Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Torpig/Mebroot


  • This topic is locked This topic is locked
11 replies to this topic

#1 MarkV74

MarkV74

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 05 August 2013 - 06:03 AM

Hi, the PC is infected by Torpig/Mebroot. The user opened a attachment in a mail from Vodafone saying an MMS message was attached. I tried several scanners (Malwarebytes, AWSmbr, TDDSkiller) and they all found something. After cleaning the files and rebooting PC works for probably a day or so and then becomes active again. It is notable when telebanking (Rabobank, NL), after short period of time an webpage is shown as overlay saying the addressbook is being converted. Called the support of the bank but they never heard of this message shown.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Ineke at 12:55:24 on 2013-08-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.31.1043.18.3984.2632 [GMT 2:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60438
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60438
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.0.0.3
TCP: Interfaces\{7036DE7D-7E49-4548-BAE0-3D6167242619} : DHCPNameServer = 10.0.0.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\Windows\System32\drivers\MfeEpeOpal.sys [2012-7-12 90736]
R0 MfeEpePc;MfeEpePc;C:\Windows\System32\drivers\MfeEpePc.sys [2012-7-12 158832]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-7-30 272816]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-3-9 372824]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-7-12 1327104]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-7-30 69904]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-11 676968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2012-9-5 64832]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2012-9-5 477088]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-08-01 13:10:38    --------    d-----w-    C:\Program Files\HitmanPro
2013-08-01 13:10:31    --------    d-----w-    C:\ProgramData\HitmanPro
2013-08-01 12:57:29    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-01 12:50:15    --------    d-s---w-    C:\ComboFix
2013-07-31 06:06:02    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6B8EE3E-C48A-46BB-AA88-09B716371BC0}\mpengine.dll
2013-07-30 14:29:53    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-07-30 14:29:53    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-30 13:31:51    105552    ----a-w-    C:\Windows\System32\drivers\tmtdi.sys
2013-07-30 13:31:35    90896    ----a-w-    C:\Windows\System32\drivers\tmactmon.sys
2013-07-30 13:31:35    69904    ----a-w-    C:\Windows\System32\drivers\tmevtmgr.sys
2013-07-30 13:31:35    146192    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2013-07-30 13:23:34    --------    d-----w-    C:\Program Files\CCleaner
2013-07-30 13:12:06    98816    ----a-w-    C:\Windows\sed.exe
2013-07-30 13:12:06    256000    ----a-w-    C:\Windows\PEV.exe
2013-07-30 13:12:06    208896    ----a-w-    C:\Windows\MBR.exe
2013-07-30 11:58:01    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 11:53:45    --------    d-----w-    C:\Users\ineke\AppData\Local\Apps
2013-07-30 11:53:44    --------    d-----w-    C:\Users\ineke\AppData\Local\Deployment
2013-07-30 11:26:53    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-30 11:26:53    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-30 06:07:39    234544    ----a-w-    C:\Windows\RegBootClean64.exe
2013-07-30 06:07:39    22064    ----a-w-    C:\Windows\DCEBoot64.exe
2013-07-16 06:10:48    --------    d-----w-    C:\Users\ineke\AppData\Roaming\Xyeqinu
2013-07-16 06:10:48    --------    d-----w-    C:\Users\ineke\AppData\Roaming\Poco
2013-07-10 01:06:47    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:06:47    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 01:06:47    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:06:47    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:06:47    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:06:47    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 01:06:46    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 01:06:24    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-07-10 01:06:24    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-10 01:06:06    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-10 01:06:06    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:01:24    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-10 01:01:12    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:01:12    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 01:01:12    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 01:01:11    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 01:01:11    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
.
==================== Find3M  ====================
.
2013-07-30 11:58:01    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-26 13:10:27    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:10:26    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-26 13:10:26    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:56:03,96 ===============
 

Attached Files


Edited by MarkV74, 05 August 2013 - 06:12 AM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 07 August 2013 - 12:46 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
----------
 
You mentioned that you had run TDSSKiller already?  Please do that again but this time just post the log to see what we have.  Don't take any actions on anything yet.
---------
 
It looks like you have already run ComboFix as well?  Could you post the log that was created too please?  It should be located in C:\ComboFix.txt.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 MarkV74

MarkV74
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 August 2013 - 04:15 AM

Hi Jeff, thank you for reaction. Below you find the logfiles of TDDSKiller and ComboFix. Hope to hear from you soon!

 

BTW the file reffered to in the following line in ComboFix.log had already been detected as a virus and deleted:

2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 13:05]

11:11:22.0940 2912  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
11:11:23.0049 2912  ============================================================
11:11:23.0049 2912  Current date / time: 2013/08/08 11:11:23.0049
11:11:23.0049 2912  SystemInfo:
11:11:23.0049 2912  
11:11:23.0049 2912  OS Version: 6.1.7601 ServicePack: 1.0
11:11:23.0049 2912  Product type: Workstation
11:11:23.0049 2912  ComputerName: PCINEKEW7
11:11:23.0049 2912  UserName: Ineke
11:11:23.0049 2912  Windows directory: C:\Windows
11:11:23.0049 2912  System windows directory: C:\Windows
11:11:23.0049 2912  Running under WOW64
11:11:23.0049 2912  Processor architecture: Intel x64
11:11:23.0049 2912  Number of processors: 4
11:11:23.0049 2912  Page size: 0x1000
11:11:23.0049 2912  Boot type: Normal boot
11:11:23.0049 2912  ============================================================
11:11:24.0313 2912  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:11:24.0328 2912  Drive \Device\Harddisk1\DR1 - Size: 0xF400000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:11:24.0328 2912  ============================================================
11:11:24.0328 2912  \Device\Harddisk0\DR0:
11:11:24.0328 2912  MBR partitions:
11:11:24.0328 2912  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:11:24.0328 2912  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38329000
11:11:24.0328 2912  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3835B800, BlocksNum 0x1FF7800
11:11:24.0328 2912  \Device\Harddisk1\DR1:
11:11:24.0328 2912  MBR partitions:
11:11:24.0328 2912  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x79FE0
11:11:24.0328 2912  ============================================================
11:11:24.0375 2912  C: <-> \Device\Harddisk0\DR0\Partition2
11:11:24.0562 2912  D: <-> \Device\Harddisk0\DR0\Partition3
11:11:24.0562 2912  ============================================================
11:11:24.0562 2912  Initialize success
11:11:24.0562 2912  ============================================================
11:11:26.0153 2376  ============================================================
11:11:26.0153 2376  Scan started
11:11:26.0153 2376  Mode: Manual;
11:11:26.0153 2376  ============================================================
11:11:27.0167 2376  ================ Scan system memory ========================
11:11:27.0167 2376  System memory - ok
11:11:27.0167 2376  ================ Scan services =============================
11:11:27.0214 2376  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:11:27.0230 2376  !SASCORE - ok
11:11:27.0370 2376  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:11:27.0370 2376  1394ohci - ok
11:11:27.0386 2376  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:11:27.0401 2376  ACPI - ok
11:11:27.0417 2376  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:11:27.0417 2376  AcpiPmi - ok
11:11:27.0511 2376  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:11:27.0511 2376  AdobeARMservice - ok
11:11:27.0604 2376  AdobeFlashPlayerUpdateSvc - ok
11:11:27.0635 2376  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:11:27.0635 2376  adp94xx - ok
11:11:27.0682 2376  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:11:27.0682 2376  adpahci - ok
11:11:27.0713 2376  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:11:27.0713 2376  adpu320 - ok
11:11:27.0745 2376  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:11:27.0745 2376  AeLookupSvc - ok
11:11:27.0791 2376  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:11:27.0791 2376  AFD - ok
11:11:27.0807 2376  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:11:27.0807 2376  agp440 - ok
11:11:27.0823 2376  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:11:27.0823 2376  ALG - ok
11:11:27.0854 2376  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:11:27.0854 2376  aliide - ok
11:11:27.0854 2376  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:11:27.0869 2376  amdide - ok
11:11:27.0885 2376  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:11:27.0885 2376  AmdK8 - ok
11:11:27.0901 2376  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:11:27.0901 2376  AmdPPM - ok
11:11:27.0916 2376  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:11:27.0916 2376  amdsata - ok
11:11:27.0947 2376  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:11:27.0947 2376  amdsbs - ok
11:11:27.0963 2376  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:11:27.0963 2376  amdxata - ok
11:11:27.0994 2376  [ 24C5AAB82E681147E8F3D33FD416DAC8 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:11:27.0994 2376  Amsp - ok
11:11:28.0041 2376  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:11:28.0041 2376  AppID - ok
11:11:28.0072 2376  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:11:28.0072 2376  AppIDSvc - ok
11:11:28.0103 2376  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:11:28.0103 2376  Appinfo - ok
11:11:28.0135 2376  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:11:28.0135 2376  AppMgmt - ok
11:11:28.0150 2376  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:11:28.0150 2376  arc - ok
11:11:28.0181 2376  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:11:28.0181 2376  arcsas - ok
11:11:28.0259 2376  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:11:28.0291 2376  aspnet_state - ok
11:11:28.0337 2376  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:11:28.0337 2376  AsyncMac - ok
11:11:28.0353 2376  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:11:28.0353 2376  atapi - ok
11:11:28.0384 2376  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:11:28.0384 2376  AudioEndpointBuilder - ok
11:11:28.0400 2376  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:11:28.0400 2376  AudioSrv - ok
11:11:28.0415 2376  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:11:28.0431 2376  AxInstSV - ok
11:11:28.0447 2376  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:11:28.0447 2376  b06bdrv - ok
11:11:28.0462 2376  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:11:28.0462 2376  b57nd60a - ok
11:11:28.0493 2376  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:11:28.0493 2376  BDESVC - ok
11:11:28.0509 2376  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:11:28.0509 2376  Beep - ok
11:11:28.0540 2376  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:11:28.0556 2376  BFE - ok
11:11:28.0571 2376  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:11:28.0587 2376  BITS - ok
11:11:28.0603 2376  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:11:28.0603 2376  blbdrive - ok
11:11:28.0634 2376  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:11:28.0634 2376  bowser - ok
11:11:28.0665 2376  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:11:28.0665 2376  BrFiltLo - ok
11:11:28.0681 2376  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:11:28.0681 2376  BrFiltUp - ok
11:11:28.0712 2376  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:11:28.0712 2376  BridgeMP - ok
11:11:28.0727 2376  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:11:28.0727 2376  Browser - ok
11:11:28.0759 2376  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:11:28.0759 2376  Brserid - ok
11:11:28.0774 2376  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:11:28.0774 2376  BrSerWdm - ok
11:11:28.0790 2376  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:11:28.0790 2376  BrUsbMdm - ok
11:11:28.0805 2376  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:11:28.0805 2376  BrUsbSer - ok
11:11:28.0821 2376  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:11:28.0821 2376  BTHMODEM - ok
11:11:28.0868 2376  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:11:28.0868 2376  bthserv - ok
11:11:28.0977 2376  catchme - ok
11:11:28.0993 2376  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:11:28.0993 2376  cdfs - ok
11:11:29.0024 2376  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:11:29.0024 2376  cdrom - ok
11:11:29.0055 2376  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:11:29.0055 2376  CertPropSvc - ok
11:11:29.0086 2376  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:11:29.0086 2376  circlass - ok
11:11:29.0102 2376  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:11:29.0102 2376  CLFS - ok
11:11:29.0149 2376  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:11:29.0149 2376  clr_optimization_v2.0.50727_32 - ok
11:11:29.0164 2376  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:11:29.0180 2376  clr_optimization_v2.0.50727_64 - ok
11:11:29.0211 2376  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:11:29.0242 2376  clr_optimization_v4.0.30319_32 - ok
11:11:29.0258 2376  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:11:29.0258 2376  clr_optimization_v4.0.30319_64 - ok
11:11:29.0305 2376  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
11:11:29.0305 2376  CmBatt - ok
11:11:29.0320 2376  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:11:29.0336 2376  cmdide - ok
11:11:29.0351 2376  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:11:29.0367 2376  CNG - ok
11:11:29.0383 2376  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:11:29.0383 2376  Compbatt - ok
11:11:29.0398 2376  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:11:29.0414 2376  CompositeBus - ok
11:11:29.0414 2376  COMSysApp - ok
11:11:29.0461 2376  [ AA7A157729FB504E1EED535F2F6AD1C0 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
11:11:29.0461 2376  cphs - ok
11:11:29.0492 2376  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:11:29.0492 2376  crcdisk - ok
11:11:29.0523 2376  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:11:29.0539 2376  CryptSvc - ok
11:11:29.0554 2376  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:11:29.0554 2376  CSC - ok
11:11:29.0585 2376  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:11:29.0585 2376  CscService - ok
11:11:29.0617 2376  [ D3FAC3926974F22F91E4C9E053DAD07F ] DAMDrv          C:\Windows\system32\DRIVERS\DAMDrv64.sys
11:11:29.0617 2376  DAMDrv - ok
11:11:29.0648 2376  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:11:29.0663 2376  DcomLaunch - ok
11:11:29.0679 2376  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:11:29.0679 2376  defragsvc - ok
11:11:29.0695 2376  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:11:29.0695 2376  DfsC - ok
11:11:29.0710 2376  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:11:29.0726 2376  Dhcp - ok
11:11:29.0741 2376  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:11:29.0741 2376  discache - ok
11:11:29.0773 2376  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:11:29.0788 2376  Disk - ok
11:11:29.0804 2376  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:11:29.0804 2376  dmvsc - ok
11:11:29.0835 2376  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:11:29.0835 2376  Dnscache - ok
11:11:29.0866 2376  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:11:29.0866 2376  dot3svc - ok
11:11:29.0929 2376  [ ABC44B9AA588432B3031E961E8374147 ] DpHost          c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
11:11:29.0944 2376  DpHost - ok
11:11:29.0975 2376  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:11:29.0975 2376  DPS - ok
11:11:30.0022 2376  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:11:30.0022 2376  drmkaud - ok
11:11:30.0053 2376  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:11:30.0053 2376  DXGKrnl - ok
11:11:30.0085 2376  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:11:30.0085 2376  EapHost - ok
11:11:30.0147 2376  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:11:30.0194 2376  ebdrv - ok
11:11:30.0225 2376  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:11:30.0225 2376  EFS - ok
11:11:30.0303 2376  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:11:30.0303 2376  ehRecvr - ok
11:11:30.0334 2376  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:11:30.0334 2376  ehSched - ok
11:11:30.0365 2376  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:11:30.0365 2376  elxstor - ok
11:11:30.0397 2376  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:11:30.0397 2376  ErrDev - ok
11:11:30.0428 2376  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:11:30.0428 2376  EventSystem - ok
11:11:30.0459 2376  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:11:30.0459 2376  exfat - ok
11:11:30.0475 2376  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:11:30.0475 2376  fastfat - ok
11:11:30.0506 2376  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:11:30.0521 2376  Fax - ok
11:11:30.0537 2376  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:11:30.0537 2376  fdc - ok
11:11:30.0537 2376  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:11:30.0553 2376  fdPHost - ok
11:11:30.0553 2376  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:11:30.0553 2376  FDResPub - ok
11:11:30.0568 2376  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:11:30.0568 2376  FileInfo - ok
11:11:30.0584 2376  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:11:30.0584 2376  Filetrace - ok
11:11:30.0631 2376  [ 84E05C54DE5EECC3C6A549A2863D0FBE ] FLCDLOCK        c:\Windows\SysWOW64\flcdlock.exe
11:11:30.0631 2376  FLCDLOCK - ok
11:11:30.0646 2376  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:11:30.0646 2376  flpydisk - ok
11:11:30.0677 2376  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:11:30.0677 2376  FltMgr - ok
11:11:30.0709 2376  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:11:30.0724 2376  FontCache - ok
11:11:30.0771 2376  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:11:30.0771 2376  FontCache3.0.0.0 - ok
11:11:30.0787 2376  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:11:30.0787 2376  FsDepends - ok
11:11:30.0818 2376  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:11:30.0818 2376  Fs_Rec - ok
11:11:30.0849 2376  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:11:30.0849 2376  fvevol - ok
11:11:30.0865 2376  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:11:30.0865 2376  gagp30kx - ok
11:11:30.0943 2376  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:11:30.0974 2376  GamesAppService - ok
11:11:31.0005 2376  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:11:31.0021 2376  gpsvc - ok
11:11:31.0099 2376  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:11:31.0130 2376  gupdate - ok
11:11:31.0130 2376  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:11:31.0130 2376  gupdatem - ok
11:11:31.0145 2376  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:11:31.0145 2376  hcw85cir - ok
11:11:31.0177 2376  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:11:31.0177 2376  HdAudAddService - ok
11:11:31.0192 2376  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:11:31.0192 2376  HDAudBus - ok
11:11:31.0208 2376  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:11:31.0208 2376  HidBatt - ok
11:11:31.0223 2376  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:11:31.0223 2376  HidBth - ok
11:11:31.0255 2376  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:11:31.0255 2376  HidIr - ok
11:11:31.0270 2376  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
11:11:31.0270 2376  hidserv - ok
11:11:31.0286 2376  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:11:31.0301 2376  HidUsb - ok
11:11:31.0333 2376  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:11:31.0333 2376  hkmsvc - ok
11:11:31.0348 2376  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:11:31.0364 2376  HomeGroupListener - ok
11:11:31.0379 2376  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:11:31.0379 2376  HomeGroupProvider - ok
11:11:31.0457 2376  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:11:31.0489 2376  HP Support Assistant Service - ok
11:11:31.0520 2376  [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto          C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:11:31.0520 2376  HPAuto - ok
11:11:31.0551 2376  [ 882B2F20B3684E3126FA2137E851BE4B ] HPFSService     c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
11:11:31.0582 2376  HPFSService - ok
11:11:31.0629 2376  [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:11:31.0707 2376  hpqwmiex - ok
11:11:31.0754 2376  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:11:31.0754 2376  HpSAMD - ok
11:11:31.0801 2376  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:11:31.0801 2376  HTTP - ok
11:11:31.0816 2376  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:11:31.0816 2376  hwpolicy - ok
11:11:31.0847 2376  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:11:31.0847 2376  i8042prt - ok
11:11:31.0879 2376  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:11:31.0879 2376  iaStorV - ok
11:11:31.0925 2376  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:11:31.0925 2376  idsvc - ok
11:11:32.0128 2376  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:11:32.0315 2376  igfx - ok
11:11:32.0331 2376  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:11:32.0331 2376  iirsp - ok
11:11:32.0378 2376  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:11:32.0378 2376  IKEEXT - ok
11:11:32.0456 2376  [ 68E799ADC93086EA170D3314DF23BEDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:11:32.0503 2376  IntcAzAudAddService - ok
11:11:32.0534 2376  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:11:32.0534 2376  intelide - ok
11:11:32.0565 2376  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:11:32.0565 2376  intelppm - ok
11:11:32.0565 2376  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:11:32.0581 2376  IPBusEnum - ok
11:11:32.0596 2376  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:11:32.0596 2376  IpFilterDriver - ok
11:11:32.0643 2376  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:11:32.0643 2376  iphlpsvc - ok
11:11:32.0659 2376  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:11:32.0674 2376  IPMIDRV - ok
11:11:32.0690 2376  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:11:32.0690 2376  IPNAT - ok
11:11:32.0705 2376  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:11:32.0705 2376  IRENUM - ok
11:11:32.0721 2376  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:11:32.0721 2376  isapnp - ok
11:11:32.0737 2376  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:11:32.0737 2376  iScsiPrt - ok
11:11:32.0768 2376  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:11:32.0783 2376  kbdclass - ok
11:11:32.0815 2376  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:11:32.0830 2376  kbdhid - ok
11:11:32.0877 2376  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:11:32.0877 2376  KeyIso - ok
11:11:32.0893 2376  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:11:32.0893 2376  KSecDD - ok
11:11:32.0908 2376  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:11:32.0908 2376  KSecPkg - ok
11:11:32.0924 2376  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:11:32.0924 2376  ksthunk - ok
11:11:32.0939 2376  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:11:32.0955 2376  KtmRm - ok
11:11:32.0971 2376  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:11:32.0971 2376  LanmanServer - ok
11:11:32.0986 2376  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:11:32.0986 2376  LanmanWorkstation - ok
11:11:33.0033 2376  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:11:33.0033 2376  lltdio - ok
11:11:33.0049 2376  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:11:33.0049 2376  lltdsvc - ok
11:11:33.0080 2376  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:11:33.0080 2376  lmhosts - ok
11:11:33.0127 2376  [ BF22ACF4CF3734D61357E67F0521BC03 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:11:33.0158 2376  LMS - ok
11:11:33.0189 2376  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:11:33.0189 2376  LSI_FC - ok
11:11:33.0205 2376  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:11:33.0205 2376  LSI_SAS - ok
11:11:33.0220 2376  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:11:33.0220 2376  LSI_SAS2 - ok
11:11:33.0236 2376  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:11:33.0236 2376  LSI_SCSI - ok
11:11:33.0267 2376  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:11:33.0267 2376  luafv - ok
11:11:33.0345 2376  [ E1AAEAA0DA0DAAA8D6B45700F02068DE ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
11:11:33.0392 2376  McAfee Endpoint Encryption Agent - ok
11:11:33.0407 2376  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:11:33.0407 2376  Mcx2Svc - ok
11:11:33.0439 2376  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:11:33.0439 2376  megasas - ok
11:11:33.0454 2376  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:11:33.0454 2376  MegaSR - ok
11:11:33.0485 2376  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
11:11:33.0485 2376  MEIx64 - ok
11:11:33.0501 2376  [ D84B8E3762E4BB2259B95E182AC2174A ] MfeEpeOpal      C:\Windows\system32\drivers\MfeEpeOpal.sys
11:11:33.0517 2376  MfeEpeOpal - ok
11:11:33.0548 2376  [ 450CCB1EB733A6ED5AFF8764958281E1 ] MfeEpePc        C:\Windows\system32\drivers\MfeEpePc.sys
11:11:33.0563 2376  MfeEpePc - ok
11:11:33.0579 2376  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:11:33.0579 2376  MMCSS - ok
11:11:33.0595 2376  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:11:33.0595 2376  Modem - ok
11:11:33.0610 2376  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:11:33.0626 2376  monitor - ok
11:11:33.0641 2376  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:11:33.0657 2376  mouclass - ok
11:11:33.0688 2376  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:11:33.0704 2376  mouhid - ok
11:11:33.0735 2376  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:11:33.0735 2376  mountmgr - ok
11:11:33.0766 2376  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:11:33.0766 2376  mpio - ok
11:11:33.0782 2376  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:11:33.0782 2376  mpsdrv - ok
11:11:33.0813 2376  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:11:33.0829 2376  MpsSvc - ok
11:11:33.0844 2376  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:11:33.0860 2376  MRxDAV - ok
11:11:33.0875 2376  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:11:33.0875 2376  mrxsmb - ok
11:11:33.0907 2376  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:11:33.0907 2376  mrxsmb10 - ok
11:11:33.0922 2376  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:11:33.0922 2376  mrxsmb20 - ok
11:11:33.0938 2376  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:11:33.0938 2376  msahci - ok
11:11:33.0969 2376  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:11:33.0969 2376  msdsm - ok
11:11:33.0985 2376  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:11:33.0985 2376  MSDTC - ok
11:11:34.0016 2376  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:11:34.0016 2376  Msfs - ok
11:11:34.0031 2376  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:11:34.0031 2376  mshidkmdf - ok
11:11:34.0047 2376  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:11:34.0047 2376  msisadrv - ok
11:11:34.0078 2376  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:11:34.0078 2376  MSiSCSI - ok
11:11:34.0078 2376  msiserver - ok
11:11:34.0094 2376  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:11:34.0094 2376  MSKSSRV - ok
11:11:34.0109 2376  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:11:34.0109 2376  MSPCLOCK - ok
11:11:34.0109 2376  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:11:34.0109 2376  MSPQM - ok
11:11:34.0141 2376  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:11:34.0141 2376  MsRPC - ok
11:11:34.0187 2376  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:11:34.0187 2376  mssmbios - ok
11:11:34.0187 2376  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:11:34.0187 2376  MSTEE - ok
11:11:34.0219 2376  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:11:34.0219 2376  MTConfig - ok
11:11:34.0219 2376  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:11:34.0234 2376  Mup - ok
11:11:34.0250 2376  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:11:34.0265 2376  napagent - ok
11:11:34.0297 2376  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:11:34.0312 2376  NativeWifiP - ok
11:11:34.0343 2376  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:11:34.0359 2376  NDIS - ok
11:11:34.0359 2376  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:11:34.0359 2376  NdisCap - ok
11:11:34.0375 2376  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:11:34.0375 2376  NdisTapi - ok
11:11:34.0375 2376  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:11:34.0375 2376  Ndisuio - ok
11:11:34.0390 2376  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:11:34.0390 2376  NdisWan - ok
11:11:34.0406 2376  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:11:34.0406 2376  NDProxy - ok
11:11:34.0406 2376  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:11:34.0421 2376  NetBIOS - ok
11:11:34.0421 2376  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:11:34.0421 2376  NetBT - ok
11:11:34.0453 2376  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:11:34.0453 2376  Netlogon - ok
11:11:34.0484 2376  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:11:34.0499 2376  Netman - ok
11:11:34.0531 2376  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:34.0546 2376  NetMsmqActivator - ok
11:11:34.0562 2376  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:34.0562 2376  NetPipeActivator - ok
11:11:34.0577 2376  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:11:34.0577 2376  netprofm - ok
11:11:34.0577 2376  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:34.0577 2376  NetTcpActivator - ok
11:11:34.0593 2376  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:34.0593 2376  NetTcpPortSharing - ok
11:11:34.0609 2376  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:11:34.0609 2376  nfrd960 - ok
11:11:34.0624 2376  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:11:34.0624 2376  NlaSvc - ok
11:11:34.0640 2376  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:11:34.0640 2376  Npfs - ok
11:11:34.0655 2376  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:11:34.0655 2376  nsi - ok
11:11:34.0655 2376  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:11:34.0655 2376  nsiproxy - ok
11:11:34.0702 2376  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:11:34.0733 2376  Ntfs - ok
11:11:34.0733 2376  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:11:34.0733 2376  Null - ok
11:11:34.0765 2376  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:11:34.0765 2376  nvraid - ok
11:11:34.0780 2376  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:11:34.0780 2376  nvstor - ok
11:11:34.0811 2376  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:11:34.0811 2376  nv_agp - ok
11:11:34.0827 2376  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:11:34.0827 2376  ohci1394 - ok
11:11:34.0889 2376  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:11:34.0889 2376  ose - ok
11:11:34.0983 2376  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:11:35.0045 2376  osppsvc - ok
11:11:35.0077 2376  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:11:35.0077 2376  p2pimsvc - ok
11:11:35.0092 2376  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:11:35.0108 2376  p2psvc - ok
11:11:35.0123 2376  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:11:35.0139 2376  Parport - ok
11:11:35.0155 2376  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:11:35.0155 2376  partmgr - ok
11:11:35.0170 2376  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:11:35.0170 2376  PcaSvc - ok
11:11:35.0186 2376  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:11:35.0186 2376  pci - ok
11:11:35.0201 2376  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:11:35.0201 2376  pciide - ok
11:11:35.0217 2376  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:11:35.0233 2376  pcmcia - ok
11:11:35.0248 2376  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:11:35.0248 2376  pcw - ok
11:11:35.0264 2376  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:11:35.0279 2376  PEAUTH - ok
11:11:35.0311 2376  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:11:35.0326 2376  PeerDistSvc - ok
11:11:35.0357 2376  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:11:35.0357 2376  PerfHost - ok
11:11:35.0389 2376  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:11:35.0420 2376  pla - ok
11:11:35.0451 2376  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:11:35.0451 2376  PlugPlay - ok
11:11:35.0467 2376  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:11:35.0467 2376  PNRPAutoReg - ok
11:11:35.0482 2376  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:11:35.0482 2376  PNRPsvc - ok
11:11:35.0513 2376  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:11:35.0513 2376  PolicyAgent - ok
11:11:35.0545 2376  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:11:35.0545 2376  Power - ok
11:11:35.0576 2376  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:11:35.0576 2376  PptpMiniport - ok
11:11:35.0591 2376  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:11:35.0591 2376  Processor - ok
11:11:35.0623 2376  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:11:35.0623 2376  ProfSvc - ok
11:11:35.0638 2376  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:11:35.0638 2376  ProtectedStorage - ok
11:11:35.0669 2376  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:11:35.0669 2376  Psched - ok
11:11:35.0716 2376  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:11:35.0747 2376  ql2300 - ok
11:11:35.0779 2376  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:11:35.0779 2376  ql40xx - ok
11:11:35.0794 2376  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:11:35.0810 2376  QWAVE - ok
11:11:35.0810 2376  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:11:35.0810 2376  QWAVEdrv - ok
11:11:35.0825 2376  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:11:35.0825 2376  RasAcd - ok
11:11:35.0841 2376  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:11:35.0841 2376  RasAgileVpn - ok
11:11:35.0841 2376  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:11:35.0841 2376  RasAuto - ok
11:11:35.0857 2376  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:11:35.0872 2376  Rasl2tp - ok
11:11:35.0903 2376  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:11:35.0903 2376  RasMan - ok
11:11:35.0919 2376  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:11:35.0919 2376  RasPppoe - ok
11:11:35.0919 2376  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:11:35.0919 2376  RasSstp - ok
11:11:35.0935 2376  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:11:35.0950 2376  rdbss - ok
11:11:35.0950 2376  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
11:11:35.0950 2376  rdpbus - ok
11:11:35.0966 2376  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:11:35.0966 2376  RDPCDD - ok
11:11:35.0981 2376  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:11:35.0981 2376  RDPDR - ok
11:11:35.0997 2376  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:11:35.0997 2376  RDPENCDD - ok
11:11:36.0013 2376  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:11:36.0013 2376  RDPREFMP - ok
11:11:36.0028 2376  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:11:36.0028 2376  RDPWD - ok
11:11:36.0044 2376  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:11:36.0044 2376  rdyboost - ok
11:11:36.0075 2376  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:11:36.0075 2376  RemoteAccess - ok
11:11:36.0091 2376  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:11:36.0091 2376  RemoteRegistry - ok
11:11:36.0106 2376  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:11:36.0122 2376  RpcEptMapper - ok
11:11:36.0137 2376  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:11:36.0137 2376  RpcLocator - ok
11:11:36.0153 2376  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:11:36.0153 2376  RpcSs - ok
11:11:36.0169 2376  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:11:36.0169 2376  rspndr - ok
11:11:36.0200 2376  [ 39A719875F572241C585A629EE62EB14 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:11:36.0247 2376  RTL8167 - ok
11:11:36.0262 2376  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:11:36.0262 2376  s3cap - ok
11:11:36.0278 2376  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:11:36.0278 2376  SamSs - ok
11:11:36.0309 2376  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:11:36.0309 2376  SASDIFSV - ok
11:11:36.0325 2376  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:11:36.0325 2376  SASKUTIL - ok
11:11:36.0340 2376  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:11:36.0340 2376  sbp2port - ok
11:11:36.0356 2376  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:11:36.0356 2376  SCardSvr - ok
11:11:36.0371 2376  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:11:36.0371 2376  scfilter - ok
11:11:36.0387 2376  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:11:36.0403 2376  Schedule - ok
11:11:36.0418 2376  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:11:36.0418 2376  SCPolicySvc - ok
11:11:36.0434 2376  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:11:36.0434 2376  SDRSVC - ok
11:11:36.0449 2376  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:11:36.0449 2376  secdrv - ok
11:11:36.0481 2376  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:11:36.0481 2376  seclogon - ok
11:11:36.0496 2376  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
11:11:36.0512 2376  SENS - ok
11:11:36.0527 2376  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:11:36.0527 2376  SensrSvc - ok
11:11:36.0543 2376  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:11:36.0543 2376  Serenum - ok
11:11:36.0559 2376  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:11:36.0559 2376  Serial - ok
11:11:36.0590 2376  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:11:36.0590 2376  sermouse - ok
11:11:36.0605 2376  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:11:36.0621 2376  SessionEnv - ok
11:11:36.0621 2376  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:11:36.0621 2376  sffdisk - ok
11:11:36.0637 2376  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:11:36.0637 2376  sffp_mmc - ok
11:11:36.0652 2376  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:11:36.0652 2376  sffp_sd - ok
11:11:36.0683 2376  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:11:36.0683 2376  sfloppy - ok
11:11:36.0699 2376  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:11:36.0715 2376  SharedAccess - ok
11:11:36.0730 2376  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:11:36.0730 2376  ShellHWDetection - ok
11:11:36.0761 2376  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:11:36.0761 2376  SiSRaid2 - ok
11:11:36.0777 2376  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:11:36.0777 2376  SiSRaid4 - ok
11:11:36.0793 2376  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:11:36.0793 2376  Smb - ok
11:11:36.0808 2376  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:11:36.0824 2376  SNMPTRAP - ok
11:11:36.0839 2376  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:11:36.0839 2376  spldr - ok
11:11:36.0855 2376  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:11:36.0855 2376  Spooler - ok
11:11:36.0902 2376  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:11:36.0949 2376  sppsvc - ok
11:11:36.0964 2376  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:11:36.0964 2376  sppuinotify - ok
11:11:36.0980 2376  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:11:36.0995 2376  srv - ok
11:11:37.0011 2376  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:11:37.0011 2376  srv2 - ok
11:11:37.0027 2376  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:11:37.0042 2376  srvnet - ok
11:11:37.0058 2376  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:11:37.0058 2376  SSDPSRV - ok
11:11:37.0089 2376  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:11:37.0089 2376  SstpSvc - ok
11:11:37.0105 2376  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:11:37.0105 2376  stexstor - ok
11:11:37.0136 2376  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:11:37.0136 2376  stisvc - ok
11:11:37.0151 2376  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:11:37.0151 2376  storflt - ok
11:11:37.0167 2376  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:11:37.0167 2376  StorSvc - ok
11:11:37.0183 2376  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:11:37.0198 2376  storvsc - ok
11:11:37.0229 2376  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:11:37.0229 2376  swenum - ok
11:11:37.0245 2376  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:11:37.0261 2376  swprv - ok
11:11:37.0292 2376  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:11:37.0323 2376  SysMain - ok
11:11:37.0339 2376  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:11:37.0339 2376  TabletInputService - ok
11:11:37.0354 2376  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:11:37.0354 2376  TapiSrv - ok
11:11:37.0370 2376  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:11:37.0370 2376  TBS - ok
11:11:37.0417 2376  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:11:37.0448 2376  Tcpip - ok
11:11:37.0479 2376  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:11:37.0495 2376  TCPIP6 - ok
11:11:37.0510 2376  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:11:37.0526 2376  tcpipreg - ok
11:11:37.0541 2376  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:11:37.0541 2376  TDPIPE - ok
11:11:37.0573 2376  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:11:37.0573 2376  TDTCP - ok
11:11:37.0588 2376  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:11:37.0588 2376  tdx - ok
11:11:37.0604 2376  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:11:37.0604 2376  TermDD - ok
11:11:37.0635 2376  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:11:37.0651 2376  TermService - ok
11:11:37.0651 2376  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:11:37.0666 2376  Themes - ok
11:11:37.0666 2376  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:11:37.0666 2376  THREADORDER - ok
11:11:37.0697 2376  [ 95AB85CF9C7EDC62845D21BB596B0093 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
11:11:37.0697 2376  tmactmon - ok
11:11:37.0729 2376  [ 0B975F08621CADF7F8EC164E1A991CF3 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
11:11:37.0729 2376  tmcomm - ok
11:11:37.0729 2376  [ AEA9012CFC3C4B2A167B210C523B9B65 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
11:11:37.0729 2376  tmevtmgr - ok
11:11:37.0807 2376  [ 2C5BDCB2EFAB4CA5B88DAF2C97A5794D ] TmListen        C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
11:11:37.0807 2376  TmListen - ok
11:11:37.0822 2376  [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
11:11:37.0822 2376  tmtdi - ok
11:11:37.0853 2376  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:11:37.0853 2376  TrkWks - ok
11:11:37.0900 2376  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:11:37.0900 2376  TrustedInstaller - ok
11:11:37.0931 2376  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:11:37.0931 2376  tssecsrv - ok
11:11:37.0963 2376  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:11:37.0978 2376  TsUsbFlt - ok
11:11:37.0994 2376  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:11:37.0994 2376  TsUsbGD - ok
11:11:38.0025 2376  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:11:38.0025 2376  tunnel - ok
11:11:38.0041 2376  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:11:38.0041 2376  uagp35 - ok
11:11:38.0056 2376  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:11:38.0072 2376  udfs - ok
11:11:38.0103 2376  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:11:38.0103 2376  UI0Detect - ok
11:11:38.0119 2376  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:11:38.0119 2376  uliagpkx - ok
11:11:38.0134 2376  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:11:38.0134 2376  umbus - ok
11:11:38.0165 2376  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:11:38.0165 2376  UmPass - ok
11:11:38.0197 2376  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:11:38.0197 2376  UmRdpService - ok
11:11:38.0212 2376  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:11:38.0212 2376  upnphost - ok
11:11:38.0243 2376  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:11:38.0259 2376  usbccgp - ok
11:11:38.0275 2376  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:11:38.0275 2376  usbcir - ok
11:11:38.0290 2376  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:11:38.0290 2376  usbehci - ok
11:11:38.0321 2376  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
11:11:38.0337 2376  usbhub - ok
11:11:38.0353 2376  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:11:38.0353 2376  usbohci - ok
11:11:38.0368 2376  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:11:38.0368 2376  usbprint - ok
11:11:38.0384 2376  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:11:38.0399 2376  USBSTOR - ok
11:11:38.0415 2376  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:11:38.0431 2376  usbuhci - ok
11:11:38.0446 2376  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:11:38.0446 2376  UxSms - ok
11:11:38.0462 2376  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:11:38.0462 2376  VaultSvc - ok
11:11:38.0477 2376  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:11:38.0477 2376  vdrvroot - ok
11:11:38.0493 2376  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:11:38.0509 2376  vds - ok
11:11:38.0540 2376  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:11:38.0540 2376  vga - ok
11:11:38.0555 2376  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:11:38.0555 2376  VgaSave - ok
11:11:38.0571 2376  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:11:38.0571 2376  vhdmp - ok
11:11:38.0587 2376  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:11:38.0587 2376  viaide - ok
11:11:38.0602 2376  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:11:38.0602 2376  vmbus - ok
11:11:38.0633 2376  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:11:38.0633 2376  VMBusHID - ok
11:11:38.0633 2376  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:11:38.0633 2376  volmgr - ok
11:11:38.0649 2376  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:11:38.0649 2376  volmgrx - ok
11:11:38.0665 2376  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:11:38.0696 2376  volsnap - ok
11:11:38.0727 2376  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:11:38.0727 2376  vsmraid - ok
11:11:38.0758 2376  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:11:38.0774 2376  VSS - ok
11:11:38.0805 2376  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:11:38.0805 2376  vwifibus - ok
11:11:38.0805 2376  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:11:38.0821 2376  W32Time - ok
11:11:38.0836 2376  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:11:38.0836 2376  WacomPen - ok
11:11:38.0867 2376  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:11:38.0867 2376  WANARP - ok
11:11:38.0867 2376  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:11:38.0867 2376  Wanarpv6 - ok
11:11:38.0883 2376  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:11:38.0899 2376  wbengine - ok
11:11:38.0914 2376  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:11:38.0914 2376  WbioSrvc - ok
11:11:38.0930 2376  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:11:38.0930 2376  wcncsvc - ok
11:11:38.0945 2376  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:11:38.0945 2376  WcsPlugInService - ok
11:11:38.0961 2376  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:11:38.0961 2376  Wd - ok
11:11:38.0977 2376  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:11:38.0992 2376  Wdf01000 - ok
11:11:39.0008 2376  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:11:39.0008 2376  WdiServiceHost - ok
11:11:39.0008 2376  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:11:39.0008 2376  WdiSystemHost - ok
11:11:39.0008 2376  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:11:39.0023 2376  WebClient - ok
11:11:39.0023 2376  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:11:39.0023 2376  Wecsvc - ok
11:11:39.0039 2376  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:11:39.0039 2376  wercplsupport - ok
11:11:39.0055 2376  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:11:39.0055 2376  WerSvc - ok
11:11:39.0055 2376  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:11:39.0055 2376  WfpLwf - ok
11:11:39.0070 2376  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:11:39.0070 2376  WIMMount - ok
11:11:39.0086 2376  WinDefend - ok
11:11:39.0101 2376  WinHttpAutoProxySvc - ok
11:11:39.0148 2376  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:11:39.0148 2376  Winmgmt - ok
11:11:39.0179 2376  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:11:39.0211 2376  WinRM - ok
11:11:39.0226 2376  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:11:39.0242 2376  Wlansvc - ok
11:11:39.0273 2376  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:11:39.0273 2376  WmiAcpi - ok
11:11:39.0289 2376  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:11:39.0289 2376  wmiApSrv - ok
11:11:39.0304 2376  WMPNetworkSvc - ok
11:11:39.0320 2376  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:11:39.0320 2376  WPCSvc - ok
11:11:39.0335 2376  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:11:39.0335 2376  WPDBusEnum - ok
11:11:39.0367 2376  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:11:39.0367 2376  ws2ifsl - ok
11:11:39.0382 2376  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
11:11:39.0382 2376  wscsvc - ok
11:11:39.0382 2376  WSearch - ok
11:11:39.0445 2376  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:11:39.0476 2376  wuauserv - ok
11:11:39.0491 2376  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:11:39.0507 2376  WudfPf - ok
11:11:39.0538 2376  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:11:39.0538 2376  WUDFRd - ok
11:11:39.0538 2376  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:11:39.0538 2376  wudfsvc - ok
11:11:39.0554 2376  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:11:39.0554 2376  WwanSvc - ok
11:11:39.0569 2376  ================ Scan global ===============================
11:11:39.0585 2376  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:11:39.0616 2376  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:11:39.0632 2376  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:11:39.0663 2376  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:11:39.0694 2376  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:11:39.0694 2376  [Global] - ok
11:11:39.0694 2376  ================ Scan MBR ==================================
11:11:39.0710 2376  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:11:39.0897 2376  \Device\Harddisk0\DR0 - ok
11:11:39.0897 2376  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
11:11:41.0504 2376  \Device\Harddisk1\DR1 - ok
11:11:41.0504 2376  ================ Scan VBR ==================================
11:11:41.0504 2376  [ 35C5E94E17BAC56F05DECEBFAF7B681C ] \Device\Harddisk0\DR0\Partition1
11:11:41.0504 2376  \Device\Harddisk0\DR0\Partition1 - ok
11:11:41.0504 2376  [ A090FEB78D1E35C5222B7555DC8B4B58 ] \Device\Harddisk0\DR0\Partition2
11:11:41.0504 2376  \Device\Harddisk0\DR0\Partition2 - ok
11:11:41.0535 2376  [ 397FAE3EF9331C49A8037167B3A96367 ] \Device\Harddisk0\DR0\Partition3
11:11:41.0535 2376  \Device\Harddisk0\DR0\Partition3 - ok
11:11:41.0551 2376  [ B3081945AC96A6F3E504BA1E03006EA0 ] \Device\Harddisk1\DR1\Partition1
11:11:41.0551 2376  \Device\Harddisk1\DR1\Partition1 - ok
11:11:41.0551 2376  ============================================================
11:11:41.0551 2376  Scan finished
11:11:41.0551 2376  ============================================================
11:11:41.0551 2952  Detected object count: 0
11:11:41.0551 2952  Actual detected object count: 0
11:11:44.0359 3644  Deinitialize success

 

----------------------

 

ComboFix 13-07-30.02 - Ineke 30-07-2013  15:13:05.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.31.1043.18.3984.2621 [GMT 2:00]
Gestart vanuit: \\SBS2011\RedirectedFolders\ineke\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dff52d8f-2bd8-4d43-9dfc-2b5f0ad487b3
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-06-28 to 2013-07-30  ))))))))))))))))))))))))))))))
.
.
2013-07-30 12:04 . 2013-02-16 23:40    28672    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-07-30 11:58 . 2013-07-30 11:58    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 11:53 . 2013-07-30 11:53    --------    d-----w-    c:\users\ineke\AppData\Local\Apps
2013-07-30 11:53 . 2013-07-30 11:54    --------    d-----w-    c:\users\ineke\AppData\Local\Deployment
2013-07-30 11:26 . 2013-07-30 11:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-30 11:26 . 2013-07-30 11:28    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-30 06:07 . 2013-07-30 06:13    234544    ----a-w-    c:\windows\RegBootClean64.exe
2013-07-30 06:07 . 2013-07-30 06:13    22064    ----a-w-    c:\windows\DCEBoot64.exe
2013-07-30 06:05 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FE7E66E-DDE9-4924-A336-39473526E5F4}\mpengine.dll
2013-07-16 06:10 . 2013-07-30 06:10    --------    d-----w-    c:\users\ineke\AppData\Roaming\Poco
2013-07-16 06:10 . 2013-07-25 11:39    --------    d-----w-    c:\users\ineke\AppData\Roaming\Xyeqinu
2013-07-10 01:06 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:06 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 01:06 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:06 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:06 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:06 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:06 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:06 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 01:06 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 01:06 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:06 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:01 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 01:01 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:01 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:01 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:01 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:01 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-05 12:43 . 2013-07-05 12:43    --------    d-----w-    c:\users\ineke\AppData\Roaming\SUPERAntiSpyware.com
2013-07-05 12:42 . 2013-07-05 12:43    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-07-05 12:42 . 2013-07-05 12:42    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 13:10 . 2013-06-26 13:10    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:10 . 2013-05-28 10:32    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 13:10 . 2013-05-28 10:32    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-28 13:05 . 2013-06-18 12:51    163328    ----a-w-    c:\windows\SysWow64\FlashPlayerUpdateService.exe
2013-05-13 05:51 . 2013-06-12 06:53    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 06:53    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:51 . 2013-06-12 06:53    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:50 . 2013-06-12 06:53    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 06:53    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 06:53    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 06:53    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 06:53    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-08 06:39 . 2013-06-12 06:54    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-09-04 23:44    75680    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 02774691
*Deregistered* - 02774691
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 11:54    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 13:05]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
.
--------- X64 Entries -----------
.
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60438
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60438
TCP: DhcpNameServer = 10.0.0.3
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-02774691.sys
SafeBoot-21515970.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-07-30  15:17:12
ComboFix-quarantined-files.txt  2013-07-30 13:17
.
Pre-Run: 434.681.921.536 bytes beschikbaar
Post-Run: 434.540.445.696 bytes beschikbaar
.
- - End Of File - - CB3BCBF369AA4651DEE857303658A5D2
A36C5E4F47E84449FF07ED3517B43A31
 


Edited by MarkV74, 08 August 2013 - 04:18 AM.


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 08 August 2013 - 06:32 AM

Hi,

 

Thanks for posting that.  Since it has been a few days since running ComboFix please run a new scan.  If it asks you if you would like to update, be sure to accept and then post the new log.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 MarkV74

MarkV74
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 August 2013 - 08:17 AM

Here you go, a fresh log of ComboFix:

 

ComboFix 13-08-07.01 - Ineke 08-08-2013  15:08:18.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.31.1043.18.3984.2960 [GMT 2:00]
Gestart vanuit: c:\temp\AV\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\a37c6ae8-eecf-4a91-a047-b7568526f5cd
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-07-08 to 2013-08-08  ))))))))))))))))))))))))))))))
.
.
2013-08-08 13:12 . 2013-08-08 13:12    --------    d-----w-    c:\users\setup\AppData\Local\temp
2013-08-08 13:12 . 2013-08-08 13:12    --------    d-----w-    c:\users\escapeict\AppData\Local\temp
2013-08-08 13:12 . 2013-08-08 13:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-08 13:04 . 2010-09-30 14:01    232272    ----a-w-    c:\windows\TmNSCIns.dll
2013-08-08 13:04 . 2006-11-01 21:22    525792    ----a-w-    c:\windows\DIFxAPI.dll
2013-08-01 13:10 . 2013-08-01 13:10    --------    d-----w-    c:\program files\HitmanPro
2013-08-01 13:10 . 2013-08-01 13:22    --------    d-----w-    c:\programdata\HitmanPro
2013-07-31 06:06 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B8EE3E-C48A-46BB-AA88-09B716371BC0}\mpengine.dll
2013-07-30 14:29 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-30 14:29 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-30 13:23 . 2013-07-30 13:23    --------    d-----w-    c:\program files\CCleaner
2013-07-30 12:04 . 2013-02-16 23:40    28672    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-07-30 11:58 . 2013-07-30 11:58    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 11:53 . 2013-07-30 11:53    --------    d-----w-    c:\users\ineke\AppData\Local\Apps
2013-07-30 11:53 . 2013-07-30 11:54    --------    d-----w-    c:\users\ineke\AppData\Local\Deployment
2013-07-30 11:26 . 2013-07-30 11:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-30 11:26 . 2013-07-30 11:28    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-30 06:07 . 2013-07-30 06:13    234544    ----a-w-    c:\windows\RegBootClean64.exe
2013-07-30 06:07 . 2013-07-30 06:13    22064    ----a-w-    c:\windows\DCEBoot64.exe
2013-07-16 06:10 . 2013-07-30 06:10    --------    d-----w-    c:\users\ineke\AppData\Roaming\Poco
2013-07-16 06:10 . 2013-07-25 11:39    --------    d-----w-    c:\users\ineke\AppData\Roaming\Xyeqinu
2013-07-10 01:06 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 01:06 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 01:06 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 01:06 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 01:06 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 01:06 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 01:06 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 01:06 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 01:06 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 01:06 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 01:06 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 01:01 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 01:01 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 01:01 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 01:01 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 01:01 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 01:01 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 13:10 . 2013-06-26 13:10    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:10 . 2013-05-28 10:32    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 13:10 . 2013-05-28 10:32    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 06:53    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 06:53    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:51 . 2013-06-12 06:53    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:50 . 2013-06-12 06:53    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 06:53    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 06:53    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 06:53    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 06:53    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-09 12310616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-09-04 23:44    75680    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 11:54    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60438
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60438
Trusted Zone: mxtoolbox.com\www
TCP: DhcpNameServer = 10.0.5.2
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-08-08  15:13:23
ComboFix-quarantined-files.txt  2013-08-08 13:13
ComboFix2.txt  2013-08-08 13:02
ComboFix3.txt  2013-07-30 13:17
.
Pre-Run: 432.212.164.608 bytes beschikbaar
Post-Run: 431.770.230.784 bytes beschikbaar
.
- - End Of File - - AE2600BD67903BA6347B2F48C4F29EAC
A36C5E4F47E84449FF07ED3517B43A31
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 08 August 2013 - 01:51 PM

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60438
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60438
    Trusted Zone: mxtoolbox.com\www
     
    Folder::
    c:\users\ineke\AppData\Roaming\Poco
    c:\users\ineke\AppData\Roaming\Xyeqinu

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running now.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 MarkV74

MarkV74
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 09 August 2013 - 06:57 AM

Hi Jeff, tx for looking into it. Can you tell what's going with this PC? When the PC was still connected to the internet it was placed on a blacklist because of Torpig activities. I already tried some cleanup, but it reappeared after a reboot, can you tell from the logfiles if the MBR is infected?

 

ComboFix 13-08-07.01 - Ineke 09-08-2013  13:39:05.4.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.31.1043.18.3984.2766 [GMT 2:00]
Gestart vanuit: c:\temp\AV\ComboFix.exe
gebruikte Opdracht switches :: F:\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ineke\AppData\Roaming\Poco
c:\users\ineke\AppData\Roaming\Xyeqinu
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-07-09 to 2013-08-09  ))))))))))))))))))))))))))))))
.
.
2013-08-09 11:42 . 2013-08-09 11:42    --------    d-----w-    c:\users\setup\AppData\Local\temp
2013-08-09 11:42 . 2013-08-09 11:42    --------    d-----w-    c:\users\escapeict\AppData\Local\temp
2013-08-09 11:42 . 2013-08-09 11:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-01 13:10 . 2013-08-01 13:10    --------    d-----w-    c:\program files\HitmanPro
2013-08-01 13:10 . 2013-08-01 13:22    --------    d-----w-    c:\programdata\HitmanPro
2013-07-31 06:06 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6B8EE3E-C48A-46BB-AA88-09B716371BC0}\mpengine.dll
2013-07-30 14:29 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-30 14:29 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-30 13:23 . 2013-07-30 13:23    --------    d-----w-    c:\program files\CCleaner
2013-07-30 12:04 . 2013-02-16 23:40    28672    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-07-30 11:58 . 2013-07-30 11:58    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-30 11:53 . 2013-07-30 11:53    --------    d-----w-    c:\users\ineke\AppData\Local\Apps
2013-07-30 11:53 . 2013-07-30 11:54    --------    d-----w-    c:\users\ineke\AppData\Local\Deployment
2013-07-30 11:26 . 2013-07-30 11:28    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-30 11:26 . 2013-07-30 11:28    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-30 06:07 . 2013-07-30 06:13    234544    ----a-w-    c:\windows\RegBootClean64.exe
2013-07-30 06:07 . 2013-07-30 06:13    22064    ----a-w-    c:\windows\DCEBoot64.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 13:10 . 2013-06-26 13:10    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 13:10 . 2013-05-28 10:32    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-26 13:10 . 2013-05-28 10:32    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-10 01:01    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-10 01:06    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-10 01:06    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-05-13 05:51 . 2013-06-12 06:53    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 06:53    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:51 . 2013-06-12 06:53    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:50 . 2013-06-12 06:53    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 06:53    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 06:53    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 06:53    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 06:53    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 06:53    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-03-09 12310616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-09-04 23:44    75680    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-30 11:54    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-30 11:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-05 439064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-05 170264]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-05 398616]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60438
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60438
TCP: DhcpNameServer = 10.0.5.2
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-08-09  13:43:51
ComboFix-quarantined-files.txt  2013-08-09 11:43
ComboFix2.txt  2013-08-08 13:13
ComboFix3.txt  2013-08-08 13:02
ComboFix4.txt  2013-07-30 13:17
.
Pre-Run: 431.447.334.912 bytes beschikbaar
Post-Run: 431.365.201.920 bytes beschikbaar
.
- - End Of File - - 5EA53C881B604D14D5C51FEB1AD3AFDB
A36C5E4F47E84449FF07ED3517B43A31
 


Edited by MarkV74, 09 August 2013 - 06:59 AM.


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 09 August 2013 - 10:55 AM

Hi,
 
Looks like part of the fix did not work.  Could you move both ComboFix and the CFScript.txt to your Desktop and then run the fix from there again?  Thanks.   :)
 
aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 11 August 2013 - 09:51 AM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 MarkV74

MarkV74
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 12 August 2013 - 06:34 AM

Hi Jeff, sorry for the delay. I had to take the PC back into production so i reinstalled it completly. During installation i recreated the partitions. Before that I already let aswMBR do his work, but it crashes halfway through. Another client of mine called me with the same problems, just picked up the PC and it had the same virus/rootkit/whatever.

 

Both of the clients received a e-mail from Vodaphone with, what it looked like, an MMS message attached. And they are not alone! (http://blog.mxlab.eu/2013/01/22/email-notification-of-vodafone-with-attached-mms-message-in-zip-file-contains-trojan/) This is probably the way they got infected. I don't have more time, so i have to reinstall them both. Shame though, i was really curious what the exact virus/rootkit/whatever was and how it could be cleaned.

 

Thx for your time, maybe next time...

 

Grtz,

Mark



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 12 August 2013 - 06:35 AM

Ok glad you got it sorted anyway and thank you for letting me know.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:02 AM

Posted 13 August 2013 - 06:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users