Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wajam, Winlogin.exe trojan, warning running out of disk space with only 10% used


  • This topic is locked This topic is locked
22 replies to this topic

#1 ummhasan

ummhasan

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 01 October 2013 - 07:43 PM

Hello all,

 

I'm attempting to clean up my husbands laptop. I want to be sure I've got it all off because the first removal did not stick. I want to be sure the 2nd removal I did worked and that there are no traces left.

 

What has happened so far:

 

1. I briefly used my husbands laptop and noticed that he was getting a low disk space balloon popup near the clock. I checked the disk and found that only about 10% of the space is used. I asked him about the popup and he said its been coming for a few weeks now and the computer is slow. Right away I knew his computer was infected and began a clean up.

 

2. Ran Malwarebytes Anti malware free which found and removed Wajam which I believe is a hijacker.

 

3. I then ran SAS (super anti spyware) which found the winlogin.exe trojan horse. My research shows that this trojan uses the users computer as a remote relay to send spam and infect others. I removed it along with about 455 cookies (I think).

 

edit - 

4. After the removal, I checked windows updates and program updates and found that he did not have SP1 installed (windows 7). The update was not being offered so I checked the reason for that and found out that he has a graphics card conflict but that I could manually install. I did the manual install and installed the updates that naturally followed the sp1 update. I also uninstalled a subscription of mcafee affiliated with an att account that is being cancled through our business and installed Windows security essentials.

- end edit

 

5. Two days later the warning came up again. I downloaded rkill, ran it, downloaded adaware and ran it which found some left overs of the wajam hijacker and what seemed to be some leftovers of the trojan as well.

 

6. I downloaded dds and ran it and below is the log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by Yaser at 20:29:45 on 2013-10-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2709 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\Yaser\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Yaser\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Yaser\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A1C56352-42B7-42BF-8BD5-B1F6F4CF35C4} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A1C56352-42B7-42BF-8BD5-B1F6F4CF35C4}\6484E4148435 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A1C56352-42B7-42BF-8BD5-B1F6F4CF35C4}\773756D6 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-17 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-17 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-17 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-12-17 28176]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-12-17 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-12-17 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-12-17 271872]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-12-17 229456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 162408]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-9-26 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-17 242720]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-9-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-4-16 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-01 11:48:02 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFE7D65B-9B14-44DE-A040-A99A096E59D6}\mpengine.dll
2013-09-30 19:06:14 -------- d-----w- C:\AdwCleaner
2013-09-30 04:34:15 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-27 13:25:28 -------- d-----w- C:\Program Files\CCleaner
2013-09-27 13:13:52 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-09-27 13:13:52 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-09-27 03:07:16 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-09-27 03:07:15 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-09-27 03:07:04 340992 ----a-w- C:\windows\System32\schannel.dll
2013-09-27 03:07:04 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-27 03:07:03 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2013-09-27 03:07:03 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-09-27 03:07:03 1448448 ----a-w- C:\windows\System32\lsasrv.dll
2013-09-27 03:07:02 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-09-27 03:07:02 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-09-27 03:07:01 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-09-27 03:07:00 366592 ----a-w- C:\windows\System32\qdvd.dll
2013-09-27 02:08:44 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-26 05:52:39 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-09-26 05:51:53 1930752 ----a-w- C:\windows\System32\authui.dll
2013-09-26 05:50:59 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-09-26 05:49:51 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-09-26 05:49:21 3155456 ----a-w- C:\windows\System32\win32k.sys
2013-09-26 05:47:55 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-09-26 05:47:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-09-26 05:47:54 52224 ----a-w- C:\windows\System32\certenc.dll
2013-09-26 05:47:54 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-09-26 05:46:52 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-09-26 05:46:52 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-09-25 04:05:44 -------- d-----w- C:\windows\System32\SPReview
2013-09-25 03:20:29 2560 ----a-w- C:\windows\System32\drivers\en-US\rdpwd.sys.mui
2013-09-25 03:19:20 6144 ----a-w- C:\windows\System32\drivers\en-US\IPMIDrv.sys.mui
2013-09-25 03:19:18 4608 ----a-w- C:\windows\System32\drivers\en-US\kbdclass.sys.mui
2013-09-25 02:59:59 70656 ----a-w- C:\windows\SysWow64\MuiUnattend.exe
2013-09-25 02:58:59 917504 ----a-w- C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll
2013-09-25 02:57:59 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2013-09-25 02:53:40 -------- d-----w- C:\windows\System32\EventProviders
2013-09-25 02:53:35 -------- d-----w- C:\5e833ee2e7c8d56d51599ab4f980a8
2013-09-24 01:27:05 -------- d-----w- C:\Program Files (x86)\Microsoft Download Manager
2013-09-24 00:51:59 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-09-23 21:11:16 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FBB1C3D-9C15-469D-9A37-8F46B1DDC05B}\gapaengine.dll
2013-09-23 21:10:33 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DAF4FCF3-18B0-4B46-BCDD-3B523A0C9790}\mpengine.dll
2013-09-23 21:09:08 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-23 21:09:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-09-23 13:01:20 -------- d-----w- C:\Users\Yaser\AppData\Roaming\SUPERAntiSpyware.com
2013-09-23 13:00:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-09-23 13:00:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-09-20 11:34:20 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-20 11:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-09-27 02:08:44 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-25 03:54:41 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2013-09-25 03:54:40 175616 ----a-w- C:\windows\System32\msclmd.dll
2013-09-20 14:00:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 14:00:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-07 08:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:31:03.01 ===============
 
Attach Log:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2011 12:08:01 PM
System Uptime: 10/1/2013 1:47:23 PM (7 hours ago)
.
Motherboard: LENOVO |  | Base Board Product Name
Processor: Intel® Pentium® CPU        P6100  @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 254 GiB total, 187.84 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 0.003 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP128: 9/24/2013 10:55:16 PM - Windows 7 Service Pack 1
RP129: 9/25/2013 7:14:22 AM - Windows Update
RP130: 9/26/2013 11:07:23 AM - Windows Update
RP131: 9/26/2013 11:07:09 PM - Windows Update
RP132: 9/27/2013 7:22:49 AM - Windows Update
RP133: 9/27/2013 7:57:45 AM - Windows Update
RP134: 9/27/2013 9:13:54 AM - Windows Update
RP135: 9/27/2013 9:26:17 AM - Removed 7-Zip 9.20 (x64 edition)
RP136: 9/30/2013 12:14:07 AM - Windows Backup
RP137: 10/1/2013 7:47:07 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Broadcom 802.11 Wireless Driver
CCleaner
Conexant HD Audio
CyberLink YouCam
D3DX10
Dropbox
Energy Management
ETDWare PS/2-x64 7.0.4.18_WHQL
Google Chrome
Google Toolbar for Internet Explorer
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Junk Mail filter update
Lenovo DirectShare
Lenovo EasyCamera
Lenovo Games Console
Lenovo OneKey Recovery
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
Oasis2Service 1.0
Onekey Theater
ooVoo
Power2Go
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Skype Click to Call
Skype™ 6.6
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 11:19:36 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 10.0.0.3 with the system having network hardware address 38-60-77-4C-95-F6. Network operations on this system may be disrupted as a result.
9/27/2013 7:22:15 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x80004005   Error description: Unspecified error   Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
9/26/2013 9:59:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2732059).
9/26/2013 10:58:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2834140).
9/25/2013 7:20:05 AM, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  The data is invalid.
9/25/2013 12:15:58 AM, Error: Microsoft-Windows-WMPNSS-Service [14353]  - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2807089172/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
9/25/2013 12:15:58 AM, Error: Microsoft-Windows-WMPNSS-Service [14349]  - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
9/25/2013 12:15:13 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
.
==== End Of File ===========================
 

Edited by ummhasan, 01 October 2013 - 07:48 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 01 October 2013 - 09:45 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 01 October 2013 - 10:29 PM

Hi Jeff, kudos on the quick reply! Nice to meet you.

 

Here are my logs:

 

TDSS Killer:

23:20:36.0158 3568  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:20:36.0947 3568  ============================================================
23:20:36.0947 3568  Current date / time: 2013/10/01 23:20:36.0947
23:20:36.0947 3568  SystemInfo:
23:20:36.0947 3568  
23:20:36.0947 3568  OS Version: 6.1.7601 ServicePack: 1.0
23:20:36.0947 3568  Product type: Workstation
23:20:36.0947 3568  ComputerName: YASER-PC
23:20:36.0948 3568  UserName: Yaser
23:20:36.0948 3568  Windows directory: C:\windows
23:20:36.0948 3568  System windows directory: C:\windows
23:20:36.0948 3568  Running under WOW64
23:20:36.0948 3568  Processor architecture: Intel x64
23:20:36.0948 3568  Number of processors: 2
23:20:36.0948 3568  Page size: 0x1000
23:20:36.0948 3568  Boot type: Normal boot
23:20:36.0948 3568  ============================================================
23:20:38.0369 3568  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:20:38.0373 3568  ============================================================
23:20:38.0373 3568  \Device\Harddisk0\DR0:
23:20:38.0373 3568  MBR partitions:
23:20:38.0373 3568  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
23:20:38.0373 3568  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
23:20:38.0402 3568  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
23:20:38.0402 3568  ============================================================
23:20:38.0462 3568  C: <-> \Device\Harddisk0\DR0\Partition2
23:20:38.0510 3568  D: <-> \Device\Harddisk0\DR0\Partition3
23:20:38.0510 3568  ============================================================
23:20:38.0510 3568  Initialize success
23:20:38.0510 3568  ============================================================
23:20:43.0704 6340  ============================================================
23:20:43.0704 6340  Scan started
23:20:43.0704 6340  Mode: Manual; 
23:20:43.0704 6340  ============================================================
23:20:44.0556 6340  ================ Scan system memory ========================
23:20:44.0556 6340  System memory - ok
23:20:44.0556 6340  ================ Scan services =============================
23:20:44.0977 6340  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:20:44.0980 6340  !SASCORE - ok
23:20:46.0950 6340  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
23:20:46.0953 6340  1394ohci - ok
23:20:47.0149 6340  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
23:20:47.0156 6340  ACPI - ok
23:20:47.0264 6340  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
23:20:47.0265 6340  AcpiPmi - ok
23:20:47.0420 6340  [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
23:20:47.0421 6340  ACPIVPC - ok
23:20:47.0573 6340  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:20:47.0575 6340  AdobeARMservice - ok
23:20:47.0759 6340  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:20:47.0762 6340  AdobeFlashPlayerUpdateSvc - ok
23:20:47.0929 6340  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
23:20:47.0935 6340  adp94xx - ok
23:20:48.0004 6340  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
23:20:48.0009 6340  adpahci - ok
23:20:48.0047 6340  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
23:20:48.0051 6340  adpu320 - ok
23:20:48.0109 6340  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
23:20:48.0111 6340  AeLookupSvc - ok
23:20:48.0182 6340  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
23:20:48.0188 6340  AFD - ok
23:20:48.0245 6340  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
23:20:48.0247 6340  agp440 - ok
23:20:48.0291 6340  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
23:20:48.0293 6340  ALG - ok
23:20:48.0368 6340  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
23:20:48.0369 6340  aliide - ok
23:20:48.0466 6340  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
23:20:48.0467 6340  amdide - ok
23:20:48.0548 6340  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
23:20:48.0550 6340  AmdK8 - ok
23:20:48.0569 6340  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
23:20:48.0570 6340  AmdPPM - ok
23:20:48.0628 6340  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
23:20:48.0630 6340  amdsata - ok
23:20:48.0678 6340  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
23:20:48.0680 6340  amdsbs - ok
23:20:48.0699 6340  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
23:20:48.0700 6340  amdxata - ok
23:20:48.0755 6340  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
23:20:48.0756 6340  AppID - ok
23:20:48.0792 6340  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
23:20:48.0793 6340  AppIDSvc - ok
23:20:48.0839 6340  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
23:20:48.0840 6340  Appinfo - ok
23:20:48.0913 6340  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
23:20:48.0915 6340  arc - ok
23:20:48.0952 6340  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
23:20:48.0954 6340  arcsas - ok
23:20:49.0087 6340  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:20:49.0089 6340  aspnet_state - ok
23:20:49.0120 6340  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
23:20:49.0121 6340  AsyncMac - ok
23:20:49.0195 6340  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
23:20:49.0196 6340  atapi - ok
23:20:49.0272 6340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
23:20:49.0279 6340  AudioEndpointBuilder - ok
23:20:49.0297 6340  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
23:20:49.0301 6340  AudioSrv - ok
23:20:49.0382 6340  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
23:20:49.0383 6340  AxInstSV - ok
23:20:49.0457 6340  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
23:20:49.0463 6340  b06bdrv - ok
23:20:49.0532 6340  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
23:20:49.0536 6340  b57nd60a - ok
23:20:49.0656 6340  [ 47B210F18D8A7762C508960C4E475FB0 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
23:20:49.0759 6340  BCM43XX - ok
23:20:49.0882 6340  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
23:20:49.0884 6340  BDESVC - ok
23:20:50.0289 6340  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
23:20:50.0290 6340  Beep - ok
23:20:50.0415 6340  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
23:20:50.0424 6340  BFE - ok
23:20:50.0514 6340  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
23:20:50.0524 6340  BITS - ok
23:20:50.0586 6340  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
23:20:50.0588 6340  blbdrive - ok
23:20:50.0673 6340  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
23:20:50.0674 6340  bowser - ok
23:20:50.0725 6340  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
23:20:50.0726 6340  BrFiltLo - ok
23:20:50.0745 6340  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
23:20:50.0746 6340  BrFiltUp - ok
23:20:50.0758 6340  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
23:20:50.0760 6340  Browser - ok
23:20:50.0778 6340  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
23:20:50.0782 6340  Brserid - ok
23:20:50.0829 6340  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
23:20:50.0830 6340  BrSerWdm - ok
23:20:50.0848 6340  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
23:20:50.0849 6340  BrUsbMdm - ok
23:20:50.0861 6340  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
23:20:50.0863 6340  BrUsbSer - ok
23:20:50.0952 6340  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
23:20:50.0953 6340  BthEnum - ok
23:20:50.0999 6340  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
23:20:51.0002 6340  BTHMODEM - ok
23:20:51.0038 6340  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
23:20:51.0040 6340  BthPan - ok
23:20:51.0094 6340  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
23:20:51.0101 6340  BTHPORT - ok
23:20:51.0165 6340  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
23:20:51.0167 6340  bthserv - ok
23:20:51.0226 6340  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
23:20:51.0227 6340  BTHUSB - ok
23:20:51.0287 6340  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
23:20:51.0289 6340  cdfs - ok
23:20:51.0382 6340  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\drivers\cdrom.sys
23:20:51.0384 6340  cdrom - ok
23:20:51.0444 6340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
23:20:51.0445 6340  CertPropSvc - ok
23:20:51.0510 6340  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
23:20:51.0511 6340  circlass - ok
23:20:51.0557 6340  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
23:20:51.0562 6340  CLFS - ok
23:20:51.0666 6340  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:20:51.0669 6340  clr_optimization_v2.0.50727_32 - ok
23:20:51.0723 6340  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:20:51.0726 6340  clr_optimization_v2.0.50727_64 - ok
23:20:52.0562 6340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:20:52.0565 6340  clr_optimization_v4.0.30319_32 - ok
23:20:52.0619 6340  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:20:52.0622 6340  clr_optimization_v4.0.30319_64 - ok
23:20:52.0688 6340  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
23:20:52.0689 6340  CmBatt - ok
23:20:52.0731 6340  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
23:20:52.0732 6340  cmdide - ok
23:20:52.0790 6340  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
23:20:52.0798 6340  CNG - ok
23:20:52.0875 6340  [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
23:20:52.0892 6340  CnxtHdAudService - ok
23:20:52.0986 6340  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
23:20:52.0987 6340  Compbatt - ok
23:20:53.0030 6340  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
23:20:53.0032 6340  CompositeBus - ok
23:20:53.0056 6340  COMSysApp - ok
23:20:53.0078 6340  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
23:20:53.0079 6340  crcdisk - ok
23:20:53.0146 6340  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
23:20:53.0148 6340  CryptSvc - ok
23:20:53.0282 6340  [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:20:53.0296 6340  cvhsvc - ok
23:20:53.0408 6340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
23:20:53.0415 6340  DcomLaunch - ok
23:20:53.0501 6340  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
23:20:53.0505 6340  defragsvc - ok
23:20:53.0568 6340  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
23:20:53.0570 6340  DfsC - ok
23:20:53.0604 6340  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
23:20:53.0626 6340  Dhcp - ok
23:20:53.0731 6340  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
23:20:53.0736 6340  discache - ok
23:20:53.0826 6340  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
23:20:53.0827 6340  Disk - ok
23:20:53.0876 6340  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
23:20:53.0879 6340  Dnscache - ok
23:20:53.0955 6340  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
23:20:53.0960 6340  dot3svc - ok
23:20:54.0009 6340  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
23:20:54.0013 6340  DPS - ok
23:20:54.0093 6340  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
23:20:54.0095 6340  drmkaud - ok
23:20:54.0153 6340  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
23:20:54.0186 6340  DXGKrnl - ok
23:20:54.0250 6340  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
23:20:54.0253 6340  EapHost - ok
23:20:54.0406 6340  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
23:20:54.0494 6340  ebdrv - ok
23:20:54.0602 6340  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
23:20:54.0634 6340  EFS - ok
23:20:54.0727 6340  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
23:20:54.0742 6340  ehRecvr - ok
23:20:54.0787 6340  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
23:20:54.0789 6340  ehSched - ok
23:20:54.0858 6340  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
23:20:54.0864 6340  elxstor - ok
23:20:54.0931 6340  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
23:20:54.0932 6340  ErrDev - ok
23:20:54.0980 6340  [ FB558CEBEA17A6B63205985DFF39E662 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
23:20:54.0983 6340  ETD - ok
23:20:55.0037 6340  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
23:20:55.0042 6340  EventSystem - ok
23:20:55.0063 6340  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
23:20:55.0066 6340  exfat - ok
23:20:55.0111 6340  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
23:20:55.0114 6340  fastfat - ok
23:20:55.0177 6340  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
23:20:55.0334 6340  Fax - ok
23:20:55.0357 6340  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
23:20:55.0359 6340  fdc - ok
23:20:55.0429 6340  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
23:20:55.0431 6340  fdPHost - ok
23:20:55.0448 6340  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
23:20:55.0449 6340  FDResPub - ok
23:20:55.0482 6340  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
23:20:55.0483 6340  FileInfo - ok
23:20:55.0544 6340  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
23:20:55.0545 6340  Filetrace - ok
23:20:55.0557 6340  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
23:20:55.0558 6340  flpydisk - ok
23:20:55.0633 6340  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
23:20:55.0639 6340  FltMgr - ok
23:20:55.0711 6340  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
23:20:55.0750 6340  FontCache - ok
23:20:55.0832 6340  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:20:55.0834 6340  FontCache3.0.0.0 - ok
23:20:55.0888 6340  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
23:20:55.0890 6340  FsDepends - ok
23:20:55.0934 6340  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
23:20:55.0936 6340  Fs_Rec - ok
23:20:56.0015 6340  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
23:20:56.0019 6340  fvevol - ok
23:20:56.0080 6340  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
23:20:56.0082 6340  gagp30kx - ok
23:20:56.0129 6340  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
23:20:56.0212 6340  gpsvc - ok
23:20:56.0397 6340  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:20:56.0400 6340  gupdate - ok
23:20:56.0441 6340  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:20:56.0442 6340  gupdatem - ok
23:20:56.0499 6340  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:20:56.0503 6340  gusvc - ok
23:20:56.0581 6340  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
23:20:56.0584 6340  hcw85cir - ok
23:20:56.0642 6340  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
23:20:56.0648 6340  HdAudAddService - ok
23:20:56.0736 6340  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
23:20:56.0739 6340  HDAudBus - ok
23:20:56.0827 6340  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
23:20:56.0830 6340  HECIx64 - ok
23:20:56.0858 6340  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
23:20:56.0859 6340  HidBatt - ok
23:20:56.0881 6340  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
23:20:56.0883 6340  HidBth - ok
23:20:56.0923 6340  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
23:20:56.0924 6340  HidIr - ok
23:20:56.0985 6340  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
23:20:56.0987 6340  hidserv - ok
23:20:57.0053 6340  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
23:20:57.0054 6340  HidUsb - ok
23:20:57.0109 6340  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
23:20:57.0111 6340  hkmsvc - ok
23:20:57.0170 6340  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
23:20:57.0175 6340  HomeGroupListener - ok
23:20:57.0260 6340  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
23:20:57.0276 6340  HomeGroupProvider - ok
23:20:57.0340 6340  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
23:20:57.0342 6340  HpSAMD - ok
23:20:57.0419 6340  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
23:20:57.0428 6340  HTTP - ok
23:20:57.0515 6340  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
23:20:57.0515 6340  hwpolicy - ok
23:20:57.0593 6340  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
23:20:57.0595 6340  i8042prt - ok
23:20:57.0698 6340  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
23:20:57.0705 6340  iaStor - ok
23:20:57.0863 6340  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:20:57.0864 6340  IAStorDataMgrSvc - ok
23:20:57.0918 6340  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
23:20:57.0924 6340  iaStorV - ok
23:20:58.0031 6340  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:20:58.0065 6340  idsvc - ok
23:20:58.0294 6340  [ 09CE164AFA8483E41808784D7FCA154E ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
23:20:58.0536 6340  igfx - ok
23:20:58.0562 6340  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
23:20:58.0563 6340  iirsp - ok
23:20:58.0622 6340  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
23:20:58.0635 6340  IKEEXT - ok
23:20:58.0716 6340  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
23:20:58.0719 6340  Impcd - ok
23:20:58.0770 6340  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
23:20:58.0774 6340  IntcDAud - ok
23:20:58.0865 6340  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
23:20:58.0866 6340  intelide - ok
23:20:58.0916 6340  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
23:20:58.0919 6340  intelppm - ok
23:20:58.0966 6340  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
23:20:58.0969 6340  IPBusEnum - ok
23:20:59.0012 6340  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
23:20:59.0014 6340  IpFilterDriver - ok
23:20:59.0056 6340  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
23:20:59.0067 6340  iphlpsvc - ok
23:20:59.0117 6340  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
23:20:59.0118 6340  IPMIDRV - ok
23:20:59.0170 6340  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
23:20:59.0173 6340  IPNAT - ok
23:20:59.0208 6340  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
23:20:59.0209 6340  IRENUM - ok
23:20:59.0255 6340  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
23:20:59.0256 6340  isapnp - ok
23:20:59.0298 6340  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
23:20:59.0302 6340  iScsiPrt - ok
23:20:59.0341 6340  [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a        C:\windows\system32\DRIVERS\k57nd60a.sys
23:20:59.0345 6340  k57nd60a - ok
23:20:59.0367 6340  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
23:20:59.0368 6340  kbdclass - ok
23:20:59.0424 6340  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
23:20:59.0425 6340  kbdhid - ok
23:20:59.0457 6340  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
23:20:59.0458 6340  KeyIso - ok
23:20:59.0511 6340  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
23:20:59.0513 6340  KSecDD - ok
23:20:59.0546 6340  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
23:20:59.0549 6340  KSecPkg - ok
23:20:59.0595 6340  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
23:20:59.0597 6340  ksthunk - ok
23:20:59.0644 6340  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
23:20:59.0653 6340  KtmRm - ok
23:20:59.0702 6340  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
23:20:59.0707 6340  LanmanServer - ok
23:20:59.0837 6340  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
23:20:59.0843 6340  LanmanWorkstation - ok
23:20:59.0900 6340  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
23:20:59.0901 6340  lltdio - ok
23:20:59.0970 6340  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
23:20:59.0975 6340  lltdsvc - ok
23:21:00.0014 6340  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
23:21:00.0015 6340  lmhosts - ok
23:21:00.0159 6340  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:21:00.0162 6340  LMS - ok
23:21:00.0212 6340  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
23:21:00.0214 6340  LSI_FC - ok
23:21:00.0266 6340  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
23:21:00.0268 6340  LSI_SAS - ok
23:21:00.0532 6340  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
23:21:00.0534 6340  LSI_SAS2 - ok
23:21:00.0677 6340  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
23:21:00.0679 6340  LSI_SCSI - ok
23:21:00.0709 6340  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
23:21:00.0711 6340  luafv - ok
23:21:00.0765 6340  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
23:21:00.0794 6340  Mcx2Svc - ok
23:21:00.0869 6340  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
23:21:00.0870 6340  megasas - ok
23:21:00.0892 6340  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
23:21:00.0897 6340  MegaSR - ok
23:21:01.0046 6340  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
23:21:01.0049 6340  MMCSS - ok
23:21:01.0129 6340  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
23:21:01.0130 6340  Modem - ok
23:21:01.0174 6340  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
23:21:01.0176 6340  monitor - ok
23:21:01.0236 6340  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
23:21:01.0237 6340  mouclass - ok
23:21:01.0318 6340  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
23:21:01.0320 6340  mouhid - ok
23:21:01.0402 6340  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
23:21:01.0403 6340  mountmgr - ok
23:21:01.0540 6340  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
23:21:01.0543 6340  MpFilter - ok
23:21:01.0599 6340  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
23:21:01.0602 6340  mpio - ok
23:21:01.0658 6340  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
23:21:01.0659 6340  mpsdrv - ok
23:21:01.0850 6340  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
23:21:01.0896 6340  MpsSvc - ok
23:21:02.0016 6340  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
23:21:02.0017 6340  MRxDAV - ok
23:21:02.0095 6340  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
23:21:02.0097 6340  mrxsmb - ok
23:21:02.0151 6340  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
23:21:02.0155 6340  mrxsmb10 - ok
23:21:02.0177 6340  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
23:21:02.0179 6340  mrxsmb20 - ok
23:21:02.0278 6340  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
23:21:02.0279 6340  msahci - ok
23:21:02.0348 6340  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
23:21:02.0351 6340  msdsm - ok
23:21:02.0416 6340  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
23:21:02.0419 6340  MSDTC - ok
23:21:02.0484 6340  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
23:21:02.0486 6340  Msfs - ok
23:21:02.0526 6340  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
23:21:02.0528 6340  mshidkmdf - ok
23:21:02.0608 6340  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
23:21:02.0609 6340  msisadrv - ok
23:21:02.0708 6340  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
23:21:02.0751 6340  MSiSCSI - ok
23:21:02.0757 6340  msiserver - ok
23:21:02.0814 6340  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
23:21:02.0815 6340  MSKSSRV - ok
23:21:02.0948 6340  [ FD909D744ACFCF61CAC3A77854F8B301 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:21:02.0950 6340  MsMpSvc - ok
23:21:02.0988 6340  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
23:21:02.0990 6340  MSPCLOCK - ok
23:21:03.0045 6340  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
23:21:03.0047 6340  MSPQM - ok
23:21:03.0102 6340  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
23:21:03.0107 6340  MsRPC - ok
23:21:03.0188 6340  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
23:21:03.0189 6340  mssmbios - ok
23:21:03.0236 6340  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
23:21:03.0237 6340  MSTEE - ok
23:21:03.0277 6340  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
23:21:03.0279 6340  MTConfig - ok
23:21:03.0307 6340  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
23:21:03.0309 6340  Mup - ok
23:21:03.0365 6340  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
23:21:03.0371 6340  napagent - ok
23:21:03.0467 6340  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
23:21:03.0473 6340  NativeWifiP - ok
23:21:03.0574 6340  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
23:21:03.0588 6340  NDIS - ok
23:21:03.0651 6340  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
23:21:03.0653 6340  NdisCap - ok
23:21:03.0709 6340  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
23:21:03.0710 6340  NdisTapi - ok
23:21:03.0887 6340  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
23:21:03.0888 6340  Ndisuio - ok
23:21:03.0937 6340  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
23:21:03.0939 6340  NdisWan - ok
23:21:03.0968 6340  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
23:21:03.0968 6340  NDProxy - ok
23:21:04.0043 6340  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
23:21:04.0044 6340  NetBIOS - ok
23:21:04.0083 6340  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
23:21:04.0086 6340  NetBT - ok
23:21:04.0124 6340  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
23:21:04.0127 6340  Netlogon - ok
23:21:04.0189 6340  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
23:21:04.0195 6340  Netman - ok
23:21:04.0268 6340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:04.0270 6340  NetMsmqActivator - ok
23:21:04.0283 6340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:04.0284 6340  NetPipeActivator - ok
23:21:04.0350 6340  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
23:21:04.0356 6340  netprofm - ok
23:21:04.0363 6340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:04.0365 6340  NetTcpActivator - ok
23:21:04.0369 6340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:21:04.0371 6340  NetTcpPortSharing - ok
23:21:04.0550 6340  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\windows\system32\DRIVERS\netw5v64.sys
23:21:04.0690 6340  netw5v64 - ok
23:21:04.0744 6340  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
23:21:04.0745 6340  nfrd960 - ok
23:21:04.0818 6340  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:21:04.0821 6340  NisDrv - ok
23:21:04.0879 6340  [ EC445A9F0FB52E5F467C156FFF6F6D93 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
23:21:04.0884 6340  NisSrv - ok
23:21:04.0958 6340  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
23:21:04.0963 6340  NlaSvc - ok
23:21:04.0983 6340  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
23:21:04.0984 6340  Npfs - ok
23:21:05.0041 6340  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
23:21:05.0044 6340  nsi - ok
23:21:05.0063 6340  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
23:21:05.0064 6340  nsiproxy - ok
23:21:05.0130 6340  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
23:21:05.0165 6340  Ntfs - ok
23:21:05.0249 6340  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
23:21:05.0250 6340  Null - ok
23:21:05.0293 6340  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
23:21:05.0295 6340  nvraid - ok
23:21:05.0338 6340  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
23:21:05.0341 6340  nvstor - ok
23:21:05.0384 6340  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
23:21:05.0386 6340  nv_agp - ok
23:21:05.0503 6340  [ F5A3015DAFC7AE80FC43F36558A19BA5 ] Oasis2Service   C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
23:21:05.0505 6340  Oasis2Service - ok
23:21:05.0554 6340  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
23:21:05.0556 6340  ohci1394 - ok
23:21:05.0623 6340  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:05.0626 6340  ose - ok
23:21:05.0885 6340  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:21:05.0983 6340  osppsvc - ok
23:21:06.0045 6340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
23:21:06.0051 6340  p2pimsvc - ok
23:21:06.0143 6340  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
23:21:06.0150 6340  p2psvc - ok
23:21:06.0245 6340  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
23:21:06.0248 6340  Parport - ok
23:21:06.0291 6340  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
23:21:06.0292 6340  partmgr - ok
23:21:06.0367 6340  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
23:21:06.0373 6340  PcaSvc - ok
23:21:06.0427 6340  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
23:21:06.0432 6340  pci - ok
23:21:06.0479 6340  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
23:21:06.0481 6340  pciide - ok
23:21:06.0536 6340  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
23:21:06.0540 6340  pcmcia - ok
23:21:06.0574 6340  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
23:21:06.0576 6340  pcw - ok
23:21:06.0609 6340  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
23:21:06.0620 6340  PEAUTH - ok
23:21:06.0811 6340  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
23:21:06.0813 6340  PerfHost - ok
23:21:07.0034 6340  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
23:21:07.0070 6340  pla - ok
23:21:07.0141 6340  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
23:21:07.0147 6340  PlugPlay - ok
23:21:07.0229 6340  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
23:21:07.0232 6340  PNRPAutoReg - ok
23:21:07.0258 6340  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
23:21:07.0262 6340  PNRPsvc - ok
23:21:07.0318 6340  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
23:21:07.0479 6340  PolicyAgent - ok
23:21:07.0532 6340  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
23:21:07.0536 6340  Power - ok
23:21:07.0628 6340  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
23:21:07.0630 6340  PptpMiniport - ok
23:21:07.0673 6340  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
23:21:07.0675 6340  Processor - ok
23:21:07.0730 6340  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
23:21:07.0733 6340  ProfSvc - ok
23:21:07.0813 6340  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
23:21:07.0814 6340  ProtectedStorage - ok
23:21:07.0886 6340  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
23:21:07.0888 6340  Psched - ok
23:21:07.0972 6340  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
23:21:08.0006 6340  ql2300 - ok
23:21:08.0066 6340  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
23:21:08.0068 6340  ql40xx - ok
23:21:08.0134 6340  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
23:21:08.0138 6340  QWAVE - ok
23:21:08.0163 6340  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
23:21:08.0164 6340  QWAVEdrv - ok
23:21:08.0179 6340  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
23:21:08.0180 6340  RasAcd - ok
23:21:08.0239 6340  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
23:21:08.0240 6340  RasAgileVpn - ok
23:21:08.0259 6340  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
23:21:08.0262 6340  RasAuto - ok
23:21:08.0299 6340  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
23:21:08.0300 6340  Rasl2tp - ok
23:21:08.0321 6340  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
23:21:08.0325 6340  RasMan - ok
23:21:08.0396 6340  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
23:21:08.0399 6340  RasPppoe - ok
23:21:08.0417 6340  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
23:21:08.0420 6340  RasSstp - ok
23:21:08.0429 6340  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
23:21:08.0433 6340  rdbss - ok
23:21:08.0448 6340  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
23:21:08.0450 6340  rdpbus - ok
23:21:08.0495 6340  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
23:21:08.0496 6340  RDPCDD - ok
23:21:08.0520 6340  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
23:21:08.0521 6340  RDPENCDD - ok
23:21:08.0559 6340  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
23:21:08.0559 6340  RDPREFMP - ok
23:21:08.0626 6340  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
23:21:08.0627 6340  RdpVideoMiniport - ok
23:21:08.0687 6340  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
23:21:08.0690 6340  RDPWD - ok
23:21:08.0771 6340  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
23:21:08.0774 6340  rdyboost - ok
23:21:08.0821 6340  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
23:21:08.0825 6340  RemoteAccess - ok
23:21:08.0879 6340  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
23:21:08.0885 6340  RemoteRegistry - ok
23:21:08.0934 6340  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
23:21:08.0937 6340  RFCOMM - ok
23:21:08.0997 6340  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
23:21:09.0000 6340  RpcEptMapper - ok
23:21:09.0065 6340  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
23:21:09.0066 6340  RpcLocator - ok
23:21:09.0118 6340  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
23:21:09.0123 6340  RpcSs - ok
23:21:09.0194 6340  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
23:21:09.0196 6340  rspndr - ok
23:21:09.0274 6340  [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
23:21:09.0277 6340  RSUSBSTOR - ok
23:21:09.0337 6340  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
23:21:09.0347 6340  RTL8167 - ok
23:21:09.0368 6340  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
23:21:09.0370 6340  SamSs - ok
23:21:09.0529 6340  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:21:09.0530 6340  SASDIFSV - ok
23:21:09.0574 6340  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:21:09.0576 6340  SASKUTIL - ok
23:21:09.0622 6340  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
23:21:09.0624 6340  sbp2port - ok
23:21:09.0894 6340  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:21:09.0929 6340  SBSDWSCService - ok
23:21:09.0999 6340  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
23:21:10.0003 6340  SCardSvr - ok
23:21:10.0045 6340  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
23:21:10.0046 6340  scfilter - ok
23:21:10.0112 6340  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
23:21:10.0146 6340  Schedule - ok
23:21:10.0210 6340  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
23:21:10.0211 6340  SCPolicySvc - ok
23:21:10.0259 6340  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
23:21:10.0262 6340  SDRSVC - ok
23:21:10.0349 6340  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
23:21:10.0350 6340  secdrv - ok
23:21:10.0375 6340  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
23:21:10.0377 6340  seclogon - ok
23:21:10.0424 6340  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
23:21:10.0426 6340  SENS - ok
23:21:10.0459 6340  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
23:21:10.0461 6340  SensrSvc - ok
23:21:10.0475 6340  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
23:21:10.0477 6340  Serenum - ok
23:21:10.0537 6340  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
23:21:10.0540 6340  Serial - ok
23:21:10.0589 6340  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
23:21:10.0590 6340  sermouse - ok
23:21:10.0686 6340  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
23:21:10.0691 6340  SessionEnv - ok
23:21:10.0739 6340  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
23:21:10.0739 6340  sffdisk - ok
23:21:10.0752 6340  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
23:21:10.0753 6340  sffp_mmc - ok
23:21:10.0758 6340  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
23:21:10.0760 6340  sffp_sd - ok
23:21:10.0801 6340  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
23:21:10.0802 6340  sfloppy - ok
23:21:10.0871 6340  [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
23:21:10.0889 6340  Sftfs - ok
23:21:11.0024 6340  [ 77C5A741A7452812F278EF2C18478862 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:21:11.0030 6340  sftlist - ok
23:21:11.0047 6340  [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
23:21:11.0051 6340  Sftplay - ok
23:21:11.0091 6340  [ C5FB982CD266E604ED3142102C26D62C ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
23:21:11.0093 6340  Sftredir - ok
23:21:11.0129 6340  [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
23:21:11.0130 6340  Sftvol - ok
23:21:11.0143 6340  [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:21:11.0211 6340  sftvsa - ok
23:21:11.0282 6340  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
23:21:11.0287 6340  SharedAccess - ok
23:21:11.0352 6340  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
23:21:11.0358 6340  ShellHWDetection - ok
23:21:11.0412 6340  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
23:21:11.0414 6340  SiSRaid2 - ok
23:21:11.0442 6340  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
23:21:11.0445 6340  SiSRaid4 - ok
23:21:11.0683 6340  [ 73E3B5D1F1EB5FDC51A5C3437EEE3348 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:21:11.0790 6340  Skype C2C Service - ok
23:21:11.0909 6340  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:21:11.0913 6340  SkypeUpdate - ok
23:21:11.0965 6340  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
23:21:11.0966 6340  Smb - ok
23:21:12.0041 6340  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
23:21:12.0043 6340  SNMPTRAP - ok
23:21:12.0053 6340  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
23:21:12.0055 6340  spldr - ok
23:21:12.0113 6340  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
23:21:12.0121 6340  Spooler - ok
23:21:12.0264 6340  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
23:21:12.0367 6340  sppsvc - ok
23:21:12.0447 6340  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
23:21:12.0452 6340  sppuinotify - ok
23:21:12.0525 6340  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
23:21:12.0533 6340  srv - ok
23:21:12.0571 6340  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
23:21:12.0577 6340  srv2 - ok
23:21:12.0635 6340  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
23:21:12.0638 6340  srvnet - ok
23:21:12.0668 6340  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
23:21:12.0673 6340  SSDPSRV - ok
23:21:12.0689 6340  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
23:21:12.0691 6340  SstpSvc - ok
23:21:12.0734 6340  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
23:21:12.0735 6340  stexstor - ok
23:21:12.0818 6340  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
23:21:12.0826 6340  stisvc - ok
23:21:12.0863 6340  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
23:21:12.0864 6340  swenum - ok
23:21:12.0923 6340  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
23:21:12.0935 6340  swprv - ok
23:21:13.0022 6340  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
23:21:13.0068 6340  SysMain - ok
23:21:13.0108 6340  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
23:21:13.0111 6340  TabletInputService - ok
23:21:13.0172 6340  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
23:21:13.0177 6340  TapiSrv - ok
23:21:13.0230 6340  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
23:21:13.0234 6340  TBS - ok
23:21:13.0317 6340  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
23:21:13.0362 6340  Tcpip - ok
23:21:13.0428 6340  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
23:21:13.0440 6340  TCPIP6 - ok
23:21:13.0480 6340  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
23:21:13.0481 6340  tcpipreg - ok
23:21:13.0537 6340  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
23:21:13.0539 6340  TDPIPE - ok
23:21:13.0596 6340  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
23:21:13.0597 6340  TDTCP - ok
23:21:13.0654 6340  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
23:21:13.0656 6340  tdx - ok
23:21:13.0697 6340  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
23:21:13.0700 6340  TermDD - ok
23:21:13.0766 6340  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
23:21:13.0775 6340  TermService - ok
23:21:13.0835 6340  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
23:21:13.0839 6340  Themes - ok
23:21:13.0878 6340  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
23:21:13.0881 6340  THREADORDER - ok
23:21:13.0919 6340  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
23:21:13.0924 6340  TrkWks - ok
23:21:13.0987 6340  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
23:21:13.0990 6340  TrustedInstaller - ok
23:21:14.0032 6340  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
23:21:14.0033 6340  tssecsrv - ok
23:21:14.0087 6340  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
23:21:14.0088 6340  TsUsbFlt - ok
23:21:14.0142 6340  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
23:21:14.0144 6340  tunnel - ok
23:21:14.0182 6340  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
23:21:14.0184 6340  uagp35 - ok
23:21:14.0227 6340  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
23:21:14.0231 6340  udfs - ok
23:21:14.0272 6340  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
23:21:14.0274 6340  UI0Detect - ok
23:21:14.0319 6340  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
23:21:14.0320 6340  uliagpkx - ok
23:21:14.0379 6340  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\drivers\umbus.sys
23:21:14.0380 6340  umbus - ok
23:21:14.0402 6340  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
23:21:14.0403 6340  UmPass - ok
23:21:14.0582 6340  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:21:14.0630 6340  UNS - ok
23:21:14.0693 6340  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
23:21:14.0699 6340  upnphost - ok
23:21:14.0747 6340  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
23:21:14.0749 6340  usbccgp - ok
23:21:14.0791 6340  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
23:21:14.0792 6340  usbcir - ok
23:21:14.0836 6340  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
23:21:14.0838 6340  usbehci - ok
23:21:14.0863 6340  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
23:21:14.0868 6340  usbhub - ok
23:21:14.0907 6340  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
23:21:14.0908 6340  usbohci - ok
23:21:14.0946 6340  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
23:21:14.0948 6340  usbprint - ok
23:21:14.0978 6340  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\drivers\USBSTOR.SYS
23:21:14.0980 6340  USBSTOR - ok
23:21:14.0997 6340  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
23:21:14.0998 6340  usbuhci - ok
23:21:15.0071 6340  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
23:21:15.0073 6340  usbvideo - ok
23:21:15.0121 6340  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\windows\system32\drivers\usb8023x.sys
23:21:15.0122 6340  usb_rndisx - ok
23:21:15.0165 6340  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
23:21:15.0189 6340  UxSms - ok
23:21:15.0224 6340  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
23:21:15.0225 6340  VaultSvc - ok
23:21:15.0278 6340  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
23:21:15.0280 6340  vdrvroot - ok
23:21:15.0356 6340  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
23:21:15.0366 6340  vds - ok
23:21:15.0418 6340  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
23:21:15.0419 6340  vga - ok
23:21:15.0435 6340  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
23:21:15.0437 6340  VgaSave - ok
23:21:15.0494 6340  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
23:21:15.0497 6340  vhdmp - ok
23:21:15.0532 6340  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
23:21:15.0533 6340  viaide - ok
23:21:15.0605 6340  [ F15C8975072A04E4D83B1EF6504DD7E5 ] vm332avs        C:\windows\system32\Drivers\vm332avs.sys
23:21:15.0610 6340  vm332avs - ok
23:21:15.0661 6340  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
23:21:15.0664 6340  volmgr - ok
23:21:15.0723 6340  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
23:21:15.0730 6340  volmgrx - ok
23:21:15.0791 6340  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
23:21:15.0798 6340  volsnap - ok
23:21:15.0855 6340  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
23:21:15.0859 6340  vsmraid - ok
23:21:15.0936 6340  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
23:21:15.0981 6340  VSS - ok
23:21:16.0039 6340  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
23:21:16.0040 6340  vwifibus - ok
23:21:16.0114 6340  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
23:21:16.0115 6340  vwififlt - ok
23:21:16.0172 6340  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
23:21:16.0178 6340  W32Time - ok
23:21:16.0208 6340  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
23:21:16.0210 6340  WacomPen - ok
23:21:16.0276 6340  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
23:21:16.0277 6340  WANARP - ok
23:21:16.0294 6340  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
23:21:16.0295 6340  Wanarpv6 - ok
23:21:16.0363 6340  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
23:21:16.0397 6340  WatAdminSvc - ok
23:21:16.0468 6340  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
23:21:16.0511 6340  wbengine - ok
23:21:16.0567 6340  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
23:21:16.0574 6340  WbioSrvc - ok
23:21:16.0625 6340  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
23:21:16.0634 6340  wcncsvc - ok
23:21:16.0661 6340  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:21:16.0664 6340  WcsPlugInService - ok
23:21:16.0710 6340  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
23:21:16.0711 6340  Wd - ok
23:21:16.0756 6340  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
23:21:16.0765 6340  Wdf01000 - ok
23:21:16.0783 6340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
23:21:16.0786 6340  WdiServiceHost - ok
23:21:16.0790 6340  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
23:21:16.0793 6340  WdiSystemHost - ok
23:21:16.0813 6340  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
23:21:16.0818 6340  WebClient - ok
23:21:16.0860 6340  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
23:21:16.0867 6340  Wecsvc - ok
23:21:16.0891 6340  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
23:21:16.0895 6340  wercplsupport - ok
23:21:16.0949 6340  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
23:21:16.0952 6340  WerSvc - ok
23:21:17.0018 6340  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
23:21:17.0019 6340  WfpLwf - ok
23:21:17.0068 6340  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
23:21:17.0071 6340  WimFltr - ok
23:21:17.0095 6340  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
23:21:17.0096 6340  WIMMount - ok
23:21:17.0140 6340  WinDefend - ok
23:21:17.0148 6340  WinHttpAutoProxySvc - ok
23:21:17.0244 6340  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
23:21:17.0249 6340  Winmgmt - ok
23:21:17.0365 6340  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
23:21:17.0423 6340  WinRM - ok
23:21:17.0507 6340  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
23:21:17.0526 6340  Wlansvc - ok
23:21:17.0588 6340  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:21:17.0590 6340  wlcrasvc - ok
23:21:17.0723 6340  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:21:17.0812 6340  wlidsvc - ok
23:21:17.0864 6340  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
23:21:17.0864 6340  WmiAcpi - ok
23:21:17.0931 6340  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
23:21:17.0939 6340  wmiApSrv - ok
23:21:18.0011 6340  WMPNetworkSvc - ok
23:21:18.0068 6340  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
23:21:18.0070 6340  WPCSvc - ok
23:21:18.0134 6340  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
23:21:18.0137 6340  WPDBusEnum - ok
23:21:18.0197 6340  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
23:21:18.0198 6340  ws2ifsl - ok
23:21:18.0246 6340  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
23:21:18.0249 6340  wscsvc - ok
23:21:18.0254 6340  WSearch - ok
23:21:18.0293 6340  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
23:21:18.0295 6340  wsvd - ok
23:21:18.0385 6340  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
23:21:18.0443 6340  wuauserv - ok
23:21:18.0472 6340  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
23:21:18.0474 6340  WudfPf - ok
23:21:18.0518 6340  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
23:21:18.0521 6340  WUDFRd - ok
23:21:18.0548 6340  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
23:21:18.0551 6340  wudfsvc - ok
23:21:18.0590 6340  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
23:21:18.0595 6340  WwanSvc - ok
23:21:18.0639 6340  ================ Scan global ===============================
23:21:18.0693 6340  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
23:21:18.0739 6340  [ 88EDD0B34EED542745931E581AD21A32 ] C:\windows\system32\winsrv.dll
23:21:18.0778 6340  [ 88EDD0B34EED542745931E581AD21A32 ] C:\windows\system32\winsrv.dll
23:21:18.0823 6340  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
23:21:18.0844 6340  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
23:21:18.0849 6340  [Global] - ok
23:21:18.0850 6340  ================ Scan MBR ==================================
23:21:18.0859 6340  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:21:19.0056 6340  \Device\Harddisk0\DR0 - ok
23:21:19.0057 6340  ================ Scan VBR ==================================
23:21:19.0060 6340  [ AD893C565974D62FB1453E0BC405F34B ] \Device\Harddisk0\DR0\Partition1
23:21:19.0062 6340  \Device\Harddisk0\DR0\Partition1 - ok
23:21:19.0073 6340  [ A5C144FB061A5C9EC686555A467CBBC7 ] \Device\Harddisk0\DR0\Partition2
23:21:19.0075 6340  \Device\Harddisk0\DR0\Partition2 - ok
23:21:19.0108 6340  [ A82334333E8B8D7FAA30299D7564EFF1 ] \Device\Harddisk0\DR0\Partition3
23:21:19.0110 6340  \Device\Harddisk0\DR0\Partition3 - ok
23:21:19.0111 6340  ============================================================
23:21:19.0111 6340  Scan finished
23:21:19.0111 6340  ============================================================
23:21:19.0127 2284  Detected object count: 0
23:21:19.0127 2284  Actual detected object count: 0
23:21:36.0225 7920  Deinitialize success
 

 

AdwClearner:

# AdwCleaner v3.006 - Report created 01/10/2013 at 23:24:40
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Yaser - YASER-PC
# Running from : C:\Users\Yaser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5UQH8PX\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Yaser\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2240 octets] - [30/09/2013 15:06:19]
AdwCleaner[R1].txt - [861 octets] - [01/10/2013 23:24:40]
AdwCleaner[S0].txt - [2335 octets] - [30/09/2013 15:08:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [980 octets] ##########


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 02 October 2013 - 06:27 AM

Hi,
 
It's nice to meet you as well.   :)
 
Those look pretty good....let's keep going.  
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 02 October 2013 - 08:35 AM

Good Morning Jeff here is the Combofix Log:

 

ComboFix 13-10-01.03 - Yaser 10/02/2013   9:21.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2617 [GMT -4:00]
Running from: c:\users\Yaser\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-02 to 2013-10-02  )))))))))))))))))))))))))))))))
.
.
2013-10-02 13:27 . 2013-10-02 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-01 11:48 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFE7D65B-9B14-44DE-A040-A99A096E59D6}\mpengine.dll
2013-09-30 19:06 . 2013-10-02 03:28 -------- d-----w- C:\AdwCleaner
2013-09-30 04:34 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-27 13:25 . 2013-09-27 13:25 -------- d-----w- c:\program files\CCleaner
2013-09-27 13:13 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-27 13:13 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-27 03:07 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-27 03:07 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-27 03:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-27 03:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-27 03:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-27 03:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-09-27 03:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-27 03:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-27 03:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-27 03:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-27 03:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-27 02:08 . 2013-09-27 02:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-26 05:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-09-26 05:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-09-26 05:50 . 2013-08-02 02:12 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-09-26 05:49 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-26 05:49 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-26 05:47 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-09-26 05:47 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-09-26 05:47 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-09-26 05:47 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-09-26 05:46 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-26 05:46 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-25 04:05 . 2013-09-25 04:05 -------- d-----w- c:\windows\system32\SPReview
2013-09-25 03:20 . 2010-11-20 09:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2013-09-25 03:19 . 2010-11-20 09:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2013-09-25 03:19 . 2010-11-20 09:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2013-09-25 02:59 . 2010-11-20 09:44 50176 ----a-w- c:\windows\system32\NAPCRYPT.DLL
2013-09-25 02:58 . 2010-11-20 09:27 161792 ----a-w- c:\windows\system32\ocsetapi.dll
2013-09-25 02:57 . 2010-11-20 09:27 189952 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-09-25 02:53 . 2013-09-25 02:53 -------- d-----w- c:\windows\system32\EventProviders
2013-09-25 02:53 . 2013-09-25 04:05 -------- d-----w- C:\5e833ee2e7c8d56d51599ab4f980a8
2013-09-24 01:27 . 2013-09-24 01:27 -------- d-----w- c:\program files (x86)\Microsoft Download Manager
2013-09-24 00:51 . 2013-09-24 00:52 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-09-23 21:11 . 2013-09-23 21:11 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FBB1C3D-9C15-469D-9A37-8F46B1DDC05B}\gapaengine.dll
2013-09-23 21:10 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF4FCF3-18B0-4B46-BCDD-3B523A0C9790}\mpengine.dll
2013-09-23 21:09 . 2013-09-23 21:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-23 21:09 . 2013-09-23 21:09 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-23 13:01 . 2013-09-23 13:01 -------- d-----w- c:\users\Yaser\AppData\Roaming\SUPERAntiSpyware.com
2013-09-23 13:00 . 2013-09-23 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-23 13:00 . 2013-09-23 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-09-20 11:34 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 11:34 . 2013-09-20 11:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-25 03:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-09-25 03:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-20 14:00 . 2012-09-17 02:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 14:00 . 2012-09-17 02:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 15:02 . 2011-04-17 02:28 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2012-09-11 01:22 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-26 05:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-06-30 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Yaser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yaser\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 11:23 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 14:00]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:05]
.
2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-VeriFaceManager - c:\program files (x86)\Lenovo\VeriFace\PManage.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-02  09:30:44
ComboFix-quarantined-files.txt  2013-10-02 13:30
.
Pre-Run: 200,554,283,008 bytes free
Post-Run: 200,543,854,592 bytes free
.
- - End Of File - - 4C18DD16E530F9481D4BE71FD0D38B00


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 02 October 2013 - 11:17 AM

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 02 October 2013 - 08:36 PM

Thanks for your continued assistance!

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Yaser on Wed 10/02/2013 at 21:29:01.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{01D617C0-2F46-4997-AC7A-8876C377B1A3}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{154DDB38-96CA-49B9-9E3F-8D58255ED25F}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{1CBD4913-4325-496A-93AB-AF0313D8E885}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{5C9784A1-20CD-47E4-95E1-9616D6B2D6FD}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{79388E1A-D97B-4F18-905F-04D52B911006}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{88D40DC2-2A6F-4C77-B3B1-6B7498CEFA0C}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{8E92A932-F1D2-4F2C-8E26-BDFE97A4F5D3}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{9C77205B-0776-4A8F-9C90-14F686C4A9CA}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{A46F9507-C90A-4956-AF90-986D50E10860}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{CA2BCECC-575A-43E6-BD02-39429EBC0D15}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{DCFE3454-3162-4A97-A6AF-A18D54AE8064}
Successfully deleted: [Empty Folder] C:\Users\Yaser\appdata\local\{F4C3553F-4778-409A-95CA-D76CD641A431}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/02/2013 at 21:34:30.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 03 October 2013 - 06:33 AM

Run a new scan with ComboFix and also let me know how your system is running right now?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 03 October 2013 - 10:52 AM

Hi Jeff, below is the new combofix log. My husband told me that he got the notice of low disk space again late last night a while after I had submitted the JRT log. That means something is still off. Maybe this new combofix run will repair that. 

 

When I'm on the computer and I click on that balloon to see how windows want to repair it, the disk cleanup program comes up. What's odd about that is that it only shows the recycle bin as an option not the standard temp files, error log files, etc.

 

Combofix:

 

ComboFix 13-10-03.03 - Yaser 10/03/2013  11:37:01.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2668 [GMT -4:00]
Running from: c:\users\Yaser\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-03 to 2013-10-03  )))))))))))))))))))))))))))))))
.
.
2013-10-03 15:44 . 2013-10-03 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 01:28 . 2013-10-03 01:28 -------- d-----w- c:\windows\ERUNT
2013-10-02 14:35 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1065A488-35E6-41FA-8161-3EE6ED08E315}\mpengine.dll
2013-10-02 13:36 . 2013-09-05 02:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-30 19:06 . 2013-10-02 03:28 -------- d-----w- C:\AdwCleaner
2013-09-27 13:25 . 2013-09-27 13:25 -------- d-----w- c:\program files\CCleaner
2013-09-27 13:13 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-09-27 13:13 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-09-27 03:07 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-27 03:07 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-27 03:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-27 03:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-27 03:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-27 03:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-09-27 03:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-27 03:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-27 03:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-27 03:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-27 03:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-27 02:08 . 2013-09-27 02:08 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-09-26 05:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-09-26 05:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-09-26 05:50 . 2013-08-02 02:12 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-09-26 05:49 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-09-26 05:49 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-26 05:47 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-09-26 05:47 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-09-26 05:47 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-09-26 05:47 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-09-26 05:46 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-26 05:46 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-25 04:05 . 2013-09-25 04:05 -------- d-----w- c:\windows\system32\SPReview
2013-09-25 03:20 . 2010-11-20 09:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2013-09-25 03:19 . 2010-11-20 09:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2013-09-25 03:19 . 2010-11-20 09:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2013-09-25 02:59 . 2010-11-20 09:44 50176 ----a-w- c:\windows\system32\NAPCRYPT.DLL
2013-09-25 02:58 . 2010-11-20 09:27 161792 ----a-w- c:\windows\system32\ocsetapi.dll
2013-09-25 02:57 . 2010-11-20 09:27 189952 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-09-25 02:53 . 2013-09-25 02:53 -------- d-----w- c:\windows\system32\EventProviders
2013-09-25 02:53 . 2013-09-25 04:05 -------- d-----w- C:\5e833ee2e7c8d56d51599ab4f980a8
2013-09-24 01:27 . 2013-09-24 01:27 -------- d-----w- c:\program files (x86)\Microsoft Download Manager
2013-09-24 00:51 . 2013-09-24 00:52 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-09-23 21:11 . 2013-09-23 21:11 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FBB1C3D-9C15-469D-9A37-8F46B1DDC05B}\gapaengine.dll
2013-09-23 21:10 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAF4FCF3-18B0-4B46-BCDD-3B523A0C9790}\mpengine.dll
2013-09-23 21:09 . 2013-09-23 21:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-23 21:09 . 2013-09-23 21:09 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-23 13:01 . 2013-09-23 13:01 -------- d-----w- c:\users\Yaser\AppData\Roaming\SUPERAntiSpyware.com
2013-09-23 13:00 . 2013-09-23 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-23 13:00 . 2013-09-23 13:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-09-20 11:34 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 11:34 . 2013-09-20 11:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-25 03:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-09-25 03:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-09-20 14:00 . 2012-09-17 02:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 14:00 . 2012-09-17 02:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 15:02 . 2011-04-17 02:28 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2012-09-11 01:22 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-26 05:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-06-30 171104]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Yaser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yaser\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 11:23 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 14:00]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:05]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 05:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\Yaser\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-03  11:46:54
ComboFix-quarantined-files.txt  2013-10-03 15:46
ComboFix2.txt  2013-10-02 13:30
.
Pre-Run: 199,535,497,216 bytes free
Post-Run: 199,474,331,648 bytes free
.
- - End Of File - - 12FCEA264621008F0220AEA003CFC581


#10 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 03 October 2013 - 11:06 AM

Okay Jeff, I have some new info: The low disk space warning just came up, I clicked on it, did a screenshot, then realized that it was for cleaning the D: drive NOT the main C: drive. So, I did a volume screenshot to show the different disks on the system and why that warning keeps coming up; however, it's odd that this disk (D) is being written to because I believe it is the system restore volume.

 

I've attached the screenshots.

 

[attachment=142452:cleanupSS.png][attachment=142453:volumeSS.png]



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 03 October 2013 - 02:06 PM

Hi,
 
Ok we are dealing with the Recovery Partition for this problem.   :)  Let's do this.....
 
Visit the page found here and follow the instructions for removing all of the restore points except the most recent.
 
Once complete, come back and let me know how your system is running.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 03 October 2013 - 10:25 PM

Hi, 

 

I didn't pay attention and deleted all restore points but I just created another one right after so there should only be one. After that, I checked the volume capacity and now it shows 418mb free of 28.9 available. I know the restore partition is supposed to be pretty full but is it supposed to be that full?

 

How about the trojan and hijacker? Do you think those are all cleaned up at this point?

 

Thanks



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 04 October 2013 - 06:39 AM

If you could, give me a screen shot of your drives like you did before.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:03 PM

Posted 04 October 2013 - 08:12 PM

sorry for the delay jeff, i have been moving and i didn't have time to post. here is the new screenshot of the drives and a screenshot of whats in this drive were talking about.

 

[attachment=142486:screenshot3 (851x564).jpg][attachment=142487:screenshot4 (860x626).jpg]



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:03 PM

Posted 05 October 2013 - 08:17 AM

No problem at all.  :)  I will look over more of this today, but I have a football game to coach so I will return as quickly as I can.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users