the PC restarted with no issues.

I don't know if this is worth mentioning, but when I restarted and opened IE to navigate to this website, I couldn't navigate off of my home page. I tried typing in the website into the URL bar and also tried clicking the buttons on my favorite bar but nothing would load. It wasn't acting like it was slow or frozen, it just wouldn't register that I was trying to move to a different webpage. I did open IE quite quickly when the PC booted up, so maybe that was part of it? I'm not exactly sure. I had to leave for work so I didn't have time to toy with it, I just saved the log to a USB Flash Drive and I'm posting this from work.
 

Besides that, the PC seemed to be running smoothly. Like I said though, I didn't have much time to experiment.



 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:21 AM

Posted 08 July 2013 - 01:04 PM



Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users