Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netbook infected with various malware


  • This topic is locked This topic is locked
9 replies to this topic

#1 blujay40

blujay40

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 25 August 2013 - 03:34 PM

My nephew's netbook is in dire need of help.  I have tried to "clean" it up using the various available utilities including Malwarebytes, SAS, etc. and although these remove some of the issues, the main one still remains.

 

The system upon bootup and connecting to the internet, starts playing numerous types of audio recordings from an unknown source that are quite explicit for a young person to be listening to.  Since installing malwarebytes, it is informing me every few seconds that it  has blocked a connection attempt to IP 46.249.61.86 Port 49308  using svchost.  This activity also brings the netbook to basically a standstill and it is very difficult to try and run anything else.

 

If I terminate the internet connection, the audio stops.  Also, by just looking at task manager, I cannot see where any programs or applications are in use or active that would normally be used to play internet audio such as WMP, winamp, vlc, etc.  I also started ending tasks for everything from java to any other elective applications and nothing seems to stop the audio other than disconnecting from the internet.

 

Malwarebytes found a few things including:

Heuristics.Shuriken

PUP.Optional.CrossRider

Assorted GamePlayLab instances.

 

SAS found nothing. 

 

I therefore have come to the conclusion that there must be some "other" more serious background application or service that cannot be removed with these common utilities.

 

Any help in trying to identify and remedy this situation would be greatly appreciated.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490
Run by Owner at 14:33:37 on 2013-08-25
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1015.219 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - c:\program files\common files\homepage protection\HomepageProtection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [HP BTW Detect Program] "c:\program files\hp\HPBTWD.exe"
mRun: [HP] "c:\program files\hewlett-packard\hp quicksync\QuickSync.exe"
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-System: WallpaperStyle = 2
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D} : DHCPNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\075747D616E686F6D656 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\2375942554437393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\9516E63697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\C696E6B6379737 : DHCPNameServer = 68.87.77.130 68.87.72.130
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\D43555E456470275962756C6563737 : DHCPNameServer = 35.8.98.43 35.8.2.41
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2009-3-2 81920]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-25 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-25 701512]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-25 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-25 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-3 52224]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2013-08-25 18:26:35    --------    d-----w-    c:\users\owner\appdata\local\I Want This
2013-08-25 18:26:33    --------    d-----w-    c:\program files\I Want This
2013-08-25 16:58:52    --------    d-----w-    c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2013-08-25 16:58:21    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-08-25 16:58:21    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-08-25 15:01:17    --------    d-----w-    c:\program files\CCleaner
2013-08-25 14:56:37    --------    d-----w-    c:\users\owner\appdata\roaming\Malwarebytes
2013-08-25 14:56:20    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-25 14:56:18    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-25 14:56:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-25 14:56:04    --------    d-----w-    c:\users\owner\appdata\local\Programs
2013-08-25 14:25:17    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-08-25 14:25:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:35:52.07 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 PM

Posted 30 August 2013 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 blujay40

blujay40
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 30 August 2013 - 02:54 PM

Hi Nasdaq,

 

Thank you for your response.

 

After running all three utilites you indicated, the main problem still exists, which is Malwarebytes is popping up a few times stating it was blocking a malicious website with IP 46.249.61.86 Port 49308  using svchost.  This occurs a few times and it looks like it keeps trying different ports until it finally connects and then streaming audio starts.  The audio sounds like there are multiple streams playing at the same time.

 

However, now I was able to see where Windows was now updating where I couldn't get it to do so previously, as well as Windows Defender which also wouldn't run previously.  I figured I would see if there was anything we could do to clean this up vs. just doing a complete restore, so your assistance is greatly appreciated.

 

Requested logs are below.

 

 

AdwCleaner Log

 

# AdwCleaner v3.001 - Report created 30/08/2013 at 12:05:56
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : E:\Netbook\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : DvmMDES

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKLM\Software\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16490


*************************

AdwCleaner[R0].txt - [1342 octets] - [30/08/2013 12:00:32]
AdwCleaner[S0].txt - [1287 octets] - [30/08/2013 12:05:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1347 octets] ##########
 

Junkware Removal Tool Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 7 Starter x86
Ran by Owner on Fri 08/30/2013 at 12:10:30.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066226658}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\Common Files\homepage protection"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/30/2013 at 12:51:45.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

CombFix Log

 

ComboFix 13-08-29.02 - Owner 08/30/2013  14:37:46.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1015.205 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HP\HPBTWD.exe
c:\programdata\Microsoft\Windows\DRM\8842.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 19:30 . 2013-08-30 19:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-30 16:10 . 2013-08-30 16:10    --------    d-----w-    c:\windows\ERUNT
2013-08-30 16:00 . 2013-08-30 16:05    --------    d-----w-    C:\AdwCleaner
2013-08-25 16:58 . 2013-08-25 16:58    --------    d-----w-    c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2013-08-25 16:58 . 2013-08-25 16:58    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-08-25 16:58 . 2013-08-25 16:58    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-08-25 15:01 . 2013-08-25 15:01    --------    d-----w-    c:\program files\CCleaner
2013-08-25 14:56 . 2013-08-25 14:56    --------    d-----w-    c:\users\Owner\AppData\Roaming\Malwarebytes
2013-08-25 14:56 . 2013-08-25 14:56    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-25 14:56 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-25 14:56 . 2013-08-25 14:56    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-25 14:56 . 2013-08-25 14:56    --------    d-----w-    c:\users\Owner\AppData\Local\Programs
2013-08-25 14:25 . 2013-08-25 14:25    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 14:25 . 2012-01-21 17:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 04:18 . 2013-06-19 15:03    7068072    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F60665E-7C49-4848-9A6D-37B2062E67FE}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 12:33]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
AddRemove-Homepage Protection - c:\program files\Common Files\Homepage Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-30  15:37:10
ComboFix-quarantined-files.txt  2013-08-30 19:37
.
Pre-Run: 108,456,640,512 bytes free
Post-Run: 107,867,484,160 bytes free
.
- - End Of File - - 0EF2AA1CF45AD4A61EA62BD01E92C89E
414FECD523F4250C422AE15345E91BA9
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 PM

Posted 31 August 2013 - 07:56 AM

Lets check you master boot record.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please run the DDS tool again and let me know if the BHO is still present.
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
===

#5 blujay40

blujay40
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 31 August 2013 - 08:49 AM

Morning Nasdaq,

 

Ran TDSSKiller and it found 3 items.  The default actions were to skip two of them and cure one.  I proceeded to let it do it's defaults and a reboot was required.  TDSS restarted after reboot, but I wasn't sure whether I should run it again, so I did not.  The log is below.

 

I then tried to run the aswMBR.exe file, but it came up and said it wasn't a valid Win32 application and would not run and therefore a zip file is not attached.

 

I reran the DDS tool and from what I can tell, the I Want This entry is no longer present.

 

Another item, is that I am no longer receiving the popups from Malwarebytes, nor is the streaming audio playing!!  So it appears that TDSSKiller did something positive.

 

I am not sure this thing is cleaned up completely yet, and it bothers me that I cannot run the aswMBR program.  Is that normal?

 

Here are the logs

 

 

09:08:32.0983 3288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:08:33.0139 3288  ============================================================
09:08:33.0139 3288  Current date / time: 2013/08/31 09:08:33.0139
09:08:33.0139 3288  SystemInfo:
09:08:33.0139 3288 
09:08:33.0139 3288  OS Version: 6.1.7601 ServicePack: 1.0
09:08:33.0139 3288  Product type: Workstation
09:08:33.0139 3288  ComputerName: OWNER-PC
09:08:33.0139 3288  UserName: Owner
09:08:33.0139 3288  Windows directory: C:\Windows
09:08:33.0139 3288  System windows directory: C:\Windows
09:08:33.0139 3288  Processor architecture: Intel x86
09:08:33.0139 3288  Number of processors: 2
09:08:33.0139 3288  Page size: 0x1000
09:08:33.0139 3288  Boot type: Normal boot
09:08:33.0139 3288  ============================================================
09:08:34.0356 3288  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:08:34.0387 3288  Drive \Device\Harddisk1\DR1 - Size: 0x778000000 (29.88 Gb), SectorSize: 0x200, Cylinders: 0xF3B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:08:34.0387 3288  ============================================================
09:08:34.0387 3288  \Device\Harddisk0\DR0:
09:08:34.0387 3288  MBR partitions:
09:08:34.0387 3288  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x112F6000
09:08:34.0387 3288  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x112F6800, BlocksNum 0x16BD800
09:08:34.0387 3288  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x129B4000, BlocksNum 0x64800
09:08:34.0387 3288  \Device\Harddisk1\DR1:
09:08:34.0387 3288  MBR partitions:
09:08:34.0387 3288  ============================================================
09:08:34.0418 3288  C: <-> \Device\Harddisk0\DR0\Partition1
09:08:34.0512 3288  D: <-> \Device\Harddisk0\DR0\Partition2
09:08:34.0512 3288  ============================================================
09:08:34.0512 3288  Initialize success
09:08:34.0512 3288  ============================================================
09:09:06.0991 3708  ============================================================
09:09:06.0991 3708  Scan started
09:09:06.0991 3708  Mode: Manual; SigCheck; TDLFS;
09:09:06.0991 3708  ============================================================
09:09:08.0691 3708  ================ Scan system memory ========================
09:09:08.0691 3708  System memory - ok
09:09:08.0691 3708  ================ Scan services =============================
09:09:08.0769 3708  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
09:09:08.0941 3708  !SASCORE - ok
09:09:09.0206 3708  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:09:09.0347 3708  1394ohci - ok
09:09:09.0456 3708  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:09:09.0549 3708  ACDaemon - ok
09:09:09.0643 3708  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:09:09.0690 3708  ACPI - ok
09:09:09.0768 3708  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:09:09.0861 3708  AcpiPmi - ok
09:09:09.0955 3708  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:09:10.0017 3708  adp94xx - ok
09:09:10.0064 3708  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:09:10.0111 3708  adpahci - ok
09:09:10.0158 3708  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:09:10.0189 3708  adpu320 - ok
09:09:10.0236 3708  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:09:10.0314 3708  AeLookupSvc - ok
09:09:10.0439 3708  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
09:09:10.0579 3708  AESTFilters - ok
09:09:10.0641 3708  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
09:09:10.0735 3708  AFD - ok
09:09:10.0782 3708  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
09:09:10.0813 3708  agp440 - ok
09:09:10.0860 3708  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
09:09:10.0891 3708  aic78xx - ok
09:09:10.0938 3708  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
09:09:11.0016 3708  ALG - ok
09:09:11.0047 3708  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:09:11.0078 3708  aliide - ok
09:09:11.0109 3708  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:09:11.0141 3708  amdagp - ok
09:09:11.0156 3708  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:09:11.0187 3708  amdide - ok
09:09:11.0234 3708  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:09:11.0312 3708  AmdK8 - ok
09:09:11.0343 3708  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:09:11.0406 3708  AmdPPM - ok
09:09:11.0468 3708  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:09:11.0515 3708  amdsata - ok
09:09:11.0562 3708  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:09:11.0593 3708  amdsbs - ok
09:09:11.0624 3708  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:09:11.0655 3708  amdxata - ok
09:09:11.0702 3708  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
09:09:11.0921 3708  AppID - ok
09:09:11.0983 3708  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:09:12.0077 3708  AppIDSvc - ok
09:09:12.0108 3708  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
09:09:12.0186 3708  Appinfo - ok
09:09:12.0248 3708  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:09:12.0279 3708  arc - ok
09:09:12.0295 3708  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:09:12.0342 3708  arcsas - ok
09:09:12.0373 3708  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:09:12.0545 3708  AsyncMac - ok
09:09:12.0607 3708  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
09:09:12.0638 3708  atapi - ok
09:09:12.0716 3708  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
09:09:12.0872 3708  athr - ok
09:09:12.0935 3708  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:09:13.0044 3708  AudioEndpointBuilder - ok
09:09:13.0059 3708  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:09:13.0137 3708  Audiosrv - ok
09:09:13.0200 3708  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:09:13.0309 3708  AxInstSV - ok
09:09:13.0356 3708  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
09:09:13.0449 3708  b06bdrv - ok
09:09:13.0496 3708  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
09:09:13.0559 3708  b57nd60x - ok
09:09:13.0715 3708  [ 82DF0DF2EB005F153DCF04C0693AB22C ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
09:09:13.0917 3708  BCM43XX - ok
09:09:13.0964 3708  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:09:14.0073 3708  BDESVC - ok
09:09:14.0105 3708  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:09:14.0198 3708  Beep - ok
09:09:14.0261 3708  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
09:09:14.0385 3708  BFE - ok
09:09:14.0448 3708  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
09:09:14.0526 3708  BITS - ok
09:09:14.0588 3708  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:09:14.0666 3708  blbdrive - ok
09:09:14.0963 3708  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:09:15.0041 3708  bowser - ok
09:09:15.0103 3708  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:09:15.0197 3708  BrFiltLo - ok
09:09:15.0228 3708  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:09:15.0321 3708  BrFiltUp - ok
09:09:15.0462 3708  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:09:15.0618 3708  BridgeMP - ok
09:09:15.0696 3708  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
09:09:15.0774 3708  Browser - ok
09:09:15.0805 3708  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:09:15.0899 3708  Brserid - ok
09:09:15.0961 3708  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:09:16.0055 3708  BrSerWdm - ok
09:09:16.0117 3708  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:09:16.0211 3708  BrUsbMdm - ok
09:09:16.0242 3708  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:09:16.0367 3708  BrUsbSer - ok
09:09:16.0413 3708  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
09:09:16.0632 3708  BthEnum - ok
09:09:16.0694 3708  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:09:16.0757 3708  BTHMODEM - ok
09:09:16.0819 3708  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
09:09:16.0897 3708  BthPan - ok
09:09:16.0975 3708  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
09:09:17.0178 3708  BTHPORT - ok
09:09:17.0240 3708  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
09:09:17.0365 3708  bthserv - ok
09:09:17.0396 3708  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
09:09:17.0443 3708  BTHUSB - ok
09:09:17.0599 3708  catchme - ok
09:09:17.0693 3708  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:09:17.0802 3708  cdfs - ok
09:09:17.0896 3708  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
09:09:17.0974 3708  cdrom - ok
09:09:18.0020 3708  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:09:18.0332 3708  CertPropSvc - ok
09:09:18.0395 3708  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:09:18.0488 3708  circlass - ok
09:09:18.0535 3708  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
09:09:18.0582 3708  CLFS - ok
09:09:18.0722 3708  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:09:18.0769 3708  clr_optimization_v2.0.50727_32 - ok
09:09:18.0910 3708  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:09:19.0081 3708  clr_optimization_v4.0.30319_32 - ok
09:09:19.0206 3708  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:09:19.0284 3708  CmBatt - ok
09:09:19.0331 3708  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:09:19.0362 3708  cmdide - ok
09:09:19.0580 3708  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:09:19.0846 3708  CNG - ok
09:09:20.0126 3708  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:09:20.0158 3708  Compbatt - ok
09:09:20.0345 3708  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:09:20.0407 3708  CompositeBus - ok
09:09:20.0438 3708  COMSysApp - ok
09:09:20.0485 3708  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:09:20.0532 3708  crcdisk - ok
09:09:20.0610 3708  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:09:20.0704 3708  CryptSvc - ok
09:09:20.0844 3708  [ 33E7AB50F87F97ABD9057205E27CB182 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
09:09:21.0078 3708  dc3d - ok
09:09:21.0156 3708  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:09:21.0452 3708  DcomLaunch - ok
09:09:21.0530 3708  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:09:21.0764 3708  defragsvc - ok
09:09:22.0045 3708  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:09:22.0154 3708  DfsC - ok
09:09:22.0310 3708  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:09:22.0435 3708  Dhcp - ok
09:09:22.0513 3708  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
09:09:22.0622 3708  discache - ok
09:09:22.0700 3708  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:09:22.0747 3708  Disk - ok
09:09:22.0841 3708  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:09:23.0137 3708  Dnscache - ok
09:09:23.0246 3708  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:09:23.0434 3708  dot3svc - ok
09:09:23.0527 3708  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
09:09:23.0730 3708  DPS - ok
09:09:23.0839 3708  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:09:23.0917 3708  drmkaud - ok
09:09:24.0026 3708  [ 6368D6A6DDA2E44EECC592EB50950463 ] DVMIO           C:\SPLASH.SYS\config\dvmio.sys
09:09:24.0104 3708  DVMIO - ok
09:09:24.0167 3708  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:09:24.0260 3708  DXGKrnl - ok
09:09:24.0370 3708  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
09:09:24.0526 3708  EapHost - ok
09:09:24.0713 3708  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
09:09:24.0994 3708  ebdrv - ok
09:09:25.0040 3708  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
09:09:25.0134 3708  EFS - ok
09:09:25.0212 3708  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:09:25.0290 3708  elxstor - ok
09:09:25.0306 3708  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:09:25.0368 3708  ErrDev - ok
09:09:25.0524 3708  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
09:09:25.0649 3708  EventSystem - ok
09:09:26.0117 3708  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
09:09:26.0226 3708  exfat - ok
09:09:26.0273 3708  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:09:26.0398 3708  fastfat - ok
09:09:26.0507 3708  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
09:09:26.0616 3708  Fax - ok
09:09:26.0741 3708  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:09:26.0850 3708  fdc - ok
09:09:26.0912 3708  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
09:09:27.0037 3708  fdPHost - ok
09:09:27.0084 3708  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
09:09:27.0162 3708  FDResPub - ok
09:09:27.0209 3708  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:09:27.0240 3708  FileInfo - ok
09:09:27.0271 3708  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:09:27.0365 3708  Filetrace - ok
09:09:27.0443 3708  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:09:27.0521 3708  flpydisk - ok
09:09:27.0568 3708  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:09:27.0614 3708  FltMgr - ok
09:09:27.0708 3708  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
09:09:27.0958 3708  FontCache - ok
09:09:28.0067 3708  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:09:28.0098 3708  FontCache3.0.0.0 - ok
09:09:28.0160 3708  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:09:28.0192 3708  FsDepends - ok
09:09:28.0254 3708  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:09:28.0285 3708  Fs_Rec - ok
09:09:28.0426 3708  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:09:28.0504 3708  fvevol - ok
09:09:28.0628 3708  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:09:28.0660 3708  gagp30kx - ok
09:09:28.0753 3708  [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
09:09:28.0816 3708  GameConsoleService - ok
09:09:28.0956 3708  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:09:29.0143 3708  gpsvc - ok
09:09:29.0237 3708  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:09:29.0284 3708  gupdate - ok
09:09:29.0346 3708  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:09:29.0377 3708  gupdatem - ok
09:09:29.0424 3708  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:09:29.0549 3708  hcw85cir - ok
09:09:29.0752 3708  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:09:29.0892 3708  HdAudAddService - ok
09:09:29.0986 3708  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:09:30.0079 3708  HDAudBus - ok
09:09:30.0126 3708  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:09:30.0173 3708  HidBatt - ok
09:09:30.0220 3708  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:09:30.0298 3708  HidBth - ok
09:09:30.0344 3708  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:09:30.0438 3708  HidIr - ok
09:09:30.0532 3708  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
09:09:30.0688 3708  hidserv - ok
09:09:31.0171 3708  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:09:31.0234 3708  HidUsb - ok
09:09:31.0296 3708  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:09:31.0421 3708  hkmsvc - ok
09:09:31.0499 3708  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:09:31.0873 3708  HomeGroupListener - ok
09:09:31.0951 3708  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:09:32.0138 3708  HomeGroupProvider - ok
09:09:32.0326 3708  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:09:32.0388 3708  hpqwmiex - ok
09:09:32.0544 3708  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:09:32.0591 3708  HpSAMD - ok
09:09:32.0809 3708  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:09:32.0981 3708  HTTP - ok
09:09:33.0043 3708  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:09:33.0074 3708  hwpolicy - ok
09:09:33.0262 3708  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:09:33.0823 3708  i8042prt - ok
09:09:33.0995 3708  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:09:34.0073 3708  iaStor - ok
09:09:34.0322 3708  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:09:34.0400 3708  iaStorV - ok
09:09:34.0650 3708  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:09:34.0759 3708  idsvc - ok
09:09:35.0336 3708  [ A79416044080F5ADE931517C45BE9D58 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:09:36.0148 3708  igfx - ok
09:09:36.0319 3708  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:09:36.0350 3708  iirsp - ok
09:09:36.0678 3708  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:09:36.0896 3708  IKEEXT - ok
09:09:37.0115 3708  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:09:37.0162 3708  intelide - ok
09:09:37.0318 3708  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:09:37.0458 3708  intelppm - ok
09:09:37.0630 3708  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:09:38.0300 3708  IPBusEnum - ok
09:09:38.0378 3708  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:09:38.0519 3708  IpFilterDriver - ok
09:09:38.0644 3708  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:09:38.0768 3708  iphlpsvc - ok
09:09:38.0862 3708  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:09:38.0956 3708  IPMIDRV - ok
09:09:39.0065 3708  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:09:39.0268 3708  IPNAT - ok
09:09:39.0314 3708  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:09:39.0486 3708  IRENUM - ok
09:09:39.0580 3708  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:09:39.0626 3708  isapnp - ok
09:09:39.0704 3708  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:09:39.0751 3708  iScsiPrt - ok
09:09:39.0814 3708  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:09:39.0907 3708  kbdclass - ok
09:09:40.0001 3708  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:09:40.0126 3708  kbdhid - ok
09:09:40.0172 3708  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
09:09:40.0235 3708  KeyIso - ok
09:09:40.0344 3708  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:09:40.0406 3708  KSecDD - ok
09:09:40.0531 3708  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:09:40.0578 3708  KSecPkg - ok
09:09:40.0952 3708  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:09:41.0093 3708  KtmRm - ok
09:09:41.0171 3708  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
09:09:41.0452 3708  L1C - ok
09:09:41.0545 3708  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:09:41.0670 3708  LanmanServer - ok
09:09:41.0732 3708  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:09:41.0888 3708  LanmanWorkstation - ok
09:09:42.0029 3708  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:09:42.0434 3708  lltdio - ok
09:09:42.0497 3708  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:09:42.0746 3708  lltdsvc - ok
09:09:42.0871 3708  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:09:42.0996 3708  lmhosts - ok
09:09:43.0074 3708  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:09:43.0105 3708  LSI_FC - ok
09:09:43.0136 3708  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:09:43.0183 3708  LSI_SAS - ok
09:09:43.0277 3708  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:09:43.0308 3708  LSI_SAS2 - ok
09:09:43.0464 3708  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:09:43.0495 3708  LSI_SCSI - ok
09:09:43.0760 3708  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
09:09:43.0916 3708  luafv - ok
09:09:44.0104 3708  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:09:44.0166 3708  MBAMProtector - ok
09:09:44.0509 3708  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:09:44.0587 3708  MBAMScheduler - ok
09:09:44.0806 3708  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:09:44.0899 3708  MBAMService - ok
09:09:44.0915 3708  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:09:44.0946 3708  megasas - ok
09:09:45.0149 3708  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:09:45.0211 3708  MegaSR - ok
09:09:45.0601 3708  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:09:45.0648 3708  Microsoft Office Groove Audit Service - ok
09:09:45.0679 3708  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
09:09:45.0788 3708  MMCSS - ok
09:09:45.0944 3708  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
09:09:46.0132 3708  Modem - ok
09:09:46.0225 3708  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:09:46.0475 3708  monitor - ok
09:09:46.0756 3708  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:09:46.0896 3708  mouclass - ok
09:09:47.0005 3708  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:09:47.0068 3708  mouhid - ok
09:09:47.0208 3708  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:09:47.0239 3708  mountmgr - ok
09:09:47.0317 3708  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:09:47.0395 3708  mpio - ok
09:09:47.0614 3708  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:09:47.0723 3708  mpsdrv - ok
09:09:47.0832 3708  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:09:48.0066 3708  MpsSvc - ok
09:09:48.0253 3708  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:09:48.0472 3708  MRxDAV - ok
09:09:48.0550 3708  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:09:48.0737 3708  mrxsmb - ok
09:09:48.0877 3708  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:09:49.0033 3708  mrxsmb10 - ok
09:09:49.0127 3708  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:09:49.0205 3708  mrxsmb20 - ok
09:09:49.0314 3708  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
09:09:49.0361 3708  msahci - ok
09:09:49.0408 3708  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:09:49.0439 3708  msdsm - ok
09:09:49.0517 3708  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
09:09:49.0595 3708  MSDTC - ok
09:09:49.0844 3708  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:09:49.0922 3708  Msfs - ok
09:09:49.0969 3708  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:09:50.0172 3708  mshidkmdf - ok
09:09:50.0297 3708  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:09:50.0328 3708  msisadrv - ok
09:09:50.0375 3708  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:09:50.0656 3708  MSiSCSI - ok
09:09:50.0687 3708  msiserver - ok
09:09:50.0858 3708  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:09:51.0030 3708  MSKSSRV - ok
09:09:51.0061 3708  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:09:51.0342 3708  MSPCLOCK - ok
09:09:51.0420 3708  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:09:51.0654 3708  MSPQM - ok
09:09:51.0904 3708  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:09:52.0028 3708  MsRPC - ok
09:09:52.0138 3708  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:09:52.0184 3708  mssmbios - ok
09:09:52.0325 3708  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:09:52.0543 3708  MSTEE - ok
09:09:52.0621 3708  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:09:52.0730 3708  MTConfig - ok
09:09:52.0793 3708  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:09:52.0840 3708  Mup - ok
09:09:53.0105 3708  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
09:09:53.0276 3708  napagent - ok
09:09:53.0495 3708  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:09:53.0604 3708  NativeWifiP - ok
09:09:53.0713 3708  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:09:53.0854 3708  NDIS - ok
09:09:53.0947 3708  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:09:54.0088 3708  NdisCap - ok
09:09:54.0134 3708  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:09:54.0322 3708  NdisTapi - ok
09:09:54.0524 3708  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:09:54.0743 3708  Ndisuio - ok
09:09:54.0836 3708  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:09:55.0039 3708  NdisWan - ok
09:09:55.0148 3708  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:09:55.0258 3708  NDProxy - ok
09:09:55.0367 3708  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:09:55.0648 3708  NetBIOS - ok
09:09:55.0882 3708  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:09:56.0053 3708  NetBT - ok
09:09:56.0116 3708  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
09:09:56.0162 3708  Netlogon - ok
09:09:56.0287 3708  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
09:09:56.0443 3708  Netman - ok
09:09:56.0537 3708  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
09:09:56.0724 3708  netprofm - ok
09:09:56.0849 3708  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:09:56.0896 3708  NetTcpPortSharing - ok
09:09:56.0958 3708  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:09:56.0989 3708  nfrd960 - ok
09:09:57.0192 3708  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:09:57.0582 3708  NlaSvc - ok
09:09:57.0644 3708  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:09:57.0769 3708  Npfs - ok
09:09:57.0847 3708  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
09:09:58.0050 3708  nsi - ok
09:09:58.0190 3708  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:09:58.0315 3708  nsiproxy - ok
09:09:58.0674 3708  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:09:58.0830 3708  Ntfs - ok
09:09:58.0955 3708  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
09:09:58.0986 3708  NuidFltr - ok
09:09:59.0126 3708  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
09:09:59.0251 3708  Null - ok
09:09:59.0454 3708  [ B5E37E31C053BC9950455A257526514B ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x32.sys
09:09:59.0735 3708  NVENETFD - ok
09:09:59.0938 3708  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:10:00.0000 3708  nvraid - ok
09:10:00.0062 3708  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:10:00.0109 3708  nvstor - ok
09:10:00.0250 3708  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:10:00.0296 3708  nv_agp - ok
09:10:00.0452 3708  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:10:00.0546 3708  odserv - ok
09:10:00.0780 3708  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:10:01.0014 3708  ohci1394 - ok
09:10:01.0248 3708  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:10:01.0295 3708  ose - ok
09:10:01.0404 3708  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:10:01.0700 3708  p2pimsvc - ok
09:10:01.0794 3708  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:10:01.0919 3708  p2psvc - ok
09:10:02.0028 3708  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:10:02.0215 3708  Parport - ok
09:10:02.0387 3708  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:10:02.0418 3708  partmgr - ok
09:10:02.0496 3708  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:10:02.0636 3708  Parvdm - ok
09:10:03.0619 3708  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:10:03.0744 3708  PcaSvc - ok
09:10:04.0009 3708  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
09:10:04.0056 3708  pci - ok
09:10:04.0150 3708  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
09:10:04.0181 3708  pciide - ok
09:10:04.0259 3708  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:10:04.0306 3708  pcmcia - ok
09:10:04.0430 3708  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
09:10:04.0477 3708  pcw - ok
09:10:04.0540 3708  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:10:04.0742 3708  PEAUTH - ok
09:10:05.0070 3708  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
09:10:05.0335 3708  pla - ok
09:10:05.0600 3708  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:10:05.0756 3708  PlugPlay - ok
09:10:05.0912 3708  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:10:05.0959 3708  PNRPAutoReg - ok
09:10:06.0068 3708  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:10:06.0131 3708  PNRPsvc - ok
09:10:06.0224 3708  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:10:06.0380 3708  PolicyAgent - ok
09:10:06.0536 3708  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
09:10:06.0677 3708  Power - ok
09:10:06.0802 3708  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:10:06.0958 3708  PptpMiniport - ok
09:10:07.0051 3708  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:10:07.0176 3708  Processor - ok
09:10:07.0223 3708  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
09:10:07.0363 3708  ProfSvc - ok
09:10:07.0426 3708  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:10:07.0472 3708  ProtectedStorage - ok
09:10:07.0566 3708  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:10:07.0706 3708  Psched - ok
09:10:07.0878 3708  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:10:08.0034 3708  ql2300 - ok
09:10:08.0096 3708  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:10:08.0143 3708  ql40xx - ok
09:10:08.0221 3708  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
09:10:08.0315 3708  QWAVE - ok
09:10:08.0393 3708  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:10:08.0471 3708  QWAVEdrv - ok
09:10:08.0518 3708  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:10:08.0674 3708  RasAcd - ok
09:10:08.0767 3708  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:10:08.0861 3708  RasAgileVpn - ok
09:10:09.0017 3708  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
09:10:09.0110 3708  RasAuto - ok
09:10:09.0188 3708  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:10:09.0360 3708  Rasl2tp - ok
09:10:09.0454 3708  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
09:10:09.0656 3708  RasMan - ok
09:10:09.0703 3708  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:10:09.0812 3708  RasPppoe - ok
09:10:09.0922 3708  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:10:10.0046 3708  RasSstp - ok
09:10:10.0171 3708  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:10:10.0312 3708  rdbss - ok
09:10:10.0390 3708  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:10:10.0561 3708  rdpbus - ok
09:10:10.0639 3708  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:10:10.0795 3708  RDPCDD - ok
09:10:10.0920 3708  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:10:11.0045 3708  RDPENCDD - ok
09:10:11.0123 3708  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:10:11.0263 3708  RDPREFMP - ok
09:10:11.0341 3708  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:10:11.0591 3708  RDPWD - ok
09:10:11.0684 3708  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:10:11.0731 3708  rdyboost - ok
09:10:11.0809 3708  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:10:12.0012 3708  RemoteAccess - ok
09:10:12.0090 3708  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:10:12.0277 3708  RemoteRegistry - ok
09:10:12.0464 3708  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
09:10:12.0574 3708  RFCOMM - ok
09:10:12.0636 3708  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:10:12.0792 3708  RpcEptMapper - ok
09:10:12.0886 3708  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
09:10:12.0995 3708  RpcLocator - ok
09:10:13.0135 3708  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
09:10:13.0291 3708  RpcSs - ok
09:10:13.0385 3708  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:10:13.0510 3708  rspndr - ok
09:10:13.0666 3708  [ 96F8DD546677AA5102150ACC140377B3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
09:10:13.0744 3708  RSUSBSTOR - ok
09:10:13.0790 3708  RtsUIR - ok
09:10:13.0900 3708  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
09:10:13.0946 3708  SamSs - ok
09:10:14.0040 3708  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:10:14.0087 3708  SASDIFSV - ok
09:10:14.0102 3708  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:10:14.0134 3708  SASKUTIL - ok
09:10:14.0243 3708  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:10:14.0336 3708  sbp2port - ok
09:10:14.0430 3708  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:10:14.0586 3708  SCardSvr - ok
09:10:14.0726 3708  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:10:14.0836 3708  scfilter - ok
09:10:14.0929 3708  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
09:10:15.0116 3708  Schedule - ok
09:10:15.0179 3708  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:10:15.0257 3708  SCPolicySvc - ok
09:10:15.0319 3708  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
09:10:15.0616 3708  sdbus - ok
09:10:15.0725 3708  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:10:15.0881 3708  SDRSVC - ok
09:10:16.0068 3708  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:10:16.0162 3708  secdrv - ok
09:10:16.0240 3708  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
09:10:16.0505 3708  seclogon - ok
09:10:16.0614 3708  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
09:10:16.0801 3708  SENS - ok
09:10:17.0020 3708  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:10:17.0098 3708  Serenum - ok
09:10:17.0160 3708  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:10:17.0207 3708  Serial - ok
09:10:17.0300 3708  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:10:17.0363 3708  sermouse - ok
09:10:17.0534 3708  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:10:17.0800 3708  SessionEnv - ok
09:10:17.0940 3708  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:10:18.0205 3708  sffdisk - ok
09:10:18.0314 3708  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:10:18.0408 3708  sffp_mmc - ok
09:10:18.0470 3708  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:10:18.0611 3708  sffp_sd - ok
09:10:18.0689 3708  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:10:20.0218 3708  sfloppy - ok
09:10:20.0592 3708  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:10:21.0122 3708  SharedAccess - ok
09:10:21.0216 3708  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:10:21.0450 3708  ShellHWDetection - ok
09:10:21.0481 3708  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:10:21.0622 3708  sisagp - ok
09:10:21.0887 3708  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:10:21.0918 3708  SiSRaid2 - ok
09:10:22.0074 3708  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:10:22.0105 3708  SiSRaid4 - ok
09:10:22.0230 3708  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:10:22.0433 3708  Smb - ok
09:10:22.0589 3708  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:10:22.0745 3708  SNMPTRAP - ok
09:10:22.0776 3708  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:10:22.0807 3708  spldr - ok
09:10:22.0963 3708  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
09:10:23.0150 3708  Spooler - ok
09:10:23.0416 3708  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
09:10:23.0962 3708  sppsvc - ok
09:10:24.0086 3708  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:10:24.0242 3708  sppuinotify - ok
09:10:24.0336 3708  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:10:24.0601 3708  srv - ok
09:10:24.0664 3708  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:10:24.0726 3708  srv2 - ok
09:10:24.0913 3708  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:10:24.0991 3708  SrvHsfHDA - ok
09:10:25.0054 3708  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:10:25.0163 3708  SrvHsfV92 - ok
09:10:25.0256 3708  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:10:25.0412 3708  SrvHsfWinac - ok
09:10:25.0506 3708  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:10:25.0600 3708  srvnet - ok
09:10:25.0646 3708  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:10:25.0771 3708  SSDPSRV - ok
09:10:25.0990 3708  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:10:26.0114 3708  SstpSvc - ok
09:10:26.0442 3708  [ 7437646782EB51CC0846A8FD3EA58989 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
09:10:26.0582 3708  STacSV - ok
09:10:26.0692 3708  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:10:26.0723 3708  stexstor - ok
09:10:26.0879 3708  [ FFE2D0A09C9C806B005C97076CC1034C ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
09:10:27.0097 3708  STHDA - ok
09:10:27.0238 3708  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
09:10:27.0456 3708  StiSvc - ok
09:10:27.0565 3708  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:10:27.0612 3708  swenum - ok
09:10:27.0690 3708  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
09:10:27.0877 3708  swprv - ok
09:10:28.0049 3708  [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
09:10:28.0096 3708  SynTP - ok
09:10:28.0189 3708  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
09:10:28.0330 3708  SysMain - ok
09:10:28.0408 3708  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:10:28.0486 3708  TabletInputService - ok
09:10:28.0595 3708  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:10:28.0751 3708  TapiSrv - ok
09:10:28.0860 3708  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
09:10:29.0078 3708  TBS - ok
09:10:29.0234 3708  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:10:29.0390 3708  Tcpip - ok
09:10:29.0468 3708  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:10:29.0593 3708  TCPIP6 - ok
09:10:29.0843 3708  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:10:30.0061 3708  tcpipreg - ok
09:10:30.0264 3708  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:10:30.0404 3708  TDPIPE - ok
09:10:30.0482 3708  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:10:30.0576 3708  TDTCP - ok
09:10:30.0685 3708  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:10:30.0826 3708  tdx - ok
09:10:30.0935 3708  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:10:30.0966 3708  TermDD - ok
09:10:31.0044 3708  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
09:10:31.0465 3708  TermService - ok
09:10:31.0512 3708  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
09:10:31.0699 3708  Themes - ok
09:10:31.0871 3708  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:10:31.0980 3708  THREADORDER - ok
09:10:32.0152 3708  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
09:10:32.0323 3708  TrkWks - ok
09:10:32.0479 3708  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:10:32.0713 3708  TrustedInstaller - ok
09:10:32.0807 3708  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:10:33.0275 3708  tssecsrv - ok
09:10:33.0462 3708  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:10:33.0587 3708  TsUsbFlt - ok
09:10:33.0774 3708  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:10:33.0883 3708  tunnel - ok
09:10:33.0946 3708  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:10:33.0992 3708  uagp35 - ok
09:10:34.0024 3708  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:10:34.0133 3708  udfs - ok
09:10:34.0226 3708  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:10:34.0304 3708  UI0Detect - ok
09:10:34.0414 3708  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:10:34.0445 3708  uliagpkx - ok
09:10:34.0538 3708  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
09:10:34.0648 3708  umbus - ok
09:10:34.0772 3708  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:10:34.0913 3708  UmPass - ok
09:10:34.0975 3708  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
09:10:35.0147 3708  upnphost - ok
09:10:35.0365 3708  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:10:35.0443 3708  usbccgp - ok
09:10:35.0490 3708  USBCCID - ok
09:10:35.0755 3708  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:10:35.0833 3708  usbcir - ok
09:10:35.0942 3708  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:10:35.0989 3708  usbehci - ok
09:10:36.0161 3708  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:10:36.0301 3708  usbhub - ok
09:10:36.0426 3708  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:10:36.0520 3708  usbohci - ok
09:10:36.0613 3708  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:10:36.0707 3708  usbprint - ok
09:10:36.0800 3708  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:10:36.0988 3708  USBSTOR - ok
09:10:37.0081 3708  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:10:37.0222 3708  usbuhci - ok
09:10:37.0378 3708  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:10:37.0456 3708  usbvideo - ok
09:10:37.0534 3708  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
09:10:37.0643 3708  UxSms - ok
09:10:37.0690 3708  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
09:10:37.0752 3708  VaultSvc - ok
09:10:37.0830 3708  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:10:37.0877 3708  vdrvroot - ok
09:10:37.0970 3708  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
09:10:38.0220 3708  vds - ok
09:10:38.0345 3708  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:10:38.0407 3708  vga - ok
09:10:38.0516 3708  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:10:38.0672 3708  VgaSave - ok
09:10:38.0735 3708  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:10:38.0782 3708  vhdmp - ok
09:10:38.0860 3708  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:10:38.0906 3708  viaagp - ok
09:10:39.0062 3708  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
09:10:39.0172 3708  ViaC7 - ok
09:10:39.0218 3708  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
09:10:39.0250 3708  viaide - ok
09:10:39.0296 3708  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:10:39.0328 3708  volmgr - ok
09:10:39.0390 3708  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:10:39.0437 3708  volmgrx - ok
09:10:39.0515 3708  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:10:39.0577 3708  volsnap - ok
09:10:39.0702 3708  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:10:39.0764 3708  vsmraid - ok
09:10:39.0874 3708  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
09:10:40.0014 3708  VSS - ok
09:10:40.0061 3708  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:10:40.0186 3708  vwifibus - ok
09:10:40.0420 3708  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:10:40.0622 3708  vwififlt - ok
09:10:40.0685 3708  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
09:10:40.0872 3708  vwifimp - ok
09:10:40.0997 3708  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
09:10:41.0184 3708  W32Time - ok
09:10:41.0293 3708  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:10:41.0418 3708  WacomPen - ok
09:10:41.0512 3708  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:10:41.0683 3708  WANARP - ok
09:10:41.0699 3708  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:10:41.0792 3708  Wanarpv6 - ok
09:10:41.0870 3708  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
09:10:42.0104 3708  wbengine - ok
09:10:42.0214 3708  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:10:42.0338 3708  WbioSrvc - ok
09:10:42.0401 3708  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:10:42.0494 3708  wcncsvc - ok
09:10:42.0775 3708  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:10:42.0916 3708  WcsPlugInService - ok
09:10:42.0962 3708  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:10:42.0994 3708  Wd - ok
09:10:43.0072 3708  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:10:43.0243 3708  Wdf01000 - ok
09:10:43.0508 3708  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:10:43.0680 3708  WdiServiceHost - ok
09:10:43.0711 3708  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:10:43.0789 3708  WdiSystemHost - ok
09:10:43.0867 3708  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
09:10:44.0023 3708  WebClient - ok
09:10:44.0195 3708  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:10:44.0429 3708  Wecsvc - ok
09:10:44.0476 3708  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:10:44.0741 3708  wercplsupport - ok
09:10:44.0912 3708  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:10:45.0068 3708  WerSvc - ok
09:10:45.0193 3708  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:10:45.0287 3708  WfpLwf - ok
09:10:45.0412 3708  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:10:45.0458 3708  WIMMount - ok
09:10:45.0614 3708  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:10:45.0848 3708  WinDefend - ok
09:10:45.0911 3708  WinHttpAutoProxySvc - ok
09:10:46.0051 3708  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:10:46.0160 3708  Winmgmt - ok
09:10:46.0270 3708  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
09:10:46.0472 3708  WinRM - ok
09:10:46.0738 3708  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:10:46.0831 3708  WinUsb - ok
09:10:47.0252 3708  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:10:47.0424 3708  Wlansvc - ok
09:10:47.0720 3708  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:10:47.0876 3708  wlidsvc - ok
09:10:48.0048 3708  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:10:58.0110 3708  WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
09:10:58.0110 3708  WmiAcpi - detected UnsignedFile.Multi.Generic (1)
09:10:58.0282 3708  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:11:08.0328 3708  wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:11:08.0328 3708  wmiApSrv - detected UnsignedFile.Multi.Generic (1)
09:11:08.0515 3708  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:11:13.0539 3708  WMPNetworkSvc - ok
09:11:13.0663 3708  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:11:13.0929 3708  WPCSvc - ok
09:11:14.0069 3708  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:11:14.0350 3708  WPDBusEnum - ok
09:11:14.0443 3708  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:11:14.0724 3708  ws2ifsl - ok
09:11:14.0787 3708  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
09:11:14.0958 3708  wscsvc - ok
09:11:15.0083 3708  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:11:15.0239 3708  WSDPrintDevice - ok
09:11:15.0255 3708  WSearch - ok
09:11:15.0582 3708  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
09:11:15.0769 3708  wuauserv - ok
09:11:16.0081 3708  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:11:16.0206 3708  WudfPf - ok
09:11:16.0393 3708  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:16.0471 3708  WUDFRd - ok
09:11:16.0627 3708  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:11:16.0815 3708  wudfsvc - ok
09:11:16.0908 3708  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:11:17.0111 3708  WwanSvc - ok
09:11:17.0173 3708  ================ Scan global ===============================
09:11:17.0298 3708  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:11:17.0361 3708  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:11:17.0392 3708  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:11:17.0532 3708  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:11:17.0595 3708  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:11:17.0641 3708  [Global] - ok
09:11:17.0641 3708  ================ Scan MBR ==================================
09:11:17.0688 3708  [ 790D362A4D78D926A387C9ECDDEA1152 ] \Device\Harddisk0\DR0
09:11:17.0688 3708  Suspicious mbr (Forged): \Device\Harddisk0\DR0
09:11:18.0250 3708  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
09:11:18.0281 3708  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
09:11:18.0874 3708  [ BFE63CA1B95A1228D592A684CD1FAB2D ] \Device\Harddisk1\DR1
09:11:19.0045 3708  \Device\Harddisk1\DR1 - ok
09:11:19.0045 3708  ================ Scan VBR ==================================
09:11:19.0061 3708  [ 61F096B8C3D6A856B6390E4EF928772E ] \Device\Harddisk0\DR0\Partition1
09:11:19.0077 3708  \Device\Harddisk0\DR0\Partition1 - ok
09:11:19.0186 3708  [ C3388F6E472958D43E0D7160D864436A ] \Device\Harddisk0\DR0\Partition2
09:11:19.0186 3708  \Device\Harddisk0\DR0\Partition2 - ok
09:11:19.0279 3708  [ 8E7B1B37A2DF4A961151DF2F018CF2BA ] \Device\Harddisk0\DR0\Partition3
09:11:19.0279 3708  \Device\Harddisk0\DR0\Partition3 - ok
09:11:19.0279 3708  ============================================================
09:11:19.0279 3708  Scan finished
09:11:19.0279 3708  ============================================================
09:11:19.0326 3692  Detected object count: 3
09:11:19.0326 3692  Actual detected object count: 3
09:12:38.0730 3692  WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user
09:12:38.0730 3692  WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:12:38.0746 3692  wmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:12:38.0746 3692  wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:12:40.0774 3692  \Device\Harddisk0\DR0\# - copied to quarantine
09:12:40.0774 3692  \Device\Harddisk0\DR0 - copied to quarantine
09:12:40.0867 3692  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot
09:12:40.0867 3692  \Device\Harddisk0\DR0 - ok
09:12:41.0647 3692  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
09:12:50.0555 3108  Deinitialize success
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16490
Run by Owner at 9:36:50 on 2013-08-31
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1015.204 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SysTrayApp] "c:\program files\idt\wdm\sttray.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 75.75.76.76
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D} : DHCPNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\075747D616E686F6D656 : DHCPNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\2375942554437393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\9516E63697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\C696E6B6379737 : DHCPNameServer = 68.87.77.130 68.87.72.130
TCP: Interfaces\{A53CF070-D07D-4F96-A5FC-CEC375EE892D}\D43555E456470275962756C6563737 : DHCPNameServer = 35.8.98.43 35.8.2.41
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-7-27 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_fa0513b7754bf240\AEstSrv.exe [2009-3-2 81920]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-25 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-25 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-25 22856]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-25 167424]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-3 52224]
.
=============== File Associations ===============
.
ShellExec: vlc.exe: Open="c:\program files\easy media player\emp.exe" --started-from-file "%1"
.
=============== Created Last 30 ================
.
2013-08-31 13:12:38 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-30 20:11:51 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f7ab0f58-3fd9-4f4c-a5eb-a4df871dbe9e}\mpengine.dll
2013-08-30 20:09:12 -------- d--h--w- c:\windows\AxInstSV
2013-08-30 19:37:42 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-30 17:25:20 256000 ----a-w- c:\windows\PEV.exe
2013-08-30 17:25:20 208896 ----a-w- c:\windows\MBR.exe
2013-08-30 17:25:18 98816 ----a-w- c:\windows\sed.exe
2013-08-30 16:10:27 -------- d-----w- c:\windows\ERUNT
2013-08-30 16:00:21 -------- d-----w- C:\AdwCleaner
2013-08-25 16:58:52 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2013-08-25 16:58:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-25 16:58:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-25 15:01:17 -------- d-----w- c:\program files\CCleaner
2013-08-25 14:56:37 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2013-08-25 14:56:20 -------- d-----w- c:\programdata\Malwarebytes
2013-08-25 14:56:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-25 14:56:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-25 14:56:04 -------- d-----w- c:\users\owner\appdata\local\Programs
2013-08-25 14:25:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2013-08-25 14:25:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH:  9:37:22.98 ===============
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 PM

Posted 31 August 2013 - 09:14 AM

You did good.

Just run ComboFix one more time and post the log for my review.
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#7 blujay40

blujay40
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 31 August 2013 - 10:50 AM

Just as an FYI, after the last set of actions, windows did a large auto update of 27.  Upon reboot, chkdsk ran and found hundreds of orphaned files and fixed it.  Trying to keep you informed about anything that occurs along the way here.

 

Additonally, I already noticed that this netbook had no AV software on it.  I had delayed installing any until we had a clean system so that it wouldn't interfere with anything we were going to run.  I plan on installing MSE on it, unless you can recommend a better free low impact AV software for netbooks.  I will also most likely just uninstall Java and I can update Adobe.

 

Here is the combo fix log and the Security Check log

 

ComboFix 13-08-30.02 - Owner 08/31/2013  11:07:54.3.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1015.162 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-31  )))))))))))))))))))))))))))))))
.
.
2013-08-31 15:25 . 2013-08-31 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-31 15:22 . 2013-08-31 15:22 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7AB0F58-3FD9-4F4C-A5EB-A4DF871DBE9E}\offreg.dll
2013-08-31 14:47 . 2013-08-31 14:47 -------- d-----w- C:\found.000
2013-08-31 14:27 . 2013-08-31 14:31 -------- d-----w- c:\windows\system32\MRT
2013-08-31 13:58 . 2013-08-31 13:58 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-31 13:45 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-31 13:43 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-08-31 13:43 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-08-31 13:43 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-08-31 13:12 . 2013-08-31 13:12 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-30 20:11 . 2013-08-20 04:47 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7AB0F58-3FD9-4F4C-A5EB-A4DF871DBE9E}\mpengine.dll
2013-08-30 20:09 . 2013-08-30 20:09 -------- d--h--w- c:\windows\AxInstSV
2013-08-30 16:10 . 2013-08-30 16:10 -------- d-----w- c:\windows\ERUNT
2013-08-30 16:00 . 2013-08-30 16:05 -------- d-----w- C:\AdwCleaner
2013-08-25 16:58 . 2013-08-25 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2013-08-25 16:58 . 2013-08-25 16:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-25 16:58 . 2013-08-25 16:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-08-25 15:01 . 2013-08-25 15:01 -------- d-----w- c:\program files\CCleaner
2013-08-25 14:56 . 2013-08-25 14:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-08-25 14:56 . 2013-08-25 14:56 -------- d-----w- c:\programdata\Malwarebytes
2013-08-25 14:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-25 14:56 . 2013-08-25 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-25 14:56 . 2013-08-25 14:56 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-08-25 14:25 . 2013-08-25 14:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 14:25 . 2012-01-21 17:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22 . 2009-12-21 21:49 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 12:33]
.
2013-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-86593921.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-31  11:32:08
ComboFix-quarantined-files.txt  2013-08-31 15:32
ComboFix2.txt  2013-08-30 19:37
.
Pre-Run: 107,687,264,256 bytes free
Post-Run: 107,599,511,552 bytes free
.
- - End Of File - - 173DA73314D8D7FA2B3C4DE4B98BD232
414FECD523F4250C422AE15345E91BA9
 

 Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java™ 6 Update 24 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 PM

Posted 31 August 2013 - 01:32 PM

Your can install MSE.

My closing speech will give you good advice on the AV and Firewall.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 blujay40

blujay40
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 31 August 2013 - 07:39 PM

Nasdaq,

 

Once again, thank you very much for your assistance.  Have updated everything, installed AV and firewall, and things are working as they should.

 

Best Regards,

 

Jay



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:37 PM

Posted 01 September 2013 - 07:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users