Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEROACCESS Reparse Point/Junction found!


  • This topic is locked This topic is locked
28 replies to this topic

#1 backerfan

backerfan

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 25 December 2013 - 12:11 PM

Hi, and thank you for this helpful site.  The pc running windows 7 32bit and NOD4 stopped updating.  About the same time a message would pop up during start up.  The message is as follows.

 

c:\users\end user\appdata\local\bvworks\vorbisfile_d.dll failed to load
 
I also noticed that nod was out of spec so I attempted to load the outstanding updates.  All but one loaded.  The one that didn't load said it had a virus and couldn't load so I went to the Microsoft website and got the same response.  it is "security update for windows 7 (kb2847927)" it is labeled as an important update.
 
I ran nod, ccleaner, and malware, then took the drive out and ran the Microsoft virus scan from my one laptop with the other drive attached as a portable drive and found a worm and another malware.  Once cleaned I ran it again and got nothing, so I then hooked the drive to my work pc and got another hit on malware and cleaned it.
 
Once I put the drive back in the laptop the error is still there.  When I look at ccleaner the only thing that has been loaded recently is thunderbird email (I think this must be an update since this is the mail he uses)
 
Fast forward to today.  I downloaded and ran several spyware, antivirus, and malware apps.  When I ran Rkill the Zeroaccess message came up and I have not be able to get rid of it.  When NOD was not updating I uninstalled it and found a copy of defender was causing issues with installing av and malware software.  I have since been able to get the software to load.
 
Thanks for your help.
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by End User at 11:32:32 on 2013-12-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3062.1677 [GMT -5:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\31.0.1650.63\npchrome_frame.dll
uRun: [BVworks] regsvr32.exe "c:\users\end user\appdata\local\bvworks\vorbisfile_d.dll"
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 216.144.187.199 216.144.187.101 204.186.110.76
TCP: Interfaces\{3EB01664-8142-42D2-848A-929271E7E57A} : DHCPNameServer = 216.144.187.199 216.144.187.101 204.186.110.76
TCP: Interfaces\{D0B3D69E-1915-4E74-A10C-2C7ADA489843} : DHCPNameServer = 216.144.187.199 216.144.187.101 204.186.110.76
TCP: Interfaces\{DA1F08CB-EB21-4597-9AC9-80BF5398DFDD} : NameServer = 207.69.188.187 207.69.188.186
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\31.0.1650.63\npchrome_frame.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\end user\appdata\roaming\mozilla\firefox\profiles\em9dmx9r.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2013-12-24 46248]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-12-24 106280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-22 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-22 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-24 3666392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-24 2729432]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-24 171928]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-22 22856]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-11-24 23152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-22 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-11 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-26 1343400]
.
=============== Created Last 30 ================
.
2013-12-24 20:09:26 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-24 19:38:59 -------- d-----w- c:\programdata\Licenses
2013-12-24 19:38:35 -------- d-----w- c:\program files\SpywareBlaster
2013-12-24 18:27:20 -------- d-----w- c:\users\end user\appdata\roaming\SUPERAntiSpyware.com
2013-12-24 18:26:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-24 18:26:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-24 16:57:35 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-24 16:57:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-24 16:57:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-24 16:50:12 -------- d-----w- c:\program files\HitmanPro
2013-12-24 16:49:22 -------- d-----w- c:\programdata\HitmanPro
2013-12-24 16:31:47 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-24 16:31:22 -------- d-----w- C:\mal-ware
2013-12-24 16:29:53 -------- d-----w- c:\users\end user\malrootkill
2013-12-24 16:22:27 -------- d-----w- C:\downloads
2013-12-24 16:17:26 -------- d-----w- C:\_reports
2013-12-24 16:16:07 -------- d-----w- C:\AdwCleaner
2013-12-23 03:04:54 -------- d-----w- c:\users\end user\appdata\local\Microsoft Games
2013-12-22 23:54:02 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-22 23:54:02 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-22 23:54:02 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-22 23:54:00 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-22 23:53:57 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-22 23:53:57 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-22 23:53:57 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-22 23:53:57 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-22 23:53:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-22 23:53:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-22 23:53:32 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-22 23:36:40 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-22 23:36:39 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
.
==================== Find3M  ====================
.
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 11:42:49.70 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 December 2013 - 09:57 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 10:29 AM

Attached File  Addition.txt   16.16KB   1 downloads

 

Thank you for your time.  Here are the files that were requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by End User (administrator) on ENDUSER-PC on 26-12-2013 10:20:06
Running from C:\Users\End User\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TrackPointSrv] - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [93032 2009-11-24] (Lenovo Group Limited)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [BVworks] - regsvr32.exe "C:\Users\End User\AppData\Local\BVworks\vorbisfile_d.dll" <===== ATTENTION
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [6032840 2013-12-19] (Safer-Networking Ltd.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2013-12-19] (SUPERAntiSpyware)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6E73F0819F66CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.63\npchrome_frame.dll (Google Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 216.144.187.199 216.144.187.101 204.186.110.76
Tcpip\..\Interfaces\{DA1F08CB-EB21-4597-9AC9-80BF5398DFDD}: [NameServer]207.69.188.187 207.69.188.186

FireFox:
========
FF ProfilePath: C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\em9dmx9r.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-12-24] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRTN32.sys [486400 2009-06-22] (Conexant Systems Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-12-19] ()
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [23152 2009-11-24] (Lenovo Group Limited)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-26 10:20 - 2013-12-26 10:21 - 00007918 _____ C:\Users\End User\Desktop\FRST.txt
2013-12-26 10:19 - 2013-12-26 10:19 - 01061649 _____ (Farbar) C:\Users\End User\Desktop\FRST.exe
2013-12-26 10:19 - 2013-12-26 10:19 - 00000000 ____D C:\FRST
2013-12-25 11:44 - 2013-12-25 11:44 - 00008746 _____ C:\Users\End User\Desktop\attach.txt
2013-12-25 11:44 - 2013-12-25 11:42 - 00012633 _____ C:\Users\End User\Desktop\dds.txt
2013-12-25 11:29 - 2013-12-26 10:17 - 00056804 _____ C:\Windows\WindowsUpdate.log
2013-12-25 11:25 - 2013-12-26 10:11 - 00000112 _____ C:\Windows\setupact.log
2013-12-25 11:25 - 2013-12-25 11:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-24 17:39 - 2013-12-24 17:39 - 00001272 _____ C:\Users\End User\Desktop\Snipping Tool.lnk
2013-12-24 16:11 - 2013-12-24 16:11 - 00001488 _____ C:\Users\End User\Desktop\SUPERAntiSpyware - Shortcut (2).lnk
2013-12-24 15:09 - 2013-12-24 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 15:02 - 2013-12-24 15:02 - 00001004 _____ C:\Users\End User\Desktop\mbar - Shortcut.lnk
2013-12-24 14:59 - 2013-12-24 14:59 - 00000905 _____ C:\Users\End User\Desktop\rkill - Shortcut.lnk
2013-12-24 14:46 - 2013-12-24 14:46 - 00001008 _____ C:\Users\End User\Desktop\SUPERAntiSpyware - Shortcut.lnk
2013-12-24 14:38 - 2013-12-24 14:44 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-12-24 14:38 - 2013-12-24 14:38 - 00000997 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-12-24 14:38 - 2013-12-24 14:38 - 00000000 ____D C:\ProgramData\Licenses
2013-12-24 13:27 - 2013-12-24 13:27 - 00000000 ____D C:\Users\End User\AppData\Roaming\SUPERAntiSpyware.com
2013-12-24 13:26 - 2013-12-24 13:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-24 13:26 - 2013-12-24 13:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-24 11:57 - 2013-12-24 13:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 11:57 - 2013-12-24 11:59 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 11:57 - 2013-12-24 11:57 - 00002079 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 11:57 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-24 11:50 - 2013-12-24 11:50 - 00001853 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-24 11:50 - 2013-12-24 11:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-24 11:49 - 2013-12-24 11:53 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-24 11:42 - 2013-12-26 10:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-24 11:31 - 2013-12-24 15:09 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 11:31 - 2013-12-24 11:31 - 00000000 ____D C:\mal-ware
2013-12-24 11:29 - 2013-12-24 11:29 - 00000000 ____D C:\Users\End User\malrootkill
2013-12-24 11:26 - 2013-12-24 15:08 - 00006778 _____ C:\Users\End User\Desktop\Rkill.txt
2013-12-24 11:17 - 2013-12-24 15:08 - 00000000 ____D C:\_reports
2013-12-24 11:16 - 2013-12-24 14:48 - 00000000 ____D C:\AdwCleaner
2013-12-23 18:58 - 2013-12-23 18:58 - 00000000 ____D C:\Users\End User\Desktop\ESET Antivirus 4.0.468.0
2013-12-22 22:04 - 2013-12-22 22:12 - 00000000 ____D C:\Users\End User\AppData\Local\Microsoft Games
2013-12-22 19:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-22 19:02 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-22 19:02 - 2013-11-26 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-22 19:02 - 2013-11-26 03:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-22 19:02 - 2013-11-26 03:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-22 19:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-22 19:02 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-22 19:02 - 2013-11-26 03:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-22 19:02 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-22 19:02 - 2013-11-26 03:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-22 19:02 - 2013-11-26 03:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-22 19:02 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-22 19:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-22 19:02 - 2013-11-26 03:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-22 19:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-22 19:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-22 19:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-22 19:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-22 19:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-22 18:54 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-22 18:54 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-22 18:54 - 2013-10-03 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-22 18:54 - 2013-10-03 20:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-22 18:53 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-22 18:53 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-22 18:53 - 2013-10-29 20:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-22 18:53 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-22 18:53 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-22 18:53 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-22 18:53 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-22 18:36 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-22 18:36 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

==================== One Month Modified Files and Folders =======

2013-12-26 10:21 - 2013-12-26 10:20 - 00007918 _____ C:\Users\End User\Desktop\FRST.txt
2013-12-26 10:19 - 2013-12-26 10:19 - 01061649 _____ (Farbar) C:\Users\End User\Desktop\FRST.exe
2013-12-26 10:19 - 2013-12-26 10:19 - 00000000 ____D C:\FRST
2013-12-26 10:19 - 2010-11-20 16:01 - 00792118 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-26 10:19 - 2009-07-13 23:34 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 10:19 - 2009-07-13 23:34 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 10:17 - 2013-12-25 11:29 - 00056804 _____ C:\Windows\WindowsUpdate.log
2013-12-26 10:13 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\tracing
2013-12-26 10:12 - 2013-12-24 11:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-12-26 10:12 - 2013-04-19 10:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 10:12 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 10:11 - 2013-12-25 11:25 - 00000112 _____ C:\Windows\setupact.log
2013-12-25 12:06 - 2013-04-19 10:58 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-25 11:44 - 2013-12-25 11:44 - 00008746 _____ C:\Users\End User\Desktop\attach.txt
2013-12-25 11:42 - 2013-12-25 11:44 - 00012633 _____ C:\Users\End User\Desktop\dds.txt
2013-12-25 11:25 - 2013-12-25 11:25 - 00000000 _____ C:\Windows\setuperr.log
2013-12-24 17:39 - 2013-12-24 17:39 - 00001272 _____ C:\Users\End User\Desktop\Snipping Tool.lnk
2013-12-24 16:15 - 2013-04-03 10:53 - 00000000 ____D C:\Windows\Minidump
2013-12-24 16:11 - 2013-12-24 16:11 - 00001488 _____ C:\Users\End User\Desktop\SUPERAntiSpyware - Shortcut (2).lnk
2013-12-24 15:17 - 2013-12-24 15:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 15:09 - 2013-12-24 11:31 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 15:08 - 2013-12-24 11:26 - 00006778 _____ C:\Users\End User\Desktop\Rkill.txt
2013-12-24 15:08 - 2013-12-24 11:17 - 00000000 ____D C:\_reports
2013-12-24 15:02 - 2013-12-24 15:02 - 00001004 _____ C:\Users\End User\Desktop\mbar - Shortcut.lnk
2013-12-24 14:59 - 2013-12-24 14:59 - 00000905 _____ C:\Users\End User\Desktop\rkill - Shortcut.lnk
2013-12-24 14:48 - 2013-12-24 11:16 - 00000000 ____D C:\AdwCleaner
2013-12-24 14:46 - 2013-12-24 14:46 - 00001008 _____ C:\Users\End User\Desktop\SUPERAntiSpyware - Shortcut.lnk
2013-12-24 14:44 - 2013-12-24 14:38 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-12-24 14:38 - 2013-12-24 14:38 - 00000997 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-12-24 14:38 - 2013-12-24 14:38 - 00000000 ____D C:\ProgramData\Licenses
2013-12-24 14:29 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-12-24 13:27 - 2013-12-24 13:27 - 00000000 ____D C:\Users\End User\AppData\Roaming\SUPERAntiSpyware.com
2013-12-24 13:27 - 2013-12-24 13:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-24 13:26 - 2013-12-24 13:26 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-24 13:20 - 2013-12-24 11:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 11:59 - 2013-12-24 11:57 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 11:57 - 2013-12-24 11:57 - 00002079 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 11:53 - 2013-12-24 11:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-24 11:50 - 2013-12-24 11:50 - 00001853 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-12-24 11:50 - 2013-12-24 11:50 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-24 11:31 - 2013-12-24 11:31 - 00000000 ____D C:\mal-ware
2013-12-24 11:29 - 2013-12-24 11:29 - 00000000 ____D C:\Users\End User\malrootkill
2013-12-23 18:58 - 2013-12-23 18:58 - 00000000 ____D C:\Users\End User\Desktop\ESET Antivirus 4.0.468.0
2013-12-22 22:12 - 2013-12-22 22:04 - 00000000 ____D C:\Users\End User\AppData\Local\Microsoft Games
2013-12-22 21:26 - 2009-07-13 23:33 - 00268128 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-22 18:38 - 2013-08-08 17:28 - 00000000 ____D C:\Windows\system32\MRT
2013-12-22 18:37 - 2013-02-22 16:18 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-26 05:11 - 2013-12-22 19:02 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 04:23 - 2013-12-22 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 04:22 - 2013-12-22 19:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 03:53 - 2013-12-22 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 03:52 - 2013-12-22 19:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 03:38 - 2013-12-22 19:02 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 03:38 - 2013-12-22 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 03:36 - 2013-12-22 19:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 03:32 - 2013-12-22 19:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 03:29 - 2013-12-22 19:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 03:29 - 2013-12-22 19:02 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 03:28 - 2013-12-22 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 03:16 - 2013-12-22 19:02 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 03:13 - 2013-12-22 19:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 02:32 - 2013-12-22 19:02 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 02:26 - 2013-12-22 19:02 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 01:34 - 2013-12-22 19:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 01:33 - 2013-12-22 19:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 01:27 - 2013-12-22 19:02 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

Some content of TEMP:
====================
C:\Users\End User\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-24 14:22

==================== End Of Log ============================

 



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 December 2013 - 11:26 AM

Please do this next - make sure you disable all your security programs before running this:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [BVworks] - regsvr32.exe "C:\Users\End User\AppData\Local\BVworks\vorbisfile_d.dll" <===== ATTENTION
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 11:42 AM

I stopped all of the malware but could not stop mbam services so I disabled it.

 

Here is the fixlog file.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2013
Ran by End User at 2013-12-26 11:40:24 Run:1
Running from C:\Users\End User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [BVworks] - regsvr32.exe "C:\Users\End User\AppData\Local\BVworks\vorbisfile_d.dll" <===== ATTENTION
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BVworks => Value deleted successfully.

==== End of Fixlog ====



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 December 2013 - 11:52 AM

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 05:37 PM

combofix has been running for about 3 hours.  I think I might have started it twice.  It has gone through 50 stages and then deleted some files and has been sitting at "preparing log report.  do not run any programs until combofix has finished"  The desktop is clear of all icons and the blue comand prompt screen is open.  Also, there are files being scanned in the lower right corner.  The file names change but are only there for a few seconds.

 

What should I do?

 

And thank you for your help.



#8 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 06:53 PM

When I open anything the pc scans it.  It is the same scan that is in the lower right corner of the screen.

 

 

Here is the tdsskiller log file

 

12:08:26.0763 5292  ============================================================
12:08:26.0763 5292  Current date / time: 2013/12/26 12:08:26.0763
12:08:26.0763 5292  SystemInfo:
12:08:26.0763 5292 
12:08:26.0763 5292  OS Version: 6.1.7601 ServicePack: 1.0
12:08:26.0763 5292  Product type: Workstation
12:08:26.0763 5292  ComputerName: ENDUSER-PC
12:08:26.0763 5292  UserName: End User
12:08:26.0763 5292  Windows directory: C:\Windows
12:08:26.0763 5292  System windows directory: C:\Windows
12:08:26.0763 5292  Processor architecture: Intel x86
12:08:26.0763 5292  Number of processors: 2
12:08:26.0763 5292  Page size: 0x1000
12:08:26.0763 5292  Boot type: Normal boot
12:08:26.0763 5292  ============================================================
12:08:28.0089 5292  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
12:08:28.0089 5292  ============================================================
12:08:28.0089 5292  \Device\Harddisk0\DR0:
12:08:28.0089 5292  MBR partitions:
12:08:28.0089 5292  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:08:28.0089 5292  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
12:08:28.0089 5292  ============================================================
12:08:28.0136 5292  C: <-> \Device\Harddisk0\DR0\Partition2
12:08:28.0136 5292  ============================================================
12:08:28.0136 5292  Initialize success
12:08:28.0136 5292  ============================================================
12:08:46.0325 5364  ============================================================
12:08:46.0325 5364  Scan started
12:08:46.0325 5364  Mode: Manual; TDLFS;
12:08:46.0325 5364  ============================================================
12:08:46.0684 5364  ================ Scan system memory ========================
12:08:46.0684 5364  System memory - ok
12:08:46.0684 5364  ================ Scan services =============================
12:08:46.0762 5364  [ 51F207D5A9E7B2E76BEE59C05CCC23C4 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:08:46.0762 5364  !SASCORE - ok
12:08:46.0965 5364  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:08:46.0965 5364  1394ohci - ok
12:08:46.0980 5364  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:08:46.0980 5364  ACPI - ok
12:08:47.0012 5364  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:08:47.0012 5364  AcpiPmi - ok
12:08:47.0090 5364  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:08:47.0090 5364  AdobeARMservice - ok
12:08:47.0152 5364  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:08:47.0168 5364  adp94xx - ok
12:08:47.0199 5364  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:08:47.0199 5364  adpahci - ok
12:08:47.0214 5364  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:08:47.0214 5364  adpu320 - ok
12:08:47.0246 5364  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:08:47.0246 5364  AeLookupSvc - ok
12:08:47.0308 5364  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\Windows\system32\drivers\Afc.sys
12:08:47.0308 5364  Afc - ok
12:08:47.0370 5364  [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD             C:\Windows\system32\drivers\afd.sys
12:08:47.0370 5364  AFD - ok
12:08:47.0402 5364  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:08:47.0402 5364  agp440 - ok
12:08:47.0448 5364  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:08:47.0448 5364  aic78xx - ok
12:08:47.0495 5364  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:08:47.0495 5364  ALG - ok
12:08:47.0526 5364  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:08:47.0526 5364  aliide - ok
12:08:47.0542 5364  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:08:47.0542 5364  amdagp - ok
12:08:47.0573 5364  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:08:47.0573 5364  amdide - ok
12:08:47.0620 5364  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:08:47.0620 5364  AmdK8 - ok
12:08:47.0620 5364  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:08:47.0620 5364  AmdPPM - ok
12:08:47.0682 5364  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:08:47.0682 5364  amdsata - ok
12:08:47.0714 5364  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:08:47.0714 5364  amdsbs - ok
12:08:47.0729 5364  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:08:47.0729 5364  amdxata - ok
12:08:47.0760 5364  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:08:47.0760 5364  AppID - ok
12:08:47.0823 5364  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:08:47.0823 5364  AppIDSvc - ok
12:08:47.0838 5364  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
12:08:47.0838 5364  Appinfo - ok
12:08:47.0885 5364  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:08:47.0885 5364  AppMgmt - ok
12:08:47.0916 5364  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
12:08:47.0916 5364  arc - ok
12:08:47.0932 5364  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:08:47.0932 5364  arcsas - ok
12:08:48.0088 5364  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:08:48.0088 5364  aspnet_state - ok
12:08:48.0119 5364  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:48.0119 5364  AsyncMac - ok
12:08:48.0150 5364  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:08:48.0150 5364  atapi - ok
12:08:48.0213 5364  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:08:48.0213 5364  AudioEndpointBuilder - ok
12:08:48.0228 5364  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:08:48.0228 5364  Audiosrv - ok
12:08:48.0291 5364  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:08:48.0291 5364  AxInstSV - ok
12:08:48.0338 5364  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:08:48.0338 5364  b06bdrv - ok
12:08:48.0369 5364  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:08:48.0369 5364  b57nd60x - ok
12:08:48.0416 5364  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:08:48.0416 5364  BDESVC - ok
12:08:48.0431 5364  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:08:48.0431 5364  Beep - ok
12:08:48.0462 5364  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:08:48.0462 5364  BFE - ok
12:08:48.0509 5364  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:08:48.0509 5364  BITS - ok
12:08:48.0540 5364  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:08:48.0540 5364  blbdrive - ok
12:08:48.0556 5364  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:08:48.0556 5364  bowser - ok
12:08:48.0572 5364  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:08:48.0572 5364  BrFiltLo - ok
12:08:48.0587 5364  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:08:48.0587 5364  BrFiltUp - ok
12:08:48.0618 5364  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:08:48.0618 5364  Browser - ok
12:08:48.0650 5364  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:08:48.0650 5364  Brserid - ok
12:08:48.0665 5364  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:48.0665 5364  BrSerWdm - ok
12:08:48.0681 5364  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:48.0681 5364  BrUsbMdm - ok
12:08:48.0681 5364  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:48.0681 5364  BrUsbSer - ok
12:08:48.0728 5364  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:08:48.0728 5364  BTHMODEM - ok
12:08:48.0790 5364  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:08:48.0790 5364  bthserv - ok
12:08:48.0821 5364  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:08:48.0837 5364  cdfs - ok
12:08:48.0868 5364  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:08:48.0868 5364  cdrom - ok
12:08:48.0899 5364  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:08:48.0915 5364  CertPropSvc - ok
12:08:48.0915 5364  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:08:48.0915 5364  circlass - ok
12:08:48.0930 5364  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:08:48.0946 5364  CLFS - ok
12:08:49.0008 5364  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:49.0008 5364  clr_optimization_v2.0.50727_32 - ok
12:08:49.0055 5364  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:49.0071 5364  clr_optimization_v4.0.30319_32 - ok
12:08:49.0086 5364  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:08:49.0086 5364  CmBatt - ok
12:08:49.0133 5364  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:08:49.0133 5364  cmdide - ok
12:08:49.0164 5364  [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG             C:\Windows\system32\Drivers\cng.sys
12:08:49.0180 5364  CNG - ok
12:08:49.0227 5364  [ E7F65666AEA26F7585E5947A2F5D5218 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRTN32.sys
12:08:49.0227 5364  CnxtHdAudService - ok
12:08:49.0258 5364  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:08:49.0258 5364  Compbatt - ok
12:08:49.0289 5364  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:08:49.0289 5364  CompositeBus - ok
12:08:49.0305 5364  COMSysApp - ok
12:08:49.0320 5364  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:08:49.0320 5364  crcdisk - ok
12:08:49.0383 5364  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:08:49.0383 5364  CryptSvc - ok
12:08:49.0414 5364  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
12:08:49.0414 5364  CSC - ok
12:08:49.0430 5364  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
12:08:49.0445 5364  CscService - ok
12:08:49.0476 5364  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:08:49.0492 5364  DcomLaunch - ok
12:08:49.0523 5364  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:08:49.0523 5364  defragsvc - ok
12:08:49.0554 5364  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:08:49.0554 5364  DfsC - ok
12:08:49.0617 5364  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:08:49.0617 5364  Dhcp - ok
12:08:49.0632 5364  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:08:49.0632 5364  discache - ok
12:08:49.0679 5364  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
12:08:49.0679 5364  Disk - ok
12:08:49.0710 5364  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:08:49.0710 5364  dmvsc - ok
12:08:49.0757 5364  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:08:49.0757 5364  Dnscache - ok
12:08:49.0773 5364  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:08:49.0773 5364  dot3svc - ok
12:08:49.0788 5364  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:08:49.0788 5364  DPS - ok
12:08:49.0835 5364  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:08:49.0835 5364  drmkaud - ok
12:08:49.0898 5364  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:08:49.0898 5364  DXGKrnl - ok
12:08:49.0913 5364  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:08:49.0913 5364  EapHost - ok
12:08:50.0007 5364  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:08:50.0038 5364  ebdrv - ok
12:08:50.0085 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS             C:\Windows\System32\lsass.exe
12:08:50.0085 5364  EFS - ok
12:08:50.0147 5364  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:08:50.0163 5364  ehRecvr - ok
12:08:50.0178 5364  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:08:50.0178 5364  ehSched - ok
12:08:50.0210 5364  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:08:50.0210 5364  elxstor - ok
12:08:50.0225 5364  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:08:50.0225 5364  ErrDev - ok
12:08:50.0272 5364  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:08:50.0272 5364  EventSystem - ok
12:08:50.0303 5364  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:08:50.0303 5364  exfat - ok
12:08:50.0319 5364  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:08:50.0334 5364  fastfat - ok
12:08:50.0381 5364  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:08:50.0381 5364  Fax - ok
12:08:50.0412 5364  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
12:08:50.0412 5364  fdc - ok
12:08:50.0444 5364  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:08:50.0444 5364  fdPHost - ok
12:08:50.0444 5364  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:08:50.0444 5364  FDResPub - ok
12:08:50.0459 5364  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:08:50.0459 5364  FileInfo - ok
12:08:50.0475 5364  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:08:50.0475 5364  Filetrace - ok
12:08:50.0475 5364  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:08:50.0475 5364  flpydisk - ok
12:08:50.0506 5364  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:08:50.0506 5364  FltMgr - ok
12:08:50.0553 5364  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
12:08:50.0568 5364  FontCache - ok
12:08:50.0631 5364  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:08:50.0631 5364  FontCache3.0.0.0 - ok
12:08:50.0678 5364  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:08:50.0678 5364  FsDepends - ok
12:08:50.0709 5364  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:08:50.0709 5364  Fs_Rec - ok
12:08:50.0771 5364  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:08:50.0771 5364  fvevol - ok
12:08:50.0787 5364  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:08:50.0787 5364  gagp30kx - ok
12:08:50.0834 5364  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:08:50.0834 5364  gpsvc - ok
12:08:50.0927 5364  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:50.0927 5364  gupdate - ok
12:08:50.0943 5364  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:50.0943 5364  gupdatem - ok
12:08:50.0958 5364  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:08:50.0958 5364  hcw85cir - ok
12:08:51.0005 5364  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:08:51.0005 5364  HdAudAddService - ok
12:08:51.0036 5364  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:08:51.0036 5364  HDAudBus - ok
12:08:51.0052 5364  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:08:51.0052 5364  HidBatt - ok
12:08:51.0068 5364  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:08:51.0068 5364  HidBth - ok
12:08:51.0114 5364  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:08:51.0114 5364  HidIr - ok
12:08:51.0146 5364  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:08:51.0146 5364  hidserv - ok
12:08:51.0177 5364  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:08:51.0177 5364  HidUsb - ok
12:08:51.0239 5364  [ CE419A2F7837ADA7C8786D4554FE7189 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
12:08:51.0255 5364  HitmanProScheduler - ok
12:08:51.0270 5364  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:08:51.0286 5364  hkmsvc - ok
12:08:51.0302 5364  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:08:51.0302 5364  HomeGroupListener - ok
12:08:51.0333 5364  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:08:51.0348 5364  HomeGroupProvider - ok
12:08:51.0380 5364  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:08:51.0380 5364  HpSAMD - ok
12:08:51.0442 5364  [ 7ACA9DBAD8BE6831C29676986C56DA82 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:08:51.0458 5364  HSF_DPV - ok
12:08:51.0473 5364  [ 16D32741F8E4725E76455B64EDCC9CF1 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:08:51.0473 5364  HSXHWAZL - ok
12:08:51.0489 5364  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:08:51.0504 5364  HTTP - ok
12:08:51.0520 5364  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:08:51.0520 5364  hwpolicy - ok
12:08:51.0567 5364  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:08:51.0567 5364  i8042prt - ok
12:08:51.0629 5364  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:08:51.0629 5364  iaStorV - ok
12:08:51.0676 5364  [ 93C1F02646AC75985E895C1406D8CA51 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:08:51.0676 5364  IBMPMDRV - ok
12:08:51.0692 5364  [ 7A2BEB279CC3774B22EAA7AAF6478D0F ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
12:08:51.0692 5364  IBMPMSVC - ok
12:08:51.0770 5364  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:51.0770 5364  idsvc - ok
12:08:51.0801 5364  IEEtwCollectorService - ok
12:08:51.0926 5364  [ 1F50623259DF354776DF04C56504A2D7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:08:51.0972 5364  igfx - ok
12:08:52.0035 5364  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:08:52.0035 5364  iirsp - ok
12:08:52.0113 5364  [ B9C54120F46392100478F58F374E5709 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:08:52.0113 5364  IKEEXT - ok
12:08:52.0160 5364  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:08:52.0160 5364  intelide - ok
12:08:52.0175 5364  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:08:52.0175 5364  intelppm - ok
12:08:52.0206 5364  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:08:52.0222 5364  IPBusEnum - ok
12:08:52.0222 5364  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:52.0222 5364  IpFilterDriver - ok
12:08:52.0378 5364  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:08:52.0378 5364  iphlpsvc - ok
12:08:52.0440 5364  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:08:52.0440 5364  IPMIDRV - ok
12:08:52.0487 5364  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:08:52.0487 5364  IPNAT - ok
12:08:52.0518 5364  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:08:52.0518 5364  IRENUM - ok
12:08:52.0534 5364  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:08:52.0534 5364  isapnp - ok
12:08:52.0550 5364  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:08:52.0550 5364  iScsiPrt - ok
12:08:52.0581 5364  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:08:52.0581 5364  kbdclass - ok
12:08:52.0596 5364  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:08:52.0596 5364  kbdhid - ok
12:08:52.0612 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso          C:\Windows\system32\lsass.exe
12:08:52.0612 5364  KeyIso - ok
12:08:52.0643 5364  [ F286830298323272260332D6ABC905C1 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:08:52.0643 5364  KSecDD - ok
12:08:52.0674 5364  [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:08:52.0674 5364  KSecPkg - ok
12:08:52.0706 5364  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:08:52.0721 5364  KtmRm - ok
12:08:52.0768 5364  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:08:52.0768 5364  LanmanServer - ok
12:08:52.0815 5364  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:08:52.0815 5364  LanmanWorkstation - ok
12:08:52.0862 5364  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:08:52.0862 5364  lltdio - ok
12:08:52.0908 5364  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:08:52.0908 5364  lltdsvc - ok
12:08:52.0924 5364  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:08:52.0940 5364  lmhosts - ok
12:08:52.0955 5364  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:08:52.0955 5364  LSI_FC - ok
12:08:52.0986 5364  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:08:52.0986 5364  LSI_SAS - ok
12:08:53.0002 5364  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:08:53.0002 5364  LSI_SAS2 - ok
12:08:53.0018 5364  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:08:53.0018 5364  LSI_SCSI - ok
12:08:53.0049 5364  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:08:53.0049 5364  luafv - ok
12:08:53.0096 5364  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:08:53.0096 5364  MBAMProtector - ok
12:08:53.0158 5364  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:08:53.0158 5364  MBAMScheduler - ok
12:08:53.0189 5364  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:08:53.0189 5364  MBAMService - ok
12:08:53.0236 5364  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:08:53.0236 5364  Mcx2Svc - ok
12:08:53.0267 5364  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:08:53.0267 5364  mdmxsdk - ok
12:08:53.0283 5364  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:08:53.0283 5364  megasas - ok
12:08:53.0330 5364  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:08:53.0330 5364  MegaSR - ok
12:08:53.0345 5364  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:08:53.0345 5364  MMCSS - ok
12:08:53.0361 5364  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:08:53.0361 5364  Modem - ok
12:08:53.0423 5364  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:08:53.0423 5364  monitor - ok
12:08:53.0454 5364  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:08:53.0454 5364  mouclass - ok
12:08:53.0470 5364  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:08:53.0470 5364  mouhid - ok
12:08:53.0501 5364  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:08:53.0501 5364  mountmgr - ok
12:08:53.0532 5364  [ CDFFF895D3633CE7CC1B48EC6FF45774 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:08:53.0532 5364  MozillaMaintenance - ok
12:08:53.0564 5364  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:08:53.0564 5364  mpio - ok
12:08:53.0579 5364  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:08:53.0579 5364  mpsdrv - ok
12:08:53.0657 5364  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:08:53.0657 5364  MpsSvc - ok
12:08:53.0720 5364  [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:08:53.0720 5364  MRxDAV - ok
12:08:53.0766 5364  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:53.0766 5364  mrxsmb - ok
12:08:53.0798 5364  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:53.0798 5364  mrxsmb10 - ok
12:08:53.0813 5364  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:53.0813 5364  mrxsmb20 - ok
12:08:53.0844 5364  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:08:53.0844 5364  msahci - ok
12:08:53.0860 5364  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:08:53.0860 5364  msdsm - ok
12:08:53.0876 5364  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:08:53.0876 5364  MSDTC - ok
12:08:53.0922 5364  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:08:53.0922 5364  Msfs - ok
12:08:53.0938 5364  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:08:53.0938 5364  mshidkmdf - ok
12:08:53.0969 5364  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:08:53.0969 5364  msisadrv - ok
12:08:54.0016 5364  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:08:54.0016 5364  MSiSCSI - ok
12:08:54.0016 5364  msiserver - ok
12:08:54.0063 5364  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:08:54.0063 5364  MSKSSRV - ok
12:08:54.0063 5364  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:54.0063 5364  MSPCLOCK - ok
12:08:54.0078 5364  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:08:54.0078 5364  MSPQM - ok
12:08:54.0110 5364  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:08:54.0110 5364  MsRPC - ok
12:08:54.0125 5364  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:08:54.0125 5364  mssmbios - ok
12:08:54.0141 5364  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:08:54.0141 5364  MSTEE - ok
12:08:54.0141 5364  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:08:54.0141 5364  MTConfig - ok
12:08:54.0156 5364  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:08:54.0156 5364  Mup - ok
12:08:54.0203 5364  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:08:54.0203 5364  napagent - ok
12:08:54.0234 5364  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:08:54.0234 5364  NativeWifiP - ok
12:08:54.0281 5364  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:08:54.0281 5364  NDIS - ok
12:08:54.0312 5364  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:54.0312 5364  NdisCap - ok
12:08:54.0328 5364  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:54.0328 5364  NdisTapi - ok
12:08:54.0344 5364  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:54.0344 5364  Ndisuio - ok
12:08:54.0359 5364  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:54.0359 5364  NdisWan - ok
12:08:54.0375 5364  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:08:54.0390 5364  NDProxy - ok
12:08:54.0422 5364  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:08:54.0422 5364  NetBIOS - ok
12:08:54.0437 5364  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:08:54.0437 5364  NetBT - ok
12:08:54.0453 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon        C:\Windows\system32\lsass.exe
12:08:54.0453 5364  Netlogon - ok
12:08:54.0484 5364  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:08:54.0484 5364  Netman - ok
12:08:54.0531 5364  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:54.0531 5364  NetMsmqActivator - ok
12:08:54.0531 5364  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:54.0531 5364  NetPipeActivator - ok
12:08:54.0562 5364  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:08:54.0578 5364  netprofm - ok
12:08:54.0640 5364  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:54.0656 5364  NetTcpActivator - ok
12:08:54.0718 5364  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:54.0718 5364  NetTcpPortSharing - ok
12:08:54.0968 5364  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
12:08:54.0999 5364  netw5v32 - ok
12:08:55.0046 5364  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:08:55.0046 5364  nfrd960 - ok
12:08:55.0092 5364  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:08:55.0092 5364  NlaSvc - ok
12:08:55.0108 5364  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:08:55.0108 5364  Npfs - ok
12:08:55.0139 5364  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:08:55.0155 5364  nsi - ok
12:08:55.0155 5364  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:08:55.0155 5364  nsiproxy - ok
12:08:55.0217 5364  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:08:55.0233 5364  Ntfs - ok
12:08:55.0248 5364  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:08:55.0248 5364  Null - ok
12:08:55.0280 5364  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:08:55.0280 5364  nvraid - ok
12:08:55.0326 5364  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:08:55.0326 5364  nvstor - ok
12:08:55.0326 5364  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:08:55.0326 5364  nv_agp - ok
12:08:55.0358 5364  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:08:55.0358 5364  ohci1394 - ok
12:08:55.0404 5364  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:08:55.0404 5364  p2pimsvc - ok
12:08:55.0436 5364  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:08:55.0436 5364  p2psvc - ok
12:08:55.0451 5364  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
12:08:55.0467 5364  Parport - ok
12:08:55.0482 5364  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:08:55.0482 5364  partmgr - ok
12:08:55.0514 5364  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:08:55.0514 5364  Parvdm - ok
12:08:55.0529 5364  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:08:55.0529 5364  PcaSvc - ok
12:08:55.0560 5364  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:08:55.0560 5364  pci - ok
12:08:55.0576 5364  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:08:55.0576 5364  pciide - ok
12:08:55.0607 5364  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:08:55.0607 5364  pcmcia - ok
12:08:55.0623 5364  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:08:55.0623 5364  pcw - ok
12:08:55.0670 5364  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:08:55.0670 5364  PEAUTH - ok
12:08:55.0701 5364  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:08:55.0716 5364  PeerDistSvc - ok
12:08:55.0794 5364  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:08:55.0794 5364  pla - ok
12:08:55.0841 5364  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:08:55.0857 5364  PlugPlay - ok
12:08:55.0872 5364  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:08:55.0872 5364  PNRPAutoReg - ok
12:08:55.0888 5364  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:08:55.0888 5364  PNRPsvc - ok
12:08:55.0919 5364  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:08:55.0935 5364  PolicyAgent - ok
12:08:55.0966 5364  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:08:55.0966 5364  Power - ok
12:08:55.0997 5364  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:08:55.0997 5364  PptpMiniport - ok
12:08:56.0013 5364  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
12:08:56.0028 5364  Processor - ok
12:08:56.0060 5364  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:08:56.0060 5364  ProfSvc - ok
12:08:56.0075 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:08:56.0075 5364  ProtectedStorage - ok
12:08:56.0122 5364  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:08:56.0122 5364  Psched - ok
12:08:56.0169 5364  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:08:56.0184 5364  ql2300 - ok
12:08:56.0231 5364  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:08:56.0231 5364  ql40xx - ok
12:08:56.0278 5364  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:08:56.0278 5364  QWAVE - ok
12:08:56.0294 5364  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:08:56.0294 5364  QWAVEdrv - ok
12:08:56.0309 5364  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:08:56.0309 5364  RasAcd - ok
12:08:56.0325 5364  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:56.0325 5364  RasAgileVpn - ok
12:08:56.0340 5364  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:08:56.0340 5364  RasAuto - ok
12:08:56.0356 5364  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:56.0372 5364  Rasl2tp - ok
12:08:56.0403 5364  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:08:56.0403 5364  RasMan - ok
12:08:56.0418 5364  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:56.0418 5364  RasPppoe - ok
12:08:56.0434 5364  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:08:56.0434 5364  RasSstp - ok
12:08:56.0450 5364  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:08:56.0450 5364  rdbss - ok
12:08:56.0481 5364  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:56.0481 5364  rdpbus - ok
12:08:56.0496 5364  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:56.0496 5364  RDPCDD - ok
12:08:56.0528 5364  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:08:56.0528 5364  RDPDR - ok
12:08:56.0574 5364  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:08:56.0574 5364  RDPENCDD - ok
12:08:56.0590 5364  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:08:56.0590 5364  RDPREFMP - ok
12:08:56.0652 5364  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:08:56.0668 5364  RdpVideoMiniport - ok
12:08:56.0699 5364  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:08:56.0699 5364  RDPWD - ok
12:08:56.0730 5364  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:08:56.0730 5364  rdyboost - ok
12:08:56.0746 5364  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:08:56.0762 5364  RemoteAccess - ok
12:08:56.0793 5364  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:08:56.0793 5364  RemoteRegistry - ok
12:08:56.0840 5364  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:08:56.0840 5364  RpcEptMapper - ok
12:08:56.0855 5364  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:08:56.0871 5364  RpcLocator - ok
12:08:56.0886 5364  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:08:56.0902 5364  RpcSs - ok
12:08:56.0933 5364  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:08:56.0933 5364  rspndr - ok
12:08:56.0980 5364  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:08:56.0980 5364  s3cap - ok
12:08:56.0980 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs           C:\Windows\system32\lsass.exe
12:08:56.0980 5364  SamSs - ok
12:08:57.0042 5364  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:08:57.0042 5364  SASDIFSV - ok
12:08:57.0074 5364  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:08:57.0074 5364  SASKUTIL - ok
12:08:57.0120 5364  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:08:57.0120 5364  sbp2port - ok
12:08:57.0152 5364  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:08:57.0167 5364  SCardSvr - ok
12:08:57.0183 5364  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:08:57.0183 5364  scfilter - ok
12:08:57.0230 5364  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:08:57.0230 5364  Schedule - ok
12:08:57.0245 5364  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:08:57.0245 5364  SCPolicySvc - ok
12:08:57.0354 5364  [ 27720E9C64FE584D1A69F7ACC7E9C1DD ] SDHookDriver    C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys
12:08:57.0354 5364  SDHookDriver - ok
12:08:57.0386 5364  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:08:57.0386 5364  SDRSVC - ok
12:08:57.0495 5364  [ A813F300123D3059C9506F9D2505D109 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
12:08:57.0526 5364  SDScannerService - ok
12:08:57.0588 5364  [ 094CF1374E6798A4DF86A3601D75503D ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:08:57.0620 5364  SDUpdateService - ok
12:08:57.0666 5364  [ A432593B7CA986224310CAC010D1B0A1 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:08:57.0666 5364  SDWSCService - ok
12:08:57.0713 5364  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:08:57.0713 5364  secdrv - ok
12:08:57.0744 5364  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:08:57.0744 5364  seclogon - ok
12:08:57.0760 5364  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:08:57.0760 5364  SENS - ok
12:08:57.0776 5364  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:08:57.0776 5364  SensrSvc - ok
12:08:57.0807 5364  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:08:57.0807 5364  Serenum - ok
12:08:57.0822 5364  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
12:08:57.0822 5364  Serial - ok
12:08:57.0838 5364  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:08:57.0838 5364  sermouse - ok
12:08:57.0854 5364  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:08:57.0869 5364  SessionEnv - ok
12:08:57.0869 5364  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:08:57.0869 5364  sffdisk - ok
12:08:57.0885 5364  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:08:57.0885 5364  sffp_mmc - ok
12:08:57.0885 5364  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:08:57.0885 5364  sffp_sd - ok
12:08:57.0900 5364  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:08:57.0900 5364  sfloppy - ok
12:08:57.0978 5364  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:08:57.0978 5364  SharedAccess - ok
12:08:58.0010 5364  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:08:58.0010 5364  ShellHWDetection - ok
12:08:58.0041 5364  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:08:58.0041 5364  sisagp - ok
12:08:58.0072 5364  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:08:58.0072 5364  SiSRaid2 - ok
12:08:58.0103 5364  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:08:58.0103 5364  SiSRaid4 - ok
12:08:58.0119 5364  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:08:58.0119 5364  Smb - ok
12:08:58.0181 5364  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:08:58.0181 5364  SNMPTRAP - ok
12:08:58.0212 5364  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:08:58.0212 5364  spldr - ok
12:08:58.0244 5364  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:08:58.0244 5364  Spooler - ok
12:08:58.0353 5364  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:08:58.0384 5364  sppsvc - ok
12:08:58.0431 5364  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:08:58.0431 5364  sppuinotify - ok
12:08:58.0446 5364  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:08:58.0446 5364  srv - ok
12:08:58.0478 5364  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:08:58.0478 5364  srv2 - ok
12:08:58.0509 5364  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:08:58.0524 5364  SrvHsfHDA - ok
12:08:58.0556 5364  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:08:58.0556 5364  SrvHsfV92 - ok
12:08:58.0587 5364  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:08:58.0602 5364  SrvHsfWinac - ok
12:08:58.0618 5364  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:08:58.0618 5364  srvnet - ok
12:08:58.0649 5364  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:08:58.0649 5364  SSDPSRV - ok
12:08:58.0680 5364  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:08:58.0680 5364  SstpSvc - ok
12:08:58.0712 5364  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:08:58.0712 5364  stexstor - ok
12:08:58.0758 5364  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:08:58.0774 5364  StiSvc - ok
12:08:58.0790 5364  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:08:58.0790 5364  storflt - ok
12:08:58.0805 5364  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:08:58.0805 5364  storvsc - ok
12:08:58.0821 5364  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:08:58.0821 5364  swenum - ok
12:08:58.0868 5364  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:08:58.0868 5364  swprv - ok
12:08:58.0899 5364  [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
12:08:58.0899 5364  Synth3dVsc - ok
12:08:58.0946 5364  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:08:58.0961 5364  SysMain - ok
12:08:58.0961 5364  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:08:58.0977 5364  TabletInputService - ok
12:08:58.0992 5364  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:08:58.0992 5364  TapiSrv - ok
12:08:59.0008 5364  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:08:59.0024 5364  TBS - ok
12:08:59.0086 5364  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:08:59.0102 5364  Tcpip - ok
12:08:59.0180 5364  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:08:59.0195 5364  TCPIP6 - ok
12:08:59.0226 5364  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:08:59.0226 5364  tcpipreg - ok
12:08:59.0258 5364  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:08:59.0273 5364  TDPIPE - ok
12:08:59.0304 5364  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:08:59.0304 5364  TDTCP - ok
12:08:59.0336 5364  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:08:59.0336 5364  tdx - ok
12:08:59.0351 5364  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:08:59.0351 5364  TermDD - ok
12:08:59.0351 5364  [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt        C:\Windows\system32\drivers\terminpt.sys
12:08:59.0351 5364  terminpt - ok
12:08:59.0398 5364  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:08:59.0398 5364  TermService - ok
12:08:59.0429 5364  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:08:59.0429 5364  Themes - ok
12:08:59.0429 5364  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:08:59.0445 5364  THREADORDER - ok
12:08:59.0476 5364  [ 1C950AE9C09904C229525F22EEFC15DB ] Tp4Track        C:\Windows\system32\DRIVERS\tp4track.sys
12:08:59.0476 5364  Tp4Track - ok
12:08:59.0523 5364  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:08:59.0523 5364  TrkWks - ok
12:08:59.0570 5364  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:08:59.0570 5364  TrustedInstaller - ok
12:08:59.0616 5364  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:59.0616 5364  tssecsrv - ok
12:08:59.0632 5364  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:08:59.0632 5364  TsUsbFlt - ok
12:08:59.0648 5364  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:08:59.0648 5364  TsUsbGD - ok
12:08:59.0663 5364  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
12:08:59.0663 5364  tsusbhub - ok
12:08:59.0694 5364  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:08:59.0694 5364  tunnel - ok
12:08:59.0710 5364  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:08:59.0710 5364  uagp35 - ok
12:08:59.0726 5364  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:08:59.0726 5364  udfs - ok
12:08:59.0772 5364  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:08:59.0772 5364  UI0Detect - ok
12:08:59.0788 5364  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:08:59.0788 5364  uliagpkx - ok
12:08:59.0819 5364  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:08:59.0819 5364  umbus - ok
12:08:59.0819 5364  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:08:59.0819 5364  UmPass - ok
12:08:59.0850 5364  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:08:59.0850 5364  UmRdpService - ok
12:08:59.0882 5364  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:08:59.0882 5364  upnphost - ok
12:08:59.0944 5364  [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:59.0944 5364  usbccgp - ok
12:08:59.0975 5364  [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:08:59.0975 5364  usbcir - ok
12:08:59.0991 5364  [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:08:59.0991 5364  usbehci - ok
12:09:00.0053 5364  [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:09:00.0053 5364  usbhub - ok
12:09:00.0100 5364  [ DCDF9855145A14DFCA0AB32308871961 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:09:00.0100 5364  usbohci - ok
12:09:00.0131 5364  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:09:00.0131 5364  usbprint - ok
12:09:00.0178 5364  [ FC6B21DB4B5B398AB93DBE59CBF11036 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
12:09:00.0178 5364  usbscan - ok
12:09:00.0194 5364  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:09:00.0194 5364  USBSTOR - ok
12:09:00.0240 5364  [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:09:00.0240 5364  usbuhci - ok
12:09:00.0272 5364  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:09:00.0272 5364  UxSms - ok
12:09:00.0287 5364  [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc        C:\Windows\system32\lsass.exe
12:09:00.0287 5364  VaultSvc - ok
12:09:00.0318 5364  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:09:00.0334 5364  vdrvroot - ok
12:09:00.0350 5364  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:09:00.0350 5364  vds - ok
12:09:00.0365 5364  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:09:00.0365 5364  vga - ok
12:09:00.0381 5364  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:09:00.0381 5364  VgaSave - ok
12:09:00.0381 5364  VGPU - ok
12:09:00.0396 5364  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:09:00.0396 5364  vhdmp - ok
12:09:00.0459 5364  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:09:00.0459 5364  viaagp - ok
12:09:00.0474 5364  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:09:00.0474 5364  ViaC7 - ok
12:09:00.0506 5364  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:09:00.0506 5364  viaide - ok
12:09:00.0552 5364  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:09:00.0552 5364  vmbus - ok
12:09:00.0584 5364  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:09:00.0584 5364  VMBusHID - ok
12:09:00.0615 5364  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:09:00.0615 5364  volmgr - ok
12:09:00.0630 5364  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:09:00.0630 5364  volmgrx - ok
12:09:00.0646 5364  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:09:00.0646 5364  volsnap - ok
12:09:00.0693 5364  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:09:00.0693 5364  vsmraid - ok
12:09:00.0740 5364  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:09:00.0740 5364  VSS - ok
12:09:00.0818 5364  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:09:00.0818 5364  vwifibus - ok
12:09:00.0849 5364  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:09:00.0849 5364  W32Time - ok
12:09:00.0864 5364  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:09:00.0864 5364  WacomPen - ok
12:09:00.0911 5364  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:09:00.0911 5364  WANARP - ok
12:09:00.0911 5364  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:09:00.0911 5364  Wanarpv6 - ok
12:09:00.0974 5364  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:09:00.0989 5364  WatAdminSvc - ok
12:09:01.0036 5364  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:09:01.0052 5364  wbengine - ok
12:09:01.0067 5364  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:09:01.0083 5364  WbioSrvc - ok
12:09:01.0098 5364  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:09:01.0098 5364  wcncsvc - ok
12:09:01.0130 5364  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:09:01.0130 5364  WcsPlugInService - ok
12:09:01.0145 5364  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
12:09:01.0145 5364  Wd - ok
12:09:01.0208 5364  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:09:01.0208 5364  Wdf01000 - ok
12:09:01.0223 5364  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:09:01.0223 5364  WdiServiceHost - ok
12:09:01.0223 5364  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:09:01.0239 5364  WdiSystemHost - ok
12:09:01.0286 5364  [ 75E8EBD7040CE238684333F97014762A ] WebClient       C:\Windows\System32\webclnt.dll
12:09:01.0286 5364  WebClient - ok
12:09:01.0301 5364  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:09:01.0301 5364  Wecsvc - ok
12:09:01.0317 5364  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:09:01.0333 5364  wercplsupport - ok
12:09:01.0348 5364  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:09:01.0348 5364  WerSvc - ok
12:09:01.0395 5364  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:09:01.0395 5364  WfpLwf - ok
12:09:01.0411 5364  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:09:01.0426 5364  WIMMount - ok
12:09:01.0473 5364  [ 65445280EFFBA80C73DE3C8578B70974 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:09:01.0473 5364  winachsf - ok
12:09:01.0504 5364  WinHttpAutoProxySvc - ok
12:09:01.0567 5364  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:09:01.0567 5364  Winmgmt - ok
12:09:01.0613 5364  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:09:01.0629 5364  WinRM - ok
12:09:01.0676 5364  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:09:01.0691 5364  Wlansvc - ok
12:09:01.0723 5364  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:09:01.0723 5364  WmiAcpi - ok
12:09:01.0754 5364  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:09:01.0754 5364  wmiApSrv - ok
12:09:01.0832 5364  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:09:01.0847 5364  WMPNetworkSvc - ok
12:09:01.0879 5364  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:09:01.0879 5364  WPCSvc - ok
12:09:01.0894 5364  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:09:01.0894 5364  WPDBusEnum - ok
12:09:01.0910 5364  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:09:01.0910 5364  ws2ifsl - ok
12:09:01.0941 5364  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:09:01.0957 5364  wscsvc - ok
12:09:01.0957 5364  WSearch - ok
12:09:02.0066 5364  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:09:02.0097 5364  wuauserv - ok
12:09:02.0113 5364  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:09:02.0113 5364  WudfPf - ok
12:09:02.0144 5364  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:02.0144 5364  WUDFRd - ok
12:09:02.0175 5364  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:09:02.0175 5364  wudfsvc - ok
12:09:02.0206 5364  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:09:02.0206 5364  WwanSvc - ok
12:09:02.0222 5364  [ 7E46367B80600D04DD83F41EF1C860DF ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
12:09:02.0222 5364  XAudio - ok
12:09:02.0253 5364  [ F74E4CA800743A4794CE9E9DFC3E7D0E ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
12:09:02.0253 5364  XAudioService - ok
12:09:02.0284 5364  ================ Scan global ===============================
12:09:02.0300 5364  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:09:02.0347 5364  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:09:02.0347 5364  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:09:02.0378 5364  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:09:02.0393 5364  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:09:02.0409 5364  [Global] - ok
12:09:02.0409 5364  ================ Scan MBR ==================================
12:09:02.0425 5364  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:09:03.0064 5364  \Device\Harddisk0\DR0 - ok
12:09:03.0064 5364  ================ Scan VBR ==================================
12:09:03.0064 5364  [ 1392830754FB3EE49AF4433EF57B5384 ] \Device\Harddisk0\DR0\Partition1
12:09:03.0064 5364  \Device\Harddisk0\DR0\Partition1 - ok
12:09:03.0095 5364  [ 73168736042B4B2892C8C755D1A645F5 ] \Device\Harddisk0\DR0\Partition2
12:09:03.0095 5364  \Device\Harddisk0\DR0\Partition2 - ok
12:09:03.0095 5364  ============================================================
12:09:03.0095 5364  Scan finished
12:09:03.0095 5364  ============================================================
12:09:03.0111 2756  Detected object count: 0
12:09:03.0111 2756  Actual detected object count: 0

 

 

 

 

Here is the combofix log file

 

ComboFix 13-12-26.01 - End User 12/26/2013  13:35:56.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3062.2300 [GMT -5:00]
Running from: c:\users\End User\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\5597.tmp
c:\programdata\Microsoft\Windows\DRM\8826.tmp
c:\programdata\Microsoft\Windows\DRM\8876.tmp
c:\programdata\Microsoft\Windows\DRM\B902.tmp
c:\programdata\Microsoft\Windows\DRM\B914.tmp
c:\programdata\Microsoft\Windows\DRM\C63B.tmp
c:\programdata\Microsoft\Windows\DRM\C737.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-26 to 2013-12-26  )))))))))))))))))))))))))))))))
.
.
2013-12-26 21:43 . 2013-12-26 21:59 -------- d-----w- c:\users\End User\AppData\Local\temp
2013-12-26 21:43 . 2013-12-26 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-26 17:26 . 2013-12-26 17:27 -------- d-----w- c:\programdata\SUPERSetup
2013-12-26 15:19 . 2013-12-26 15:19 -------- d-----w- C:\FRST
2013-12-24 16:31 . 2013-12-24 16:31 -------- d-----w- C:\mal-ware
2013-12-24 16:29 . 2013-12-24 16:29 -------- d-----w- c:\users\End User\malrootkill
2013-12-24 16:22 . 2013-12-25 16:31 -------- d-----w- C:\downloads
2013-12-24 16:17 . 2013-12-24 20:08 -------- d-----w- C:\_reports
2013-12-24 16:16 . 2013-12-24 19:48 -------- d-----w- C:\AdwCleaner
2013-12-23 03:04 . 2013-12-23 03:12 -------- d-----w- c:\users\End User\AppData\Local\Microsoft Games
2013-12-22 23:54 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-22 23:54 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-22 23:54 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-22 23:54 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-22 23:53 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-22 23:53 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-22 23:53 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-22 23:53 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-22 23:53 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-22 23:53 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-22 23:53 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-22 23:36 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-22 23:36 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 15:27 . 2013-11-16 15:27 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-16 15:27 . 2013-11-16 15:27 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-16 15:27 . 2013-11-16 15:27 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-16 15:27 . 2013-11-16 15:27 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-16 15:27 . 2013-11-16 15:27 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-16 15:27 . 2013-11-16 15:27 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-16 15:27 . 2013-11-16 15:27 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-16 15:27 . 2013-11-16 15:27 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-16 15:27 . 2013-11-16 15:27 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-16 15:27 . 2013-11-16 15:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-16 15:27 . 2013-11-16 15:27 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-16 15:27 . 2013-11-16 15:27 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-16 15:27 . 2013-11-16 15:27 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-16 15:27 . 2013-11-16 15:27 337408 ----a-w- c:\windows\system32\html.iec
2013-11-16 15:27 . 2013-11-16 15:27 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-16 15:27 . 2013-11-16 15:27 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-16 15:27 . 2013-11-16 15:27 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-16 15:27 . 2013-11-16 15:27 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-16 15:27 . 2013-11-16 15:27 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-16 15:27 . 2013-11-16 15:27 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-10-12 02:03 . 2013-11-13 14:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 14:08 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 14:08 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57 . 2013-11-13 14:08 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58 . 2013-11-13 14:08 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 14:08 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56 . 2013-11-13 14:08 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58 . 2013-11-13 14:08 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-06-06 17:35 . 2013-02-22 21:30 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-12-19 6032840]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-19 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-12-19 5580752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 19549832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-12-24 106280]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-19 3666392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-19 2729432]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-19 171928]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1343400]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SDHookDriver;Hook Test Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2013-12-19 46248]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-19 15:57]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-19 15:57]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 216.144.187.199 216.144.187.101 204.186.110.76
TCP: Interfaces\{DA1F08CB-EB21-4597-9AC9-80BF5398DFDD}: NameServer = 207.69.188.187 207.69.188.186
FF - ProfilePath - c:\users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\em9dmx9r.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-26  18:27:43
ComboFix-quarantined-files.txt  2013-12-26 23:26
.
Pre-Run: 48,060,669,952 bytes free
Post-Run: 47,831,965,696 bytes free
.
- - End Of File - - 08D153DA548393A10DE68EB6BD50C5D7
A36C5E4F47E84449FF07ED3517B43A31

 



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 December 2013 - 07:36 PM

Can you tell which program is doing the scanning you are describing?  Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 08:49 PM

adwcleaner r3 log

 

# AdwCleaner v3.016 - Report created 26/12/2013 at 19:47:53
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : End User - ENDUSER-PC
# Running from : C:\Users\End User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\em9dmx9r.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2473 octets] - [24/12/2013 11:16:10]
AdwCleaner[R1].txt - [885 octets] - [24/12/2013 11:22:56]
AdwCleaner[R2].txt - [944 octets] - [24/12/2013 14:47:28]
AdwCleaner[R3].txt - [818 octets] - [26/12/2013 19:47:53]
AdwCleaner[S0].txt - [2578 octets] - [24/12/2013 11:17:50]
AdwCleaner[S1].txt - [1004 octets] - [24/12/2013 14:48:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [997 octets] ##########

 

 

adwcleaner s2 log

 

# AdwCleaner v3.016 - Report created 26/12/2013 at 19:49:54
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : End User - ENDUSER-PC
# Running from : C:\Users\End User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v12.0 (en-US)

[ File : C:\Users\End User\AppData\Roaming\Mozilla\Firefox\Profiles\em9dmx9r.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2473 octets] - [24/12/2013 11:16:10]
AdwCleaner[R1].txt - [885 octets] - [24/12/2013 11:22:56]
AdwCleaner[R2].txt - [944 octets] - [24/12/2013 14:47:28]
AdwCleaner[R3].txt - [1076 octets] - [26/12/2013 19:47:53]
AdwCleaner[S0].txt - [2578 octets] - [24/12/2013 11:17:50]
AdwCleaner[S1].txt - [1004 octets] - [24/12/2013 14:48:24]
AdwCleaner[S2].txt - [999 octets] - [26/12/2013 19:49:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1058 octets] ##########

 

mbam log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
End User :: ENDUSER-PC [administrator]

12/26/2013 19:56:17
mbam-log-2013-12-26 (19-56-17).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291289
Time elapsed: 47 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#11 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 26 December 2013 - 08:59 PM

Attached File  Capture.JPG   80.91KB   0 downloadsHere is a screen capture of the quarantine items of mbam from 12-24.

 

 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 26 December 2013 - 10:04 PM

How is the computer running now?  Please do this next:

icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version. Once it completes a web page should open that will verify that you have the latest version.  Below that is a box with a link to remove older, insecure versions.  Click that and follow the prompts.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?  Do you have any remaining issues?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 27 December 2013 - 10:16 AM

The laptop seems to be running well.  What I did notice was that rkill was the only thing that did show the zeroaccess.  The second threat is not unexpected.

 

 

 

Here is the threat list

 

C:\System Volume Information\_restore{5A74B0A1-3341-4602-AD32-52E20A05EDAC}\RP17\A0008948.exe Win32/RiskWare.HackAV.DN application
C:\Users\End User\Desktop\ESET Antivirus 4.0.468.0\ESET Fix v4.30A.exe Win32/RiskWare.HackAV.DN application



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:47 AM

Posted 27 December 2013 - 11:39 AM

Your logs are looking good now.  That first ESET detection will be removed when you complete this last set of instructions.  All I have left for you is another update and some important cleanup:

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it


  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.


  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop


  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:


  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 backerfan

backerfan
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 27 December 2013 - 12:23 PM

I performed the items requested.  I just finished running rkill again since that was the only thing that caught the zeroaccess and it still seems to be there. 

Also, is there a way to completely remove windows defender?  I would like to install ESET on this pc.

 

 

Below is the log file.

 

 

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/27/2013 12:19:18 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpClient.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MsMpRes.dll => c:\windows\system32\config [File]

 * No issues found.

Checking Windows Service Integrity:

 * WinDefend (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 12/27/2013 12:19:41 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users