Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated notifications of Worm:MSIL/Necast.D infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 cjtherooftime

cjtherooftime

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 22 July 2013 - 11:53 PM

Thanks for checking out my topic!

 

My situation:

 

Problem Reports and Solutions keeps telling me "Windows has detected Worm:MSIL/Necast.D, a known virus, on your computer."

 

I have followed all the instructions and tried several malware scans, but nothing has been detected.  Today, I had trouble logging into my computer as I received an error:

"Error: 0xC004D401

Desciption: The Security Processor reported a system file mismatch error."

I'm worried the file mismatch may be related to the worm that Problems and Solutions keeps notifying me of.

All in all, this is an awful start to my birthday :(

 

DDS log

 

DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.0.0
Run by Chris at 0:35:09 on 2013-07-23
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.4090.1805 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Chris\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WerCon.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - LocalServer32 - <no file>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - LocalServer32 - <no file>
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SansaDispatch] C:\Users\Chris\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Spotify Web Helper] "C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 76.78.64.42 66.112.235.200 66.112.235.250
TCP: Interfaces\{CC8A9008-CC57-4FAD-B23A-453D13643603} : DHCPNameServer = 76.78.64.42 66.112.235.200 66.112.235.250
TCP: Interfaces\{DA47736E-BAEB-494E-B0B8-90329639B04B} : DHCPNameServer = 76.78.64.42 66.112.235.200 66.112.235.250
TCP: Interfaces\{EEB9C72E-367D-4699-B624-957488837111} : DHCPNameServer = 76.78.64.42 66.112.235.200 66.112.235.250
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [dldtmon.exe] "C:\Program Files (x86)\Dell V305\dldtmon.exe"
x64-Run: [dldtamon] "C:\Program Files (x86)\Dell V305\dldtamon.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qvojq88i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://weblogin.albany.edu/cosign-bin/cosign.cgi?cosign-websso=xmoZzJe3SyNtu7a7tD48CPDtqPFHVvQBi+PBRgJsXoh9EGvL629HwIk2TW7Yio9E3bKeYnwXjcTylbwJxwrw4GTlMvNMRlX32y-0XlWNzjpPNUSoB2M+yyFdOUHX;&https://weblogin.albany.edu/shibboleth-idp/SSO?shire=https%3A%2F%2Fportal.itsli.albany.edu%2FShibboleth.sso%2FSAML%2FPOST&time=1251860926&target=cookie&providerId=https%3A%2F%2Fportal.itsli.albany.edu%2Fshibboleth%2Fsp
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-26 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-26 189936]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-6-17 233488]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-4 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-8 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-11-25 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-8 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-4 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-11-25 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-11-25 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-3-2 46808]
R2 dldt_device;dldt_device;C:\Windows\System32\dldtcoms.exe -service --> C:\Windows\System32\dldtcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-11-25 1153368]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-8-4 172160]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-4 252928]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;C:\Windows\System32\drivers\mux.sys [2009-2-9 36400]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2010-8-29 7653888]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\System32\drivers\OA008Ufd.sys [2009-8-4 158592]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\System32\drivers\OA008Vid.sys [2009-8-4 310784]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
S2 Browser Defender Update Service;Browser Defender Update Service; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe [2009-7-9 33448]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;C:\Windows\System32\drivers\mux.sys [2009-2-9 36400]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-2-11 306688]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\System32\drivers\NETw5v64.sys [2009-8-4 4828672]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]
S4 sdAuxService;PC Tools Auxiliary Service; [x]
S4 sdCoreService;PC Tools Security Service; [x]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-07-15 13:08:23 78185248 ----a-w- C:\Windows\System32\mrt.exe
2013-07-01 20:27:04 378944 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-07-01 20:27:04 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-01 20:27:04 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 64288 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-05-09 08:59:07 59144 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:59:06 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-09 08:58:11 287840 ----a-w- C:\Windows\System32\aswBoot.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  0:35:58.07 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 July 2013 - 12:00 AM

Saw someone posted a similar topic a while back, and user Broni immediately requested specific scans, so I'm gonna start doing that in the meantime while I wait for a response.



#3 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 July 2013 - 12:17 AM

Security Check log
 

Results of screen317's Security Check version 0.99.71  
 Windows Vista Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus                
Microsoft Security Essentials   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy 
 AVG PC Tuneup 2011  
 FixCleaner     
 Java™ 6 Update 30  
 Java™ 7    
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.4.402.278  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (3.5.3) Firefox out of Date!
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log``````````````````````
 

 

 

FSS log
 

Farbar Service Scanner Version: 13-07-2013
Ran by Chris (administrator) on 23-07-2013 at 01:06:17
Running from "C:\Users\Chris\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-08-11 18:50] - [2010-06-16 19:28] - 1414544 ____A (Microsoft Corporation) D43D5336BE9DD93E02EE124297295713
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2010-08-11 18:50] - [2010-06-16 18:39] - 0458240 ____A (Microsoft Corporation) B66AEBF3B7073473468B941629242FBD
 
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-29 13:58] - [2009-08-06 22:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll
[2010-04-15 00:41] - [2010-02-18 10:21] - 0224256 ____A (Microsoft Corporation) 3A0427F35E7F8C16BBC5B1BE32B8DE76
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
Mini Toolbox log

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Chris (administrator) on 23-07-2013 at 01:10:59
Running from "C:\Users\Chris\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Intel® WiFi Link 5300 AGN = Wireless Network Connection (Media disconnected)
My WiFi PAN MUX-IM Virtual Miniport Driver = Wireless Network Connection 2 (Media disconnected)
My WiFi PAN MUX-IM Virtual Miniport Driver = Wireless Network Connection 3 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : CJT
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : apogeenet.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : apogeenet.net
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-22-19-FC-D2-81
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b901:7745:e022:5c88%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 76.78.71.66(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, July 22, 2013 11:35:45 PM
   Lease Expires . . . . . . . . . . : Tuesday, July 23, 2013 1:35:45 AM
   Default Gateway . . . . . . . . . : 76.78.71.1
   DHCP Server . . . . . . . . . . . : 76.78.64.10
   DNS Servers . . . . . . . . . . . : 76.78.64.42
                                       66.112.235.200
                                       66.112.235.250
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : apogeenet.net
   Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN
   Physical Address. . . . . . . . . : 00-21-6A-56-57-7A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:109c:2624:b3b1:b8bd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::109c:2624:b3b1:b8bd%10(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 20:
 
   Connection-specific DNS Suffix  . : apogeenet.net
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4c4e:4742::4c4e:4742(Preferred) 
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 76.78.64.42
                                       66.112.235.200
                                       66.112.235.250
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 21:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : apogeenet.net
   Description . . . . . . . . . . . : isatap.apogeenet.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  sunya.apogeenet.net
Address:  76.78.64.42
 
Name:    google.com
Addresses:  2607:f8b0:4004:801::1003
 74.125.228.33
 74.125.228.34
 74.125.228.35
 74.125.228.36
 74.125.228.37
 74.125.228.38
 74.125.228.39
 74.125.228.40
 74.125.228.41
 74.125.228.46
 74.125.228.32
 
 
 
Pinging google.com [74.125.228.32] with 32 bytes of data:
 
Reply from 74.125.228.32: bytes=32 time=15ms TTL=51
 
Reply from 74.125.228.32: bytes=32 time=14ms TTL=51
 
 
 
Ping statistics for 74.125.228.32:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 14ms, Maximum = 15ms, Average = 14ms
 
Server:  sunya.apogeenet.net
Address:  76.78.64.42
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
Reply from 98.139.183.24: bytes=32 time=67ms TTL=48
 
Reply from 98.139.183.24: bytes=32 time=40ms TTL=48
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 40ms, Maximum = 67ms, Average = 53ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 11 ...00 22 19 fc d2 81 ...... Broadcom NetLink ™ Gigabit Ethernet
 12 ...00 21 6a 56 57 7a ...... Intel® WiFi Link 5300 AGN
  1 ........................... Software Loopback Interface 1
 16 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 23 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 21 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 26 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 25 ...00 00 00 00 00 00 00 e0  isatap.apogeenet.net
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       76.78.71.1      76.78.71.66     20
       76.78.71.0    255.255.255.0         On-link       76.78.71.66    276
      76.78.71.66  255.255.255.255         On-link       76.78.71.66    276
     76.78.71.255  255.255.255.255         On-link       76.78.71.66    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       76.78.71.66    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       76.78.71.66    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 26   1125 ::/0                     2002:c058:6301::c058:6301
  1    306 ::1/128                  On-link
 10     18 2001::/32                On-link
 10    266 2001:0:5ef5:79fb:109c:2624:b3b1:b8bd/128
                                    On-link
 26   1025 2002::/16                On-link
 26    281 2002:4c4e:4742::4c4e:4742/128
                                    On-link
 11    276 fe80::/64                On-link
 10    266 fe80::/64                On-link
 10    266 fe80::109c:2624:b3b1:b8bd/128
                                    On-link
 11    276 fe80::b901:7745:e022:5c88/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [File Not found] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/23/2013 00:39:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/22/2013 11:40:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/22/2013 11:36:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/22/2013 11:36:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 11:36:02 PM) (Source: Application Error) (User: )
Description: Faulting application EvtEng.exe, version 12.3.2.0, time stamp 0x499353a3, faulting module EvtEng.exe, version 12.3.2.0, time stamp 0x499353a3, exception code 0x40000015, fault offset 0x0000000000099f1e,
process id 0x970, application start time 0xEvtEng.exe0.
 
Error: (07/22/2013 11:20:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/22/2013 11:18:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 11:18:16 PM) (Source: Application Error) (User: )
Description: Faulting application EvtEng.exe, version 12.3.2.0, time stamp 0x499353a3, faulting module EvtEng.exe, version 12.3.2.0, time stamp 0x499353a3, exception code 0x40000015, fault offset 0x0000000000099f1e,
process id 0x984, application start time 0xEvtEng.exe0.
 
Error: (07/22/2013 11:18:15 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (07/22/2013 11:12:24 PM) (Source: Microsoft Security Client Setup) (User: CJT)
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.
 
 
System errors:
=============
Error: (11/08/2009 10:46:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:42:59 PM on 11/8/2009 was unexpected.
 
Error: (11/06/2009 03:41:53 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/05/2009 04:22:04 AM) (Source: Service Control Manager) (User: )
Description: dldtCATSCustConnectService%%1053
 
Error: (11/05/2009 04:22:04 AM) (Source: Service Control Manager) (User: )
Description: 30000dldtCATSCustConnectService
 
Error: (11/05/2009 04:20:50 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (11/02/2009 10:17:37 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/02/2009 10:17:32 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/02/2009 10:17:27 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/01/2009 04:01:16 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/01/2009 04:01:11 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-23 01:06:54.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-23 01:06:54.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-23 01:06:53.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-23 01:06:53.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-26 11:33:35.105
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-26 11:33:34.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-09 22:24:11.679
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-09 22:24:11.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-09 22:24:11.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-09 22:24:11.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c_tcpip.sys_3339bd51 because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Audition 3.0 Vista Compatibility
Amazon MP3 Downloader 1.0.18 (Version: 1.0.18)
ApexDC++ - Pinnacle of File Sharing (Version: 1.4.2)
ApexDC++ 1.5.2 (Version: 1.5.2)
Canon MP280 series MP Drivers
ccc-utility64 (Version: 2008.1114.2149.39131)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
Dell V305
Google Chrome (Version: 28.0.1500.72)
HP Deskjet D4300 Printer Driver 11.0 Rel .3 (Version: 11.0)
Integrated Webcam Driver (1.02.02.0106)   (Version: 1.02.02.0106)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 12.03.2000)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Quickset (Version: 9.2.13)
Sansa Updater (Version: 1.301)
Shoddy Battle
Spotify (Version: 0.9.1.53.g876fa9df)
 
========================= Devices: ================================
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #5
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 71%
Total physical RAM: 4089.95 MB
Available physical RAM: 1169.61 MB
Total Pagefile: 8357.11 MB
Available Pagefile: 5592.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.6 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:44.28 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.15 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CJT
 
Administrator            Chris                    Guest                    
 
 
**** End of log ****
 
 
 
MBAM log
 
Malwarebytes' Anti-Malware 1.41
Database version: 3228
Windows 6.0.6001 Service Pack 1
 
7/23/2013 1:22:45 AM
mbam-log-2013-07-23 (01-22-45).txt
 
Scan type: Quick Scan
Objects scanned: 102049
Time elapsed: 9 minute(s), 24 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
(No malicious items detected)
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
 

MBAR system-log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6001 Windows Vista Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 7.0.6001.18000
 
Java version: 1.6.0_30
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4288618496, free: 1273802752
 
Downloaded database version: v2013.07.23.03
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
     07/23/2013 01:27:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\PCTCore64.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETwNv64.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\mux.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\system32\DRIVERS\OA008Vid.sys
\SystemRoot\system32\DRIVERS\OA008Ufd.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005ace790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004be2700
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005ace790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ace210, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ace790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80059c9cf0, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xfffffa8004be2700, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F7C0C486
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 80325  Numsec = 30720000
 
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30800325  Numsec = 945970795
    Partition file system is NTFS
    Partition is bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_30800325_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

MBAR log

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.23.03
 
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Chris :: CJT [administrator]
 
7/23/2013 1:27:37 AM
mbar-log-2013-07-23 (01-27-37).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 283632
Time elapsed: 1 hour(s), 31 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

 
Rkill log

Rkill 2.5.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/23/2013 11:13:27 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Chris\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (PID: 3764) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 07/23/2013 11:15:14 AM
Execution time: 0 hours(s), 1 minute(s), and 47 seconds(s)
 

 

 


Edited by cjtherooftime, 23 July 2013 - 10:16 AM.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 25 July 2013 - 07:50 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, cjtherooftime

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Happy belated birthday!

---------------------------------------------------------------------------------------------------


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 28 July 2013 - 07:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 28 July 2013 - 07:13 AM

Edited

Edited by Conspire, 28 July 2013 - 07:14 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:09:29 PM

Posted 01 August 2013 - 06:20 PM

This topic has been re-opened at the request of the person who originally posted.

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 01 August 2013 - 09:51 PM

I shall be waiting for your logs.

Thanks, Andrew.

Edited by Conspire, 01 August 2013 - 09:51 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 02 August 2013 - 02:31 PM

Thanks for re-opening!  

 

aswMBR log:
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-02 15:55:37
-----------------------------
15:55:37.729    OS Version: Windows x64 6.0.6001 Service Pack 1
15:55:37.729    Number of processors: 2 586 0x170A
15:55:37.730    ComputerName: CJT  UserName: 
15:55:40.409    Initialize success
15:55:45.212    AVAST engine defs: 13080200
15:56:28.811    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:56:28.814    Disk 0 Vendor: TOSHIBA_MK5055GSX FG000D Size: 476940MB BusType: 3
15:56:28.953    Disk 0 MBR read successfully
15:56:28.956    Disk 0 MBR scan
15:56:28.961    Disk 0 Windows VISTA default MBR code
15:56:28.964    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:56:28.974    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 80325
15:56:28.998    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       461899 MB offset 30800325
15:56:29.154    Disk 0 scanning C:\Windows\system32\drivers
15:56:39.280    Service scanning
15:57:24.154    Modules scanning
15:57:24.159    Disk 0 trace - called modules:
15:57:24.196    ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
15:57:24.198    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc9060]
15:57:24.198    3 CLASSPNP.SYS[fffffa600100fb3a] -> nt!IofCallDriver -> [0xfffffa8004ea0b40]
15:57:24.198    5 PCTCore64.sys[fffffa6000a665d7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bcb940]
15:57:25.642    AVAST engine scan C:\Windows
15:57:30.798    AVAST engine scan C:\Windows\system32
16:00:54.797    AVAST engine scan C:\Windows\system32\drivers
16:01:11.633    AVAST engine scan C:\Users\Chris
17:39:14.345    AVAST engine scan C:\ProgramData
17:48:43.841    Scan finished successfully
20:02:04.598    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:02:04.604    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
 
 

 

Attached Files

  • Attached File  MBR.zip   568bytes   0 downloads

Edited by cjtherooftime, 02 August 2013 - 07:05 PM.


#10 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 02 August 2013 - 07:05 PM

20:06:19.0543 9308  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:06:21.0546 9308  ============================================================
20:06:21.0546 9308  Current date / time: 2013/08/02 20:06:21.0546
20:06:21.0546 9308  SystemInfo:
20:06:21.0546 9308  
20:06:21.0546 9308  OS Version: 6.0.6001 ServicePack: 1.0
20:06:21.0546 9308  Product type: Workstation
20:06:21.0546 9308  ComputerName: CJT
20:06:21.0547 9308  UserName: Chris
20:06:21.0547 9308  Windows directory: C:\Windows
20:06:21.0547 9308  System windows directory: C:\Windows
20:06:21.0547 9308  Running under WOW64
20:06:21.0547 9308  Processor architecture: Intel x64
20:06:21.0547 9308  Number of processors: 2
20:06:21.0547 9308  Page size: 0x1000
20:06:21.0547 9308  Boot type: Normal boot
20:06:21.0547 9308  ============================================================
20:06:25.0213 9308  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:25.0222 9308  ============================================================
20:06:25.0222 9308  \Device\Harddisk0\DR0:
20:06:25.0231 9308  MBR partitions:
20:06:25.0231 9308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
20:06:25.0231 9308  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
20:06:25.0231 9308  ============================================================
20:06:25.0272 9308  C: <-> \Device\Harddisk0\DR0\Partition2
20:06:25.0321 9308  D: <-> \Device\Harddisk0\DR0\Partition1
20:06:25.0321 9308  ============================================================
20:06:25.0321 9308  Initialize success
20:06:25.0321 9308  ============================================================
20:06:34.0648 1340  ============================================================
20:06:34.0648 1340  Scan started
20:06:34.0648 1340  Mode: Manual; 
20:06:34.0648 1340  ============================================================
20:06:36.0322 1340  ================ Scan system memory ========================
20:06:36.0322 1340  System memory - ok
20:06:36.0323 1340  ================ Scan services =============================
20:06:37.0175 1340  [ AF3A1AA81F875169DD9E55B1320057D6 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:06:37.0181 1340  ACPI - ok
20:06:37.0323 1340  [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:06:37.0326 1340  Adobe LM Service - ok
20:06:37.0524 1340  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:06:37.0532 1340  adp94xx - ok
20:06:37.0624 1340  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:06:37.0630 1340  adpahci - ok
20:06:37.0684 1340  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:06:37.0687 1340  adpu160m - ok
20:06:37.0735 1340  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:06:37.0738 1340  adpu320 - ok
20:06:37.0833 1340  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:06:37.0835 1340  AeLookupSvc - ok
20:06:37.0983 1340  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
20:06:37.0985 1340  AESTFilters - ok
20:06:38.0069 1340  [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD             C:\Windows\system32\drivers\afd.sys
20:06:38.0075 1340  AFD - ok
20:06:38.0185 1340  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:06:38.0187 1340  agp440 - ok
20:06:38.0316 1340  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:06:38.0319 1340  aic78xx - ok
20:06:38.0882 1340  Akamai - ok
20:06:38.0909 1340  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
20:06:38.0911 1340  ALG - ok
20:06:38.0942 1340  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:06:38.0944 1340  aliide - ok
20:06:38.0972 1340  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
20:06:38.0974 1340  amdide - ok
20:06:39.0062 1340  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:06:39.0064 1340  AmdK8 - ok
20:06:39.0220 1340  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
20:06:39.0222 1340  Appinfo - ok
20:06:39.0333 1340  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
20:06:39.0335 1340  arc - ok
20:06:39.0429 1340  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:06:39.0431 1340  arcsas - ok
20:06:39.0711 1340  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:06:39.0713 1340  aspnet_state - ok
20:06:39.0795 1340  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
20:06:39.0797 1340  aswFsBlk - ok
20:06:39.0892 1340  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:06:39.0894 1340  aswMonFlt - ok
20:06:39.0982 1340  [ 9A9565BB92EE412B77B7416DD1D32F0B ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
20:06:39.0984 1340  aswRdr - ok
20:06:40.0111 1340  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:06:40.0113 1340  aswRvrt - ok
20:06:40.0324 1340  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:06:40.0340 1340  aswSnx - ok
20:06:40.0374 1340  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:06:40.0380 1340  aswSP - ok
20:06:40.0410 1340  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:06:40.0412 1340  aswTdi - ok
20:06:40.0484 1340  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:06:40.0488 1340  aswVmm - ok
20:06:40.0616 1340  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:06:40.0617 1340  AsyncMac - ok
20:06:40.0641 1340  [ F988BB0690CD660318037908E9B8DBF7 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:06:40.0642 1340  atapi - ok
20:06:40.0740 1340  [ 00DACE1D9A0DA60215022C6B1FAC1673 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:06:40.0750 1340  Ati External Event Utility - ok
20:06:40.0943 1340  [ CEF278088637401F07A0064B0B900A32 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:06:41.0058 1340  atikmdag - ok
20:06:41.0149 1340  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:06:41.0157 1340  AudioEndpointBuilder - ok
20:06:41.0166 1340  [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:06:41.0170 1340  AudioSrv - ok
20:06:41.0338 1340  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:06:41.0339 1340  avast! Antivirus - ok
20:06:41.0385 1340  Beep - ok
20:06:41.0443 1340  [ B66AEBF3B7073473468B941629242FBD ] BFE             C:\Windows\System32\bfe.dll
20:06:41.0450 1340  BFE - ok
20:06:41.0531 1340  [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS            C:\Windows\system32\qmgr.dll
20:06:41.0550 1340  BITS - ok
20:06:41.0595 1340  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:06:41.0597 1340  blbdrive - ok
20:06:41.0651 1340  [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:06:41.0654 1340  bowser - ok
20:06:41.0729 1340  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:06:41.0731 1340  BrFiltLo - ok
20:06:41.0755 1340  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:06:41.0778 1340  BrFiltUp - ok
20:06:41.0833 1340  [ 71142FA02068CB93C9319417737C915D ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
20:06:41.0835 1340  Bridge - ok
20:06:41.0863 1340  [ 71142FA02068CB93C9319417737C915D ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:06:41.0865 1340  BridgeMP - ok
20:06:41.0925 1340  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
20:06:41.0927 1340  Browser - ok
20:06:41.0996 1340  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:06:41.0998 1340  Brserid - ok
20:06:42.0041 1340  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:06:42.0043 1340  BrSerWdm - ok
20:06:42.0067 1340  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:06:42.0069 1340  BrUsbMdm - ok
20:06:42.0086 1340  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:06:42.0087 1340  BrUsbSer - ok
20:06:42.0141 1340  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:06:42.0143 1340  BTHMODEM - ok
20:06:42.0172 1340  catchme - ok
20:06:42.0211 1340  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:06:42.0214 1340  cdfs - ok
20:06:42.0272 1340  [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:06:42.0274 1340  cdrom - ok
20:06:42.0350 1340  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:06:42.0352 1340  CertPropSvc - ok
20:06:42.0373 1340  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:06:42.0375 1340  circlass - ok
20:06:42.0405 1340  [ C12C4EE07843B595036DA0BAA6317936 ] CLFS            C:\Windows\system32\CLFS.sys
20:06:42.0411 1340  CLFS - ok
20:06:42.0530 1340  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:06:42.0533 1340  clr_optimization_v2.0.50727_32 - ok
20:06:42.0599 1340  [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:06:42.0604 1340  clr_optimization_v2.0.50727_64 - ok
20:06:42.0716 1340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:06:42.0719 1340  clr_optimization_v4.0.30319_32 - ok
20:06:42.0739 1340  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:06:42.0742 1340  clr_optimization_v4.0.30319_64 - ok
20:06:42.0818 1340  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:06:42.0819 1340  CmBatt - ok
20:06:42.0847 1340  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:06:42.0849 1340  cmdide - ok
20:06:42.0898 1340  [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:06:42.0900 1340  Compbatt - ok
20:06:42.0905 1340  COMSysApp - ok
20:06:42.0952 1340  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:06:42.0954 1340  crcdisk - ok
20:06:43.0161 1340  [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:06:43.0164 1340  CryptSvc - ok
20:06:43.0258 1340  [ 0D260D60FC1302E482850BB8F432D8D5 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:06:43.0261 1340  CtClsFlt - ok
20:06:43.0340 1340  [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:06:43.0353 1340  DcomLaunch - ok
20:06:43.0441 1340  [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:06:43.0444 1340  DfsC - ok
20:06:43.0670 1340  [ 1781F99840979EE7B126C9073C377FD0 ] DFSR            C:\Windows\system32\DFSR.exe
20:06:43.0825 1340  DFSR - ok
20:06:43.0918 1340  [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:06:43.0923 1340  Dhcp - ok
20:06:43.0991 1340  [ 2DC415FC05FB8A079F896CBBACB19324 ] disk            C:\Windows\system32\drivers\disk.sys
20:06:43.0994 1340  disk - ok
20:06:44.0118 1340  [ 1E53C9D46995487DAE3FA9F4236DCEF1 ] dldtCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe
20:06:44.0124 1340  dldtCATSCustConnectService - ok
20:06:44.0129 1340  dldt_device - ok
20:06:44.0166 1340  [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:06:44.0169 1340  Dnscache - ok
20:06:44.0329 1340  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:06:44.0332 1340  DockLoginService - ok
20:06:44.0374 1340  [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:06:44.0378 1340  dot3svc - ok
20:06:44.0462 1340  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:06:44.0465 1340  Dot4 - ok
20:06:44.0483 1340  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:06:44.0485 1340  Dot4Print - ok
20:06:44.0512 1340  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:06:44.0514 1340  dot4usb - ok
20:06:44.0596 1340  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
20:06:44.0599 1340  DPS - ok
20:06:44.0683 1340  [ 97DC2A789C1BE458976507846A1A8CED ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:06:44.0685 1340  drmkaud - ok
20:06:44.0754 1340  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:06:44.0758 1340  dtsoftbus01 - ok
20:06:44.0816 1340  [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:06:44.0829 1340  DXGKrnl - ok
20:06:44.0894 1340  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
20:06:44.0899 1340  e1express - ok
20:06:44.0970 1340  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
20:06:44.0974 1340  E1G60 - ok
20:06:45.0011 1340  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
20:06:45.0014 1340  EapHost - ok
20:06:45.0077 1340  [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:06:45.0080 1340  Ecache - ok
20:06:45.0165 1340  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:06:45.0170 1340  ehRecvr - ok
20:06:45.0186 1340  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
20:06:45.0189 1340  ehSched - ok
20:06:45.0270 1340  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
20:06:45.0272 1340  ehstart - ok
20:06:45.0313 1340  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:06:45.0320 1340  elxstor - ok
20:06:45.0361 1340  [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:06:45.0368 1340  EMDMgmt - ok
20:06:45.0427 1340  [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:06:45.0429 1340  ErrDev - ok
20:06:45.0511 1340  [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem     C:\Windows\system32\es.dll
20:06:45.0517 1340  EventSystem - ok
20:06:45.0678 1340  [ 1BF7FF199FC07107278806BAE8E2CE52 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:06:45.0694 1340  EvtEng - ok
20:06:45.0734 1340  [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:06:45.0737 1340  exfat - ok
20:06:45.0765 1340  [ FE731D345ED9EEABBC72A59B35941834 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:06:45.0769 1340  fastfat - ok
20:06:45.0850 1340  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:06:45.0852 1340  fdc - ok
20:06:45.0888 1340  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
20:06:45.0890 1340  fdPHost - ok
20:06:45.0899 1340  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
20:06:45.0901 1340  FDResPub - ok
20:06:45.0921 1340  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:06:45.0923 1340  FileInfo - ok
20:06:45.0965 1340  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:06:45.0966 1340  Filetrace - ok
20:06:46.0056 1340  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:06:46.0064 1340  FLEXnet Licensing Service - ok
20:06:46.0079 1340  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:06:46.0081 1340  flpydisk - ok
20:06:46.0125 1340  [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:06:46.0130 1340  FltMgr - ok
20:06:46.0175 1340  [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:06:46.0178 1340  FontCache3.0.0.0 - ok
20:06:46.0196 1340  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:06:46.0198 1340  Fs_Rec - ok
20:06:46.0229 1340  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:06:46.0232 1340  gagp30kx - ok
20:06:46.0280 1340  [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc           C:\Windows\System32\gpsvc.dll
20:06:46.0291 1340  gpsvc - ok
20:06:46.0419 1340  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:06:46.0422 1340  gupdate - ok
20:06:46.0427 1340  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:06:46.0429 1340  gupdatem - ok
20:06:46.0519 1340  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:06:46.0525 1340  HdAudAddService - ok
20:06:46.0558 1340  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:06:46.0560 1340  HDAudBus - ok
20:06:46.0575 1340  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:06:46.0577 1340  HidBth - ok
20:06:46.0595 1340  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:06:46.0596 1340  HidIr - ok
20:06:46.0630 1340  [ 77E34697087CFDBCFD9E0009704FB5AF ] hidserv         C:\Windows\System32\hidserv.dll
20:06:46.0633 1340  hidserv - ok
20:06:46.0670 1340  [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:06:46.0672 1340  HidUsb - ok
20:06:46.0797 1340  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:06:46.0800 1340  hkmsvc - ok
20:06:46.0870 1340  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:06:46.0872 1340  HpCISSs - ok
20:06:46.0936 1340  [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:06:46.0945 1340  HTTP - ok
20:06:46.0987 1340  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:06:46.0989 1340  i2omp - ok
20:06:47.0048 1340  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:06:47.0050 1340  i8042prt - ok
20:06:47.0080 1340  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:06:47.0086 1340  iaStorV - ok
20:06:47.0198 1340  [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:06:47.0217 1340  idsvc - ok
20:06:47.0258 1340  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:06:47.0259 1340  iirsp - ok
20:06:47.0309 1340  [ F6B541B5B8FFC17E91C2697A39C80FE4 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:06:47.0317 1340  IKEEXT - ok
20:06:47.0412 1340  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
20:06:47.0414 1340  intelide - ok
20:06:47.0431 1340  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:06:47.0433 1340  intelppm - ok
20:06:47.0467 1340  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:06:47.0470 1340  IPBusEnum - ok
20:06:47.0496 1340  [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:06:47.0499 1340  IpFilterDriver - ok
20:06:47.0562 1340  [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:06:47.0567 1340  iphlpsvc - ok
20:06:47.0572 1340  IpInIp - ok
20:06:47.0592 1340  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:06:47.0595 1340  IPMIDRV - ok
20:06:47.0639 1340  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:06:47.0642 1340  IPNAT - ok
20:06:47.0667 1340  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:06:47.0669 1340  IRENUM - ok
20:06:47.0722 1340  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:06:47.0724 1340  isapnp - ok
20:06:47.0809 1340  [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:06:47.0813 1340  iScsiPrt - ok
20:06:47.0834 1340  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:06:47.0836 1340  iteatapi - ok
20:06:47.0908 1340  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:06:47.0910 1340  iteraid - ok
20:06:47.0986 1340  [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:06:47.0990 1340  k57nd60a - ok
20:06:48.0022 1340  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:48.0024 1340  kbdclass - ok
20:06:48.0040 1340  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:06:48.0042 1340  kbdhid - ok
20:06:48.0072 1340  [ 80F4593E92FF960E4763380D3168E498 ] KeyIso          C:\Windows\system32\lsass.exe
20:06:48.0074 1340  KeyIso - ok
20:06:48.0095 1340  [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:06:48.0105 1340  KSecDD - ok
20:06:48.0170 1340  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:06:48.0172 1340  ksthunk - ok
20:06:48.0256 1340  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:06:48.0265 1340  KtmRm - ok
20:06:48.0406 1340  [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:06:48.0411 1340  LanmanServer - ok
20:06:48.0506 1340  [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:06:48.0513 1340  LanmanWorkstation - ok
20:06:48.0533 1340  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:06:48.0535 1340  lltdio - ok
20:06:48.0572 1340  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:06:48.0579 1340  lltdsvc - ok
20:06:48.0601 1340  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:06:48.0604 1340  lmhosts - ok
20:06:48.0646 1340  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:06:48.0649 1340  LSI_FC - ok
20:06:48.0673 1340  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:06:48.0676 1340  LSI_SAS - ok
20:06:48.0737 1340  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:06:48.0740 1340  LSI_SCSI - ok
20:06:48.0770 1340  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:06:48.0773 1340  luafv - ok
20:06:48.0797 1340  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:06:48.0801 1340  Mcx2Svc - ok
20:06:48.0863 1340  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
20:06:48.0865 1340  megasas - ok
20:06:48.0960 1340  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:06:48.0968 1340  MegaSR - ok
20:06:49.0006 1340  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
20:06:49.0009 1340  MMCSS - ok
20:06:49.0030 1340  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
20:06:49.0032 1340  Modem - ok
20:06:49.0070 1340  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:06:49.0072 1340  monitor - ok
20:06:49.0084 1340  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:06:49.0086 1340  mouclass - ok
20:06:49.0144 1340  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:06:49.0145 1340  mouhid - ok
20:06:49.0160 1340  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:06:49.0162 1340  MountMgr - ok
20:06:49.0239 1340  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:06:49.0242 1340  MpFilter - ok
20:06:49.0302 1340  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:06:49.0305 1340  mpio - ok
20:06:49.0319 1340  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:06:49.0321 1340  mpsdrv - ok
20:06:49.0373 1340  [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:06:49.0384 1340  MpsSvc - ok
20:06:49.0412 1340  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:06:49.0414 1340  Mraid35x - ok
20:06:49.0440 1340  [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:06:49.0443 1340  MRxDAV - ok
20:06:49.0475 1340  [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:49.0479 1340  mrxsmb - ok
20:06:49.0519 1340  [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:49.0524 1340  mrxsmb10 - ok
20:06:49.0542 1340  [ F9425D610712533107A264E2D5B2154B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:49.0545 1340  mrxsmb20 - ok
20:06:49.0612 1340  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
20:06:49.0614 1340  msahci - ok
20:06:49.0636 1340  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:06:49.0639 1340  msdsm - ok
20:06:49.0659 1340  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
20:06:49.0663 1340  MSDTC - ok
20:06:49.0691 1340  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:06:49.0693 1340  Msfs - ok
20:06:49.0757 1340  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:06:49.0758 1340  msisadrv - ok
20:06:49.0796 1340  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:06:49.0800 1340  MSiSCSI - ok
20:06:49.0805 1340  msiserver - ok
20:06:49.0859 1340  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:06:49.0861 1340  MSKSSRV - ok
20:06:49.0973 1340  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:06:49.0974 1340  MsMpSvc - ok
20:06:50.0004 1340  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:50.0006 1340  MSPCLOCK - ok
20:06:50.0019 1340  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:06:50.0021 1340  MSPQM - ok
20:06:50.0044 1340  [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:06:50.0049 1340  MsRPC - ok
20:06:50.0087 1340  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:06:50.0089 1340  mssmbios - ok
20:06:50.0104 1340  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:06:50.0106 1340  MSTEE - ok
20:06:50.0125 1340  [ DDF133501F68D6988A0F55DFA88637B4 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:06:50.0128 1340  Mup - ok
20:06:50.0161 1340  [ 95027EC510AE3E67C4AB103AE544737E ] MUXMP           C:\Windows\system32\DRIVERS\mux.sys
20:06:50.0164 1340  MUXMP - ok
20:06:50.0190 1340  [ 95027EC510AE3E67C4AB103AE544737E ] MUXP            C:\Windows\system32\DRIVERS\mux.sys
20:06:50.0191 1340  MUXP - ok
20:06:50.0260 1340  [ 0712434C496BF4013019D8DA63EA1680 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:06:50.0265 1340  MyWiFiDHCPDNS - ok
20:06:50.0301 1340  [ C25022CDD18980846973B598900915F8 ] napagent        C:\Windows\system32\qagentRT.dll
20:06:50.0310 1340  napagent - ok
20:06:50.0386 1340  [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:06:50.0389 1340  NativeWifiP - ok
20:06:50.0482 1340  [ F9A3AE5C9F047D71A36A99F9ABCA7D02 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:06:50.0492 1340  NDIS - ok
20:06:50.0523 1340  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:50.0525 1340  NdisTapi - ok
20:06:50.0543 1340  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:50.0546 1340  Ndisuio - ok
20:06:50.0564 1340  [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:50.0568 1340  NdisWan - ok
20:06:50.0612 1340  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:06:50.0614 1340  NDProxy - ok
20:06:50.0627 1340  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:06:50.0629 1340  NetBIOS - ok
20:06:50.0649 1340  [ 7A29CA243A629230799754162D80120F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:06:50.0654 1340  netbt - ok
20:06:50.0659 1340  [ 80F4593E92FF960E4763380D3168E498 ] Netlogon        C:\Windows\system32\lsass.exe
20:06:50.0661 1340  Netlogon - ok
20:06:50.0709 1340  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
20:06:50.0717 1340  Netman - ok
20:06:50.0754 1340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:50.0778 1340  NetMsmqActivator - ok
20:06:50.0783 1340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:50.0785 1340  NetPipeActivator - ok
20:06:50.0831 1340  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
20:06:50.0838 1340  netprofm - ok
20:06:50.0865 1340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:50.0867 1340  NetTcpActivator - ok
20:06:50.0872 1340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:06:50.0874 1340  NetTcpPortSharing - ok
20:06:51.0051 1340  [ 4B953E6CB07830FF4E236E02CC264D4C ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
20:06:51.0144 1340  NETw5v64 - ok
20:06:51.0406 1340  [ BAC576B1BE99EFE5EF6A6228404CD1C4 ] NETwNv64        C:\Windows\system32\DRIVERS\NETwNv64.sys
20:06:51.0590 1340  NETwNv64 - ok
20:06:51.0631 1340  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:06:51.0634 1340  nfrd960 - ok
20:06:51.0689 1340  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:06:51.0692 1340  NisDrv - ok
20:06:51.0754 1340  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:06:51.0762 1340  NisSrv - ok
20:06:51.0827 1340  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:06:51.0833 1340  NlaSvc - ok
20:06:51.0839 1340  nordicis - ok
20:06:51.0878 1340  nordicisMP - ok
20:06:51.0908 1340  [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:06:51.0910 1340  Npfs - ok
20:06:51.0926 1340  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
20:06:51.0930 1340  nsi - ok
20:06:51.0967 1340  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:06:51.0969 1340  nsiproxy - ok
20:06:52.0014 1340  [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:06:52.0036 1340  Ntfs - ok
20:06:52.0075 1340  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
20:06:52.0077 1340  Null - ok
20:06:52.0092 1340  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:06:52.0095 1340  nvraid - ok
20:06:52.0115 1340  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:06:52.0118 1340  nvstor - ok
20:06:52.0144 1340  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:06:52.0147 1340  nv_agp - ok
20:06:52.0152 1340  NwlnkFlt - ok
20:06:52.0158 1340  NwlnkFwd - ok
20:06:52.0230 1340  [ D09CC91E92FD1FF81AF3A14BE2CBB20D ] OA008Ufd        C:\Windows\system32\DRIVERS\OA008Ufd.sys
20:06:52.0233 1340  OA008Ufd - ok
20:06:52.0253 1340  [ 60FD277CFD34F680A1668AC123B324AE ] OA008Vid        C:\Windows\system32\DRIVERS\OA008Vid.sys
20:06:52.0258 1340  OA008Vid - ok
20:06:52.0391 1340  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:06:52.0398 1340  odserv - ok
20:06:52.0467 1340  [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:06:52.0469 1340  ohci1394 - ok
20:06:52.0550 1340  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:06:52.0553 1340  ose - ok
20:06:52.0626 1340  [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:06:52.0640 1340  p2pimsvc - ok
20:06:52.0654 1340  [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc          C:\Windows\system32\p2psvc.dll
20:06:52.0663 1340  p2psvc - ok
20:06:52.0706 1340  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
20:06:52.0709 1340  Parport - ok
20:06:52.0740 1340  [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:06:52.0743 1340  partmgr - ok
20:06:52.0804 1340  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:06:52.0808 1340  PcaSvc - ok
20:06:52.0828 1340  [ 2A5B2A51559066EA84742909B5B2CD69 ] pci             C:\Windows\system32\drivers\pci.sys
20:06:52.0831 1340  pci - ok
20:06:52.0850 1340  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:06:52.0852 1340  pciide - ok
20:06:52.0871 1340  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:06:52.0875 1340  pcmcia - ok
20:06:52.0957 1340  [ 60F19AF0A9A26851AD9BC2D981AFBAC6 ] PCTCore         C:\Windows\system32\drivers\PCTCore64.sys
20:06:52.0961 1340  PCTCore - ok
20:06:52.0983 1340  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:06:52.0993 1340  PEAUTH - ok
20:06:53.0080 1340  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:06:53.0083 1340  PerfHost - ok
20:06:53.0152 1340  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
20:06:53.0173 1340  pla - ok
20:06:53.0217 1340  [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:06:53.0225 1340  PlugPlay - ok
20:06:53.0330 1340  [ 5C42FA1FCEA58C6F7D6614504BF88F4F ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:06:53.0333 1340  Pml Driver HPZ12 - ok
20:06:53.0393 1340  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:06:53.0401 1340  PNRPAutoReg - ok
20:06:53.0415 1340  [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:06:53.0423 1340  PNRPsvc - ok
20:06:53.0463 1340  [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:06:53.0472 1340  PolicyAgent - ok
20:06:53.0510 1340  [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:06:53.0513 1340  PptpMiniport - ok
20:06:53.0537 1340  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
20:06:53.0539 1340  Processor - ok
20:06:53.0616 1340  [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:06:53.0621 1340  ProfSvc - ok
20:06:53.0638 1340  [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:06:53.0641 1340  ProtectedStorage - ok
20:06:53.0678 1340  [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:06:53.0680 1340  PSched - ok
20:06:53.0736 1340  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:06:53.0739 1340  PxHlpa64 - ok
20:06:53.0782 1340  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:06:53.0799 1340  ql2300 - ok
20:06:53.0820 1340  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:06:53.0823 1340  ql40xx - ok
20:06:54.0029 1340  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
20:06:54.0036 1340  QWAVE - ok
20:06:54.0054 1340  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:06:54.0056 1340  QWAVEdrv - ok
20:06:54.0221 1340  [ CEF278088637401F07A0064B0B900A32 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
20:06:54.0252 1340  R300 - ok
20:06:54.0285 1340  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:06:54.0287 1340  RasAcd - ok
20:06:54.0328 1340  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
20:06:54.0333 1340  RasAuto - ok
20:06:54.0357 1340  [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:54.0360 1340  Rasl2tp - ok
20:06:54.0380 1340  [ D0C346D7DF0DF9B4899631796F177D56 ] RasMan          C:\Windows\System32\rasmans.dll
20:06:54.0388 1340  RasMan - ok
20:06:54.0404 1340  [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:54.0406 1340  RasPppoe - ok
20:06:54.0438 1340  [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:06:54.0441 1340  RasSstp - ok
20:06:54.0456 1340  [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:06:54.0462 1340  rdbss - ok
20:06:54.0475 1340  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:54.0477 1340  RDPCDD - ok
20:06:54.0515 1340  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:06:54.0520 1340  rdpdr - ok
20:06:54.0564 1340  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:06:54.0566 1340  RDPENCDD - ok
20:06:54.0606 1340  [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:06:54.0610 1340  RDPWD - ok
20:06:54.0724 1340  [ CCE7D039AED863A546B626DDA33FD567 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:06:54.0736 1340  RegSrvc - ok
20:06:54.0769 1340  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:06:54.0773 1340  RemoteAccess - ok
20:06:54.0813 1340  [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:06:54.0819 1340  RemoteRegistry - ok
20:06:54.0905 1340  [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
20:06:54.0908 1340  rimmptsk - ok
20:06:54.0916 1340  [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
20:06:54.0920 1340  rimsptsk - ok
20:06:54.0925 1340  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
20:06:54.0928 1340  rismxdp - ok
20:06:54.0961 1340  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
20:06:54.0964 1340  RpcLocator - ok
20:06:55.0007 1340  [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs           C:\Windows\system32\rpcss.dll
20:06:55.0014 1340  RpcSs - ok
20:06:55.0057 1340  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:06:55.0060 1340  rspndr - ok
20:06:55.0083 1340  [ 80F4593E92FF960E4763380D3168E498 ] SamSs           C:\Windows\system32\lsass.exe
20:06:55.0085 1340  SamSs - ok
20:06:55.0110 1340  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:06:55.0113 1340  sbp2port - ok
20:06:55.0190 1340  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:06:55.0206 1340  SBSDWSCService - ok
20:06:55.0239 1340  [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:06:55.0245 1340  SCardSvr - ok
20:06:55.0322 1340  [ CE75D26E0A1106129F4D156851E298ED ] Schedule        C:\Windows\system32\schedsvc.dll
20:06:55.0336 1340  Schedule - ok
20:06:55.0361 1340  [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:06:55.0362 1340  SCPolicySvc - ok
20:06:55.0455 1340  [ FB30126D3E617C86CD8E8643792CA3CF ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:06:55.0458 1340  sdbus - ok
20:06:55.0498 1340  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:06:55.0503 1340  SDRSVC - ok
20:06:55.0546 1340  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:06:55.0548 1340  secdrv - ok
20:06:55.0559 1340  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
20:06:55.0564 1340  seclogon - ok
20:06:55.0577 1340  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
20:06:55.0582 1340  SENS - ok
20:06:55.0595 1340  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:06:55.0597 1340  Serenum - ok
20:06:55.0629 1340  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
20:06:55.0632 1340  Serial - ok
20:06:55.0651 1340  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:06:55.0653 1340  sermouse - ok
20:06:55.0815 1340  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:06:55.0820 1340  SessionEnv - ok
20:06:55.0836 1340  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
20:06:55.0838 1340  sffdisk - ok
20:06:55.0872 1340  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:06:55.0874 1340  sffp_mmc - ok
20:06:55.0897 1340  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
20:06:55.0899 1340  sffp_sd - ok
20:06:55.0922 1340  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:06:55.0924 1340  sfloppy - ok
20:06:55.0958 1340  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:06:55.0964 1340  SharedAccess - ok
20:06:56.0009 1340  [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:56.0017 1340  ShellHWDetection - ok
20:06:56.0045 1340  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:06:56.0047 1340  SiSRaid2 - ok
20:06:56.0075 1340  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:06:56.0077 1340  SiSRaid4 - ok
20:06:56.0211 1340  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:06:56.0214 1340  SkypeUpdate - ok
20:06:56.0286 1340  [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc           C:\Windows\system32\SLsvc.exe
20:06:56.0318 1340  slsvc - ok
20:06:56.0348 1340  [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:06:56.0353 1340  SLUINotify - ok
20:06:56.0372 1340  [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:06:56.0375 1340  Smb - ok
20:06:56.0399 1340  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:06:56.0403 1340  SNMPTRAP - ok
20:06:56.0437 1340  [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:06:56.0439 1340  spldr - ok
20:06:56.0484 1340  [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler         C:\Windows\System32\spoolsv.exe
20:06:56.0491 1340  Spooler - ok
20:06:56.0567 1340  [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:06:56.0575 1340  srv - ok
20:06:56.0617 1340  [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:06:56.0621 1340  srv2 - ok
20:06:56.0637 1340  [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:06:56.0641 1340  srvnet - ok
20:06:56.0668 1340  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:06:56.0675 1340  SSDPSRV - ok
20:06:56.0692 1340  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:06:56.0697 1340  SstpSvc - ok
20:06:56.0781 1340  [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
20:06:56.0785 1340  STacSV - ok
20:06:56.0856 1340  Steam Client Service - ok
20:06:56.0917 1340  [ BA16447226ABFD342E130D2F24F73D32 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:06:56.0924 1340  STHDA - ok
20:06:56.0960 1340  [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc          C:\Windows\System32\wiaservc.dll
20:06:56.0972 1340  stisvc - ok
20:06:57.0097 1340  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:06:57.0099 1340  stllssvr - ok
20:06:57.0147 1340  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:06:57.0149 1340  swenum - ok
20:06:57.0317 1340  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:06:57.0324 1340  SwitchBoard - ok
20:06:57.0371 1340  [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv           C:\Windows\System32\swprv.dll
20:06:57.0381 1340  swprv - ok
20:06:57.0402 1340  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:06:57.0404 1340  Symc8xx - ok
20:06:57.0425 1340  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:06:57.0427 1340  Sym_hi - ok
20:06:57.0449 1340  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:06:57.0451 1340  Sym_u3 - ok
20:06:57.0540 1340  [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:06:57.0545 1340  SynTP - ok
20:06:57.0612 1340  [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain         C:\Windows\system32\sysmain.dll
20:06:57.0627 1340  SysMain - ok
20:06:57.0652 1340  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:06:57.0657 1340  TabletInputService - ok
20:06:57.0704 1340  [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:06:57.0711 1340  TapiSrv - ok
20:06:57.0729 1340  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
20:06:57.0734 1340  TBS - ok
20:06:57.0805 1340  [ D43D5336BE9DD93E02EE124297295713 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:06:57.0821 1340  Tcpip - ok
20:06:57.0844 1340  [ D43D5336BE9DD93E02EE124297295713 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:06:57.0854 1340  Tcpip6 - ok
20:06:57.0882 1340  [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:06:57.0885 1340  tcpipreg - ok
20:06:57.0905 1340  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:06:57.0906 1340  TDPIPE - ok
20:06:57.0933 1340  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:06:57.0935 1340  TDTCP - ok
20:06:57.0959 1340  [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:06:57.0962 1340  tdx - ok
20:06:57.0995 1340  [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:06:57.0997 1340  TermDD - ok
20:06:58.0039 1340  [ F870A5589D6A94B426EFB13689023946 ] TermService     C:\Windows\System32\termsrv.dll
20:06:58.0050 1340  TermService - ok
20:06:58.0065 1340  [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes          C:\Windows\system32\shsvcs.dll
20:06:58.0071 1340  Themes - ok
20:06:58.0106 1340  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:06:58.0109 1340  THREADORDER - ok
20:06:58.0142 1340  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
20:06:58.0147 1340  TrkWks - ok
20:06:58.0218 1340  [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:06:58.0220 1340  TrustedInstaller - ok
20:06:58.0238 1340  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:58.0240 1340  tssecsrv - ok
20:06:58.0296 1340  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:06:58.0298 1340  tunmp - ok
20:06:58.0352 1340  [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:06:58.0353 1340  tunnel - ok
20:06:58.0389 1340  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:06:58.0392 1340  uagp35 - ok
20:06:58.0422 1340  [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:06:58.0428 1340  udfs - ok
20:06:58.0464 1340  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:06:58.0468 1340  UI0Detect - ok
20:06:58.0507 1340  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:06:58.0510 1340  uliagpkx - ok
20:06:58.0551 1340  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:06:58.0556 1340  uliahci - ok
20:06:58.0581 1340  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:06:58.0585 1340  UlSata - ok
20:06:58.0629 1340  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:06:58.0633 1340  ulsata2 - ok
20:06:58.0658 1340  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:06:58.0660 1340  umbus - ok
20:06:58.0700 1340  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
20:06:58.0708 1340  upnphost - ok
20:06:58.0787 1340  [ 471474EFA0640B426E9F8AA5A5FC2673 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:06:58.0790 1340  usbaudio - ok
20:06:58.0860 1340  [ AE3DEA342F01249317B2BB3DF0424238 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:58.0863 1340  usbccgp - ok
20:06:58.0900 1340  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:06:58.0903 1340  usbcir - ok
20:06:58.0938 1340  [ B89F9FE9FC1E7C9CB03ACB8819EB511D ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:06:58.0941 1340  usbehci - ok
20:06:58.0975 1340  [ F2C1D8EFF9C7CF84FF0235408ACD3F4B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:06:58.0980 1340  usbhub - ok
20:06:59.0015 1340  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:06:59.0017 1340  usbohci - ok
20:06:59.0040 1340  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:06:59.0042 1340  usbprint - ok
20:06:59.0072 1340  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:06:59.0074 1340  usbscan - ok
20:06:59.0130 1340  [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:59.0133 1340  USBSTOR - ok
20:06:59.0170 1340  [ 225E107785315874BA5C1ABC7DDA7BFC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:59.0172 1340  usbuhci - ok
20:06:59.0209 1340  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:06:59.0212 1340  usbvideo - ok
20:06:59.0255 1340  [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms           C:\Windows\System32\uxsms.dll
20:06:59.0260 1340  UxSms - ok
20:06:59.0283 1340  [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds             C:\Windows\System32\vds.exe
20:06:59.0293 1340  vds - ok
20:06:59.0319 1340  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:59.0321 1340  vga - ok
20:06:59.0340 1340  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:06:59.0342 1340  VgaSave - ok
20:06:59.0363 1340  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
20:06:59.0365 1340  viaide - ok
20:06:59.0390 1340  [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:06:59.0393 1340  volmgr - ok
20:06:59.0430 1340  [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:06:59.0437 1340  volmgrx - ok
20:06:59.0458 1340  [ DE4307412D98050239026E56A7DFF3C0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:06:59.0464 1340  volsnap - ok
20:06:59.0508 1340  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:06:59.0511 1340  vsmraid - ok
20:06:59.0595 1340  [ 186BD53F8A408AD20F5A056C05678629 ] VSS             C:\Windows\system32\vssvc.exe
20:06:59.0619 1340  VSS - ok
20:06:59.0647 1340  [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time         C:\Windows\system32\w32time.dll
20:06:59.0656 1340  W32Time - ok
20:06:59.0690 1340  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:06:59.0692 1340  WacomPen - ok
20:06:59.0710 1340  [ AEA75207E443C8623C36B8D03596F84F ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:06:59.0713 1340  Wanarp - ok
20:06:59.0717 1340  [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:06:59.0720 1340  Wanarpv6 - ok
20:06:59.0771 1340  [ 055449247C490E24B968B44FE8A969EB ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:06:59.0783 1340  wcncsvc - ok
20:06:59.0815 1340  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:06:59.0820 1340  WcsPlugInService - ok
20:06:59.0850 1340  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
20:06:59.0851 1340  Wd - ok
20:06:59.0890 1340  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:06:59.0903 1340  Wdf01000 - ok
20:06:59.0920 1340  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:06:59.0925 1340  WdiServiceHost - ok
20:06:59.0929 1340  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:06:59.0934 1340  WdiSystemHost - ok
20:06:59.0966 1340  [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient       C:\Windows\System32\webclnt.dll
20:06:59.0973 1340  WebClient - ok
20:07:00.0038 1340  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:07:00.0045 1340  Wecsvc - ok
20:07:00.0053 1340  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:07:00.0059 1340  wercplsupport - ok
20:07:00.0100 1340  [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:07:00.0105 1340  WerSvc - ok
20:07:00.0126 1340  WinDefend - ok
20:07:00.0138 1340  WinHttpAutoProxySvc - ok
20:07:00.0191 1340  [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:07:00.0196 1340  Winmgmt - ok
20:07:00.0301 1340  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:07:00.0332 1340  WinRM - ok
20:07:00.0389 1340  [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:07:00.0401 1340  Wlansvc - ok
20:07:00.0432 1340  [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:07:00.0434 1340  WmiAcpi - ok
20:07:00.0475 1340  [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:07:00.0479 1340  wmiApSrv - ok
20:07:00.0559 1340  WMPNetworkSvc - ok
20:07:00.0615 1340  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:07:00.0621 1340  WPCSvc - ok
20:07:00.0753 1340  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:07:00.0758 1340  WPDBusEnum - ok
20:07:00.0829 1340  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:07:00.0832 1340  WpdUsb - ok
20:07:00.0991 1340  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:07:01.0017 1340  WPFFontCache_v0400 - ok
20:07:01.0058 1340  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:07:01.0060 1340  ws2ifsl - ok
20:07:01.0087 1340  [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc          C:\Windows\system32\wscsvc.dll
20:07:01.0092 1340  wscsvc - ok
20:07:01.0098 1340  WSearch - ok
20:07:01.0183 1340  [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv        C:\Windows\system32\wuaueng.dll
20:07:01.0220 1340  wuauserv - ok
20:07:01.0280 1340  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:07:01.0283 1340  WUDFRd - ok
20:07:01.0319 1340  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:07:01.0324 1340  wudfsvc - ok
20:07:01.0371 1340  ================ Scan global ===============================
20:07:01.0424 1340  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:07:01.0472 1340  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:07:01.0490 1340  [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:07:01.0534 1340  [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
20:07:01.0543 1340  [Global] - ok
20:07:01.0543 1340  ================ Scan MBR ==================================
20:07:01.0558 1340  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
20:07:01.0860 1340  \Device\Harddisk0\DR0 - ok
20:07:01.0861 1340  ================ Scan VBR ==================================
20:07:01.0880 1340  [ 6B87BB052A3F228A2D3C7A7AEB14344C ] \Device\Harddisk0\DR0\Partition1
20:07:01.0882 1340  \Device\Harddisk0\DR0\Partition1 - ok
20:07:01.0904 1340  [ 2F267FB4CE5D8DBCCAF4334768EE996F ] \Device\Harddisk0\DR0\Partition2
20:07:01.0906 1340  \Device\Harddisk0\DR0\Partition2 - ok
20:07:01.0909 1340  ============================================================
20:07:01.0909 1340  Scan finished
20:07:01.0909 1340  ============================================================
20:07:01.0922 8872  Detected object count: 0
20:07:01.0922 8872  Actual detected object count: 0

Edited by cjtherooftime, 02 August 2013 - 07:12 PM.


#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 02 August 2013 - 10:07 PM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 03 August 2013 - 07:28 AM

Thanks for your help so far!  I'm actually about to leave town for a week, so I will resume the next step and run combofix when I return.  Sorry for the delay, but I really do appreciate your help!



#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 03 August 2013 - 07:34 AM

Sure :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 cjtherooftime

cjtherooftime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 11 August 2013 - 12:42 PM

I'm back, thanks for waiting for me!

 

ComboFix log, ComboFix.txt is attached

 

ComboFix 13-06-26.01 - Chris 08/11/2013  13:11:48.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.4090.2058 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 17:30 . 2013-08-11 17:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-08-11 17:30 . 2013-08-11 17:30 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2013-08-11 17:30 . 2013-08-11 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-11 17:30 . 2013-08-11 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 17:30 . 2013-08-11 17:30 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-08-11 16:47 . 2013-08-11 16:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2013-08-11 16:29 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10F2FBA6-8F28-470E-91D1-3DAD4B9EEFBE}\mpengine.dll
2013-08-10 01:58 . 2013-08-10 01:58 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-08-09 21:05 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-23 05:27 . 2013-07-23 15:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 03:40 . 2013-07-16 09:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CB527D8-749A-4DFA-A48C-6F146352F43B}\gapaengine.dll
2013-07-23 03:27 . 2013-07-23 03:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-07-23 03:26 . 2013-07-23 03:28 -------- dc----w- c:\program files\Microsoft Security Client
2013-07-22 18:28 . 2013-08-09 21:00 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-07-22 18:28 . 2013-08-09 21:01 -------- d-----w- c:\program files (x86)\Steam
2013-07-19 21:22 . 2013-07-19 21:22 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{82AFC25B-1956-4AC4-8A88-E2CACB55B1DA}\offreg.dll
2013-07-19 21:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{82AFC25B-1956-4AC4-8A88-E2CACB55B1DA}\mpengine.dll
2013-07-16 20:55 . 2013-07-16 20:55 -------- d-----w- c:\users\Chris\AppData\Local\Facebook
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 13:08 . 2006-11-02 12:35 78185248 ----a-w- c:\windows\system32\mrt.exe
2013-07-01 20:27 . 2013-06-26 14:19 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-01 20:27 . 2011-03-08 17:51 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-07-01 20:27 . 2009-11-25 09:43 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SansaDispatch"="c:\users\Chris\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-04-04 613888]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Spotify Web Helper"="c:\users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-24 1104384]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-07-16 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-26 1807272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-05-09 4858968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-20 202256]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21526786
*Deregistered* - 21526786
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2044001094-2850479036-3636786644-1000Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-16 20:54]
.
2013-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2044001094-2850479036-3636786644-1000UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-16 20:54]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 14:24]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 14:24]
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044001094-2850479036-3636786644-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-09 02:34]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2044001094-2850479036-3636786644-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-09 02:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1914880]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2008-06-24 16624]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: live.com\onecare
TCP: DhcpNameServer = 76.78.64.42 66.112.235.200 66.112.235.250
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\qvojq88i.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://weblogin.albany.edu/cosign-bin/cosign.cgi?cosign-websso=xmoZzJe3SyNtu7a7tD48CPDtqPFHVvQBi+PBRgJsXoh9EGvL629HwIk2TW7Yio9E3bKeYnwXjcTylbwJxwrw4GTlMvNMRlX32y-0XlWNzjpPNUSoB2M+yyFdOUHX;&https://weblogin.albany.edu/shibboleth-idp/SSO?shire=https%3A%2F%2Fportal.itsli.albany.edu%2FShibboleth.sso%2FSAML%2FPOST&time=1251860926&target=cookie&providerId=https%3A%2F%2Fportal.itsli.albany.edu%2Fshibboleth%2Fsp
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2044001094-2850479036-3636786644-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3EB1C0D-007C-0793-07C6-E502A17A25E5}*]
"bblkcemjfpfjgikidelpkoifbkajafnopogo"=hex:62,61,6c,65,00,00
"ablkcemjfpfjgikidefabiekimbaghleme"=hex:62,61,6c,65,00,00
"oalkcemjfppimmoclgaoipdeapmmcb"=hex:62,61,6c,65,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-08-11  13:34:49
ComboFix-quarantined-files.txt  2013-08-11 17:34
ComboFix2.txt  2013-06-26 15:40
.
Pre-Run: 38,041,112,576 bytes free
Post-Run: 38,115,065,856 bytes free
.
- - End Of File - - 5A9CC3B7AA8BB7B4C2C62BFB9EA7D3EF
CDB4DE4BBD714F152979DA2DCBEF57EB
 

 

Attached Files



#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 11 August 2013 - 10:37 PM

Not a problem :)

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
Regnull::
[HKEY_USERS\S-1-5-21-2044001094-2850479036-3636786644-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E3EB1C0D-007C-0793-07C6-E502A17A25E5}*]

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users