Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking on google search results causes redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 damonkashu

damonkashu

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 04 January 2014 - 10:20 PM

I tried TDSSKiller to no avail. Additionally, I see "dcom server process launcher service terminated unexpectedly" occasionally pop up.
 
----
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Daniel Quach at 19:14:57 on 2014-01-04
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.8167.4920 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\Users\Daniel Quach\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Daniel Quach\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\servicing\TrustedInstaller.exe
D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [F.lux] "D:\Users\Daniel Quach\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [chromium] D:\Users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [Hzhymedia Update] regsvr32.exe "D:\Users\Daniel Quach\AppData\Local\Hzhymedia\zhgwuqkvcorfg.dll"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{A9450134-90EE-4066-A9C9-579FA2862F74} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 248240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-17 279616]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-12-15 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-12-13 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-12-15 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-12-7 171688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2011-12-13 26136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 applewtp;Apple Wireless Trackpad;C:\Windows\System32\drivers\applewtp.sys [2012-8-11 53760]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-1-4 32512]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
.
=============== Created Last 30 ================
.
2014-01-05 03:08:21 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-04 23:23:05 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\CDWLauncher
2014-01-04 22:29:04 -------- d-----w- C:\Windows\System32\MRT
2014-01-04 22:25:37 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A4F6691-273C-42C2-BBE0-A4C0E4DADA02}\mpengine.dll
2014-01-04 22:25:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-01-04 22:11:39 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-04 22:03:54 98816 ----a-w- C:\Windows\sed.exe
2014-01-04 22:03:54 256000 ----a-w- C:\Windows\PEV.exe
2014-01-04 22:03:54 208896 ----a-w- C:\Windows\MBR.exe
2014-01-04 21:56:35 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-04 20:53:25 -------- d-----w- D:\Users\Daniel Quach\AppData\Roaming\TuneUp Software
2014-01-04 20:51:35 -------- d--h--w- C:\ProgramData\Common Files
2014-01-04 20:51:35 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\MFAData
2014-01-04 20:51:35 -------- d-----w- C:\ProgramData\MFAData
2014-01-04 20:12:49 -------- d---a-w- C:\Windows\System32\catroot2.old
2014-01-04 19:36:45 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\Hzhymedia
2014-01-03 04:43:47 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\PAYDAY 2
2013-12-21 06:10:53 -------- d-----w- C:\ProgramData\Package Cache
2013-12-15 17:49:20 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\Blizzard
2013-12-15 17:30:33 -------- d-----w- C:\Program Files (x86)\Hearthstone
2013-12-15 17:29:39 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\Blizzard Entertainment
2013-12-15 17:29:37 -------- d-----w- D:\Users\Daniel Quach\AppData\Roaming\Battle.net
2013-12-15 17:29:37 -------- d-----w- D:\Users\Daniel Quach\AppData\Local\Battle.net
2013-12-15 17:29:34 -------- d-----w- C:\Program Files (x86)\Battle.net
.
==================== Find3M  ====================
.
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:15:05.39 ===============

Attached Files


Edited by damonkashu, 04 January 2014 - 11:00 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 09 January 2014 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 09 January 2014 - 11:37 PM

I'm still getting the redirect, here are the results of each tool

 

Roguekiller results:

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User : Daniel Quach [Admin rights]
Mode : Remove -- Date : 01/09/2014 20:22:08
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Hzhymedia (regsvr32.exe C:\Windows\system32\config\systemprofile\AppData\Local\Hzhymedia\EMFFilter.DLL [x][x]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) INTEL SSDSA2CW160G3 ATA Device +++++
--- User ---
[MBR] f986dc3b4c16e11610cfe912e369614a
[BSP] b14b3cfc9ce32f8e9d9bcbe1c2b7bb3f : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 3ff85d05034f17df0ae8285b8988cafa
[BSP] 24ab82c6494559e7cc377fa7a348a07c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 851467 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) INTEL SSDSA2CW080G3 ATA Device +++++
--- User ---
[MBR] fddaca384aab8fe643ca3a30733e3e0f
[BSP] d2906417ba78504717c493544d5972ca : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 2048 | Size: 15624 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 32002046 | Size: 60693 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_01092014_202208.txt >>
RKreport[0]_S_01092014_201958.txt
 
AdwCleaner:
# AdwCleaner v3.016 - Report created 09/01/2014 at 20:25:22
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional  (64 bits)
# Username : Daniel Quach - BLACKBOX
# Running from : D:\Users\Daniel Quach\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v
 
[ File : D:\Users\Daniel Quach\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [909 octets] - [09/01/2014 20:23:01]
AdwCleaner[R1].txt - [830 octets] - [09/01/2014 20:25:22]
 
########## EOF - D:\AdwCleaner\AdwCleaner[R1].txt - [889 octets] ##########
 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Daniel Quach on Thu 01/09/2014 at 20:26:58.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/09/2014 at 20:28:10.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Security check:
 Results of screen317's Security Check version 0.99.78  
 Windows 7  x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 10 January 2014 - 09:04 AM

See if this will stop the redirect.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If still a problem disable the unknow Extensions in Chrome.
Test to see if you can find a bad one.
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Keep me posted.

#5 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 11 January 2014 - 07:20 PM

Farbar Service Scanner Version: 08-01-2014
Ran by Daniel Quach (administrator) on 11-01-2014 at 16:19:58
Running from "D:\Users\Daniel Quach\Downloads"
Microsoft Windows 7 Professional   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509952 ____A (Microsoft Corporation) 428F3F99F1B5D29E5F7FDDDF39C3A638
 
 
 
**** End of log ****


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 12 January 2014 - 09:37 AM

Are you being redirected in all the browsers?

Which one has the problem?

#7 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 14 January 2014 - 03:32 AM

Ok, looks like the redirects have stopped, there was a mysterious chrome extension which would reinstall every time I deleted it.

 

However, I'm still getting "dcom server process launcher service terminated unexpectedly"

as well as plug and play service also terminating unexpectedly. This is resulting in my machine restarting.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 14 January 2014 - 10:20 AM




Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#9 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 16 January 2014 - 10:45 PM

MiniToolBox by Farbar  Version: 18-12-2013

Ran by Daniel Quach (administrator) on 16-01-2014 at 19:45:29
Running from "D:\Users\Daniel Quach\Downloads"
Microsoft Windows 7 Professional   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 D:\Windows\System32\NLAapi.dll [File Not found] ()
x64-Catalog5 02 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 03 D:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog5 04 D:\Windows\System32\napinsp.dll [File Not found] ()
x64-Catalog5 05 D:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 06 D:\Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 07 D:\Windows\System32\wshbth.dll [File Not found] ()
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 06 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 07 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 08 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 09 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 10 D:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 11 D:\Windows\System32\mswsock.dll [File Not found] ()
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/16/2014 07:41:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: aaHMSvc.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211485
Exception code: 0x0eedfade
Fault offset: 0x0000b9bc
Faulting process id: 0x740
Faulting application start time: 0xaaHMSvc.exe0
Faulting application path: aaHMSvc.exe1
Faulting module path: aaHMSvc.exe2
Report Id: aaHMSvc.exe3
 
Error: (01/16/2014 07:40:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_DcomLaunch, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325
Exception code: 0xc0000008
Fault offset: 0x00000000000d00d8
Faulting process id: 0x2b4
Faulting application start time: 0xsvchost.exe_DcomLaunch0
Faulting application path: svchost.exe_DcomLaunch1
Faulting module path: svchost.exe_DcomLaunch2
Report Id: svchost.exe_DcomLaunch3
 
Error: (01/13/2014 10:05:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16891, time stamp: 0x4e86a1a7
Exception code: 0xc0000005
Fault offset: 0x00000000005c5367
Faulting process id: 0x2bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/13/2014 03:00:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/13/2014 02:41:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16891, time stamp: 0x4e86a1a7
Exception code: 0xc0000005
Fault offset: 0x00000000005c5367
Faulting process id: 0x2bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/13/2014 02:37:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16891, time stamp: 0x4e86a1a7
Exception code: 0xc0000005
Fault offset: 0x00000000005c5367
Faulting process id: 0x2d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/13/2014 01:29:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000001142e8d
Faulting process id: 0x2b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/12/2014 02:17:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000005c2e8d
Faulting process id: 0x2bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/12/2014 00:46:10 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 8.0.7600.16891, time stamp: 0x4e86a1a7
Exception code: 0xc0000005
Fault offset: 0x00000000005c5367
Faulting process id: 0x2bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (01/12/2014 00:30:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/16/2014 07:44:23 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/16/2014 07:44:23 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/16/2014 07:42:22 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (01/16/2014 07:40:50 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 
%%1190
 
Error: (01/16/2014 07:40:50 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (01/16/2014 07:40:50 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (01/14/2014 00:01:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Update for Windows 7 for x64-based Systems (KB2718704).
 
Error: (01/14/2014 00:01:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451).
 
Error: (01/14/2014 00:01:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Update for Windows 7 for x64-based Systems (KB971033).
 
Error: (01/14/2014 00:01:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070216: Security Update for Windows 7 for x64-based Systems (KB2753842).
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2014 07:41:40 PM) (Source: Application Error)(User: )
Description: aaHMSvc.exe0.0.0.000000000KERNELBASE.dll6.1.7600.168504e2114850eedfade0000b9bc74001cf10f86214a736C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exeC:\Windows\syswow64\KERNELBASE.dll460c95c7-7f29-11e3-a015-5404a618687d
 
Error: (01/16/2014 07:40:24 PM) (Source: Application Error)(User: )
Description: svchost.exe_DcomLaunch6.1.7600.163854a5bc3c1ntdll.dll6.1.7600.166954cc7b325c000000800000000000d00d82b401cf10f8614456f6C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll18bcae5d-7f29-11e3-a015-5404a618687d
 
Error: (01/13/2014 10:05:02 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7600.168914e86a1a7c000000500000000005c53672bc01cf10c77a6911b4C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllce052428-7ce1-11e3-a2a7-5404a618687d
 
Error: (01/13/2014 03:00:58 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe
 
Error: (01/13/2014 02:41:07 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7600.168914e86a1a7c000000500000000005c53672bc01cf10b07349b3adC:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllc9f0a256-7ca3-11e3-bb5e-5404a618687d
 
Error: (01/13/2014 02:37:54 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7600.168914e86a1a7c000000500000000005c53672d001cf107f4367ab24C:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll56ed1ddb-7ca3-11e3-b892-5404a618687d
 
Error: (01/13/2014 01:29:41 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000001142e8d2b801cf0fe4a27d824bC:\Windows\system32\svchost.exeunknown3a7b5693-7c35-11e3-a32c-5404a618687d
 
Error: (01/12/2014 02:17:54 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000005c2e8d2bc01cf0f72f85bed52C:\Windows\system32\svchost.exeunknown618f0612-7bd7-11e3-9d97-5404a618687d
 
Error: (01/12/2014 00:46:10 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7600.168914e86a1a7c000000500000000005c53672bc01cf0f609177e3daC:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dllfb69f495-7b65-11e3-bdca-5404a618687d
 
Error: (01/12/2014 00:30:45 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\ASUS\ai suite ii\asus mobilink\simulator\killproc.exe
 
 
**** End of log ****


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 17 January 2014 - 09:30 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point

===

Fix Winsock Manually on Windows 7

1. Open up the command line utility and enter:
(open the run box, type cmd in the search box click ok.

The DOS PROMPT WILL BE SEEN.

type the following at the prompt and hit the Enter key after each entry..

netsh winsock reset

netsh winsock reset catalog

netsh int ip reset reset.log


p.s. I think your can copy and paste each line at the DOS prompt. Hit the enter key.

When all done type EXIT hit the enter key.

Restart the computer normally.

How is it now?

#11 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 22 January 2014 - 03:47 AM

I'm still getting the same error

I did notice on restart, I got a module failed to load "EMFFilter.DLL".



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 22 January 2014 - 09:20 AM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===
 

I did notice on restart, I got a module failed to load "EMFFilter.DLL".


The file was removed by the RogueKiller tool.
There could be some remnant item in the registry that create this error.

I should be able to fix this with this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall


    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============


#13 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 23 January 2014 - 03:19 AM

separate posts, here is TDSSKiller

 

00:09:05.0600 1556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:09:09.0098 1556  ============================================================
00:09:09.0098 1556  Current date / time: 2014/01/23 00:09:09.0098
00:09:09.0098 1556  SystemInfo:
00:09:09.0098 1556  
00:09:09.0098 1556  OS Version: 6.1.7600 ServicePack: 0.0
00:09:09.0098 1556  Product type: Workstation
00:09:09.0098 1556  ComputerName: BLACKBOX
00:09:09.0098 1556  UserName: Daniel Quach
00:09:09.0098 1556  Windows directory: C:\Windows
00:09:09.0098 1556  System windows directory: C:\Windows
00:09:09.0098 1556  Running under WOW64
00:09:09.0098 1556  Processor architecture: Intel x64
00:09:09.0098 1556  Number of processors: 4
00:09:09.0098 1556  Page size: 0x1000
00:09:09.0098 1556  Boot type: Normal boot
00:09:09.0098 1556  ============================================================
00:09:09.0408 1556  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:09.0449 1556  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:09.0461 1556  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:09.0463 1556  ============================================================
00:09:09.0463 1556  \Device\Harddisk0\DR0:
00:09:09.0463 1556  MBR partitions:
00:09:09.0464 1556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:09:09.0464 1556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
00:09:09.0464 1556  \Device\Harddisk2\DR2:
00:09:09.0512 1556  MBR partitions:
00:09:09.0512 1556  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x67F05800
00:09:09.0512 1556  \Device\Harddisk1\DR1:
00:09:09.0512 1556  MBR partitions:
00:09:09.0512 1556  ============================================================
00:09:09.0513 1556  C: <-> \Device\Harddisk0\DR0\Partition2
00:09:09.0782 1556  D: <-> \Device\Harddisk2\DR2\Partition1
00:09:09.0782 1556  ============================================================
00:09:09.0782 1556  Initialize success
00:09:09.0782 1556  ============================================================
00:09:28.0131 3756  ============================================================
00:09:28.0131 3756  Scan started
00:09:28.0131 3756  Mode: Manual; SigCheck; TDLFS; 
00:09:28.0131 3756  ============================================================
00:09:30.0883 3756  ================ Scan system memory ========================
00:09:30.0883 3756  System memory - ok
00:09:30.0883 3756  ================ Scan services =============================
00:09:30.0913 3756  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
00:09:30.0945 3756  1394ohci - ok
00:09:30.0952 3756  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
00:09:30.0962 3756  ACPI - ok
00:09:30.0964 3756  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
00:09:30.0984 3756  AcpiPmi - ok
00:09:30.0993 3756  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:09:31.0005 3756  adp94xx - ok
00:09:31.0011 3756  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:09:31.0021 3756  adpahci - ok
00:09:31.0026 3756  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:09:31.0034 3756  adpu320 - ok
00:09:31.0038 3756  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:09:31.0089 3756  AeLookupSvc - ok
00:09:31.0097 3756  [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD             C:\Windows\system32\drivers\afd.sys
00:09:31.0112 3756  AFD - ok
00:09:31.0115 3756  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
00:09:31.0121 3756  agp440 - ok
00:09:31.0124 3756  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:09:31.0137 3756  ALG - ok
00:09:31.0139 3756  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
00:09:31.0145 3756  aliide - ok
00:09:31.0148 3756  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
00:09:31.0153 3756  amdide - ok
00:09:31.0156 3756  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:09:31.0165 3756  AmdK8 - ok
00:09:31.0168 3756  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:09:31.0176 3756  AmdPPM - ok
00:09:31.0179 3756  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
00:09:31.0186 3756  amdsata - ok
00:09:31.0190 3756  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:09:31.0198 3756  amdsbs - ok
00:09:31.0201 3756  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
00:09:31.0207 3756  amdxata - ok
00:09:31.0210 3756  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
00:09:31.0237 3756  AppID - ok
00:09:31.0240 3756  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:09:31.0263 3756  AppIDSvc - ok
00:09:31.0266 3756  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
00:09:31.0274 3756  Appinfo - ok
00:09:31.0278 3756  [ 1BF11505F97274C4F50ACC21156E57DF ] applewtp        C:\Windows\system32\DRIVERS\applewtp.sys
00:09:31.0287 3756  applewtp ( UnsignedFile.Multi.Generic ) - warning
00:09:31.0287 3756  applewtp - detected UnsignedFile.Multi.Generic (1)
00:09:31.0293 3756  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:09:31.0303 3756  AppMgmt - ok
00:09:31.0306 3756  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:09:31.0313 3756  arc - ok
00:09:31.0316 3756  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:09:31.0322 3756  arcsas - ok
00:09:31.0336 3756  [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
00:09:31.0363 3756  asComSvc - ok
00:09:31.0374 3756  [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
00:09:31.0392 3756  asHmComSvc - ok
00:09:31.0407 3756  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
00:09:31.0416 3756  AsIO - ok
00:09:31.0420 3756  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
00:09:31.0429 3756  asmthub3 - ok
00:09:31.0435 3756  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
00:09:31.0446 3756  asmtxhci - ok
00:09:31.0456 3756  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:09:31.0464 3756  aspnet_state - ok
00:09:31.0473 3756  [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
00:09:31.0485 3756  AsSysCtrlService - ok
00:09:31.0488 3756  [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
00:09:31.0491 3756  AsUpIO - ok
00:09:31.0494 3756  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:31.0517 3756  AsyncMac - ok
00:09:31.0519 3756  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
00:09:31.0524 3756  atapi - ok
00:09:31.0527 3756  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
00:09:31.0537 3756  AthBTPort - ok
00:09:31.0540 3756  [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
00:09:31.0548 3756  ATHDFU - ok
00:09:31.0552 3756  [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:09:31.0563 3756  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
00:09:31.0563 3756  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
00:09:31.0573 3756  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:09:31.0602 3756  AudioEndpointBuilder - ok
00:09:31.0612 3756  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:09:31.0638 3756  AudioSrv - ok
00:09:31.0641 3756  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:09:31.0661 3756  AxInstSV - ok
00:09:31.0669 3756  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:09:31.0683 3756  b06bdrv - ok
00:09:31.0689 3756  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:09:31.0699 3756  b57nd60a - ok
00:09:31.0704 3756  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:09:31.0712 3756  BDESVC - ok
00:09:31.0714 3756  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:09:31.0735 3756  Beep - ok
00:09:31.0746 3756  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
00:09:31.0775 3756  BFE - ok
00:09:31.0787 3756  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
00:09:31.0819 3756  BITS - ok
00:09:31.0822 3756  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:09:31.0830 3756  blbdrive - ok
00:09:31.0833 3756  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:09:31.0842 3756  bowser - ok
00:09:31.0844 3756  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:09:31.0854 3756  BrFiltLo - ok
00:09:31.0857 3756  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:09:31.0866 3756  BrFiltUp - ok
00:09:31.0870 3756  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:09:31.0893 3756  BridgeMP - ok
00:09:31.0897 3756  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
00:09:31.0920 3756  Browser - ok
00:09:31.0926 3756  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:09:31.0939 3756  Brserid - ok
00:09:31.0942 3756  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:09:31.0951 3756  BrSerWdm - ok
00:09:31.0954 3756  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:09:31.0963 3756  BrUsbMdm - ok
00:09:31.0965 3756  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:09:31.0973 3756  BrUsbSer - ok
00:09:31.0979 3756  [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
00:09:31.0990 3756  BTATH_A2DP - ok
00:09:31.0993 3756  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
00:09:31.0999 3756  BTATH_BUS - ok
00:09:32.0004 3756  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:09:32.0014 3756  BTATH_HCRP - ok
00:09:32.0017 3756  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:09:32.0025 3756  BTATH_LWFLT - ok
00:09:32.0029 3756  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
00:09:32.0038 3756  BTATH_RCP - ok
00:09:32.0044 3756  [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
00:09:32.0056 3756  BtFilter - ok
00:09:32.0059 3756  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
00:09:32.0068 3756  BthEnum - ok
00:09:32.0071 3756  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:09:32.0081 3756  BTHMODEM - ok
00:09:32.0084 3756  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:09:32.0095 3756  BthPan - ok
00:09:32.0104 3756  [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
00:09:32.0120 3756  BTHPORT - ok
00:09:32.0123 3756  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:09:32.0146 3756  bthserv - ok
00:09:32.0149 3756  [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
00:09:32.0159 3756  BTHUSB - ok
00:09:32.0163 3756  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:09:32.0186 3756  cdfs - ok
00:09:32.0189 3756  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:09:32.0198 3756  cdrom - ok
00:09:32.0202 3756  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:09:32.0225 3756  CertPropSvc - ok
00:09:32.0227 3756  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:09:32.0237 3756  circlass - ok
00:09:32.0243 3756  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:09:32.0253 3756  CLFS - ok
00:09:32.0258 3756  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:09:32.0266 3756  clr_optimization_v2.0.50727_32 - ok
00:09:32.0271 3756  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:09:32.0279 3756  clr_optimization_v2.0.50727_64 - ok
00:09:32.0285 3756  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:09:32.0302 3756  clr_optimization_v4.0.30319_32 - ok
00:09:32.0308 3756  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:09:32.0320 3756  clr_optimization_v4.0.30319_64 - ok
00:09:32.0323 3756  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:09:32.0330 3756  CmBatt - ok
00:09:32.0333 3756  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
00:09:32.0338 3756  cmdide - ok
00:09:32.0346 3756  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
00:09:32.0361 3756  CNG - ok
00:09:32.0364 3756  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:09:32.0370 3756  Compbatt - ok
00:09:32.0372 3756  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:09:32.0382 3756  CompositeBus - ok
00:09:32.0383 3756  COMSysApp - ok
00:09:32.0387 3756  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:09:32.0393 3756  crcdisk - ok
00:09:32.0398 3756  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:09:32.0422 3756  CryptSvc - ok
00:09:32.0431 3756  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
00:09:32.0445 3756  CSC - ok
00:09:32.0454 3756  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
00:09:32.0469 3756  CscService - ok
00:09:32.0478 3756  [ 428F3F99F1B5D29E5F7FDDDF39C3A638 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:09:32.0487 3756  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
00:09:32.0487 3756  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
00:09:32.0493 3756  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:09:32.0518 3756  defragsvc - ok
00:09:32.0521 3756  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:09:32.0529 3756  DfsC - ok
00:09:32.0535 3756  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:09:32.0562 3756  Dhcp - ok
00:09:32.0565 3756  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:09:32.0587 3756  discache - ok
00:09:32.0591 3756  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:09:32.0596 3756  Disk - ok
00:09:32.0600 3756  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:09:32.0610 3756  Dnscache - ok
00:09:32.0615 3756  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
00:09:32.0640 3756  dot3svc - ok
00:09:32.0644 3756  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
00:09:32.0668 3756  DPS - ok
00:09:32.0671 3756  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:09:32.0680 3756  drmkaud - ok
00:09:32.0687 3756  [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:09:32.0693 3756  dtsoftbus01 - ok
00:09:32.0705 3756  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:09:32.0720 3756  DXGKrnl - ok
00:09:32.0726 3756  [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
00:09:32.0733 3756  e1cexpress - ok
00:09:32.0737 3756  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:09:32.0761 3756  EapHost - ok
00:09:32.0791 3756  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:09:32.0833 3756  ebdrv - ok
00:09:32.0837 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
00:09:32.0845 3756  EFS - ok
00:09:32.0857 3756  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:09:32.0875 3756  ehRecvr - ok
00:09:32.0878 3756  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:09:32.0886 3756  ehSched - ok
00:09:32.0895 3756  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:09:32.0909 3756  elxstor - ok
00:09:32.0911 3756  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
00:09:32.0919 3756  ErrDev - ok
00:09:32.0927 3756  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:09:32.0953 3756  EventSystem - ok
00:09:32.0957 3756  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:09:32.0981 3756  exfat - ok
00:09:32.0986 3756  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:09:33.0011 3756  fastfat - ok
00:09:33.0021 3756  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
00:09:33.0038 3756  Fax - ok
00:09:33.0041 3756  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:09:33.0049 3756  fdc - ok
00:09:33.0051 3756  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:09:33.0074 3756  fdPHost - ok
00:09:33.0077 3756  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:09:33.0099 3756  FDResPub - ok
00:09:33.0102 3756  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:09:33.0108 3756  FileInfo - ok
00:09:33.0111 3756  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:09:33.0134 3756  Filetrace - ok
00:09:33.0136 3756  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:09:33.0143 3756  flpydisk - ok
00:09:33.0149 3756  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:09:33.0158 3756  FltMgr - ok
00:09:33.0173 3756  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
00:09:33.0208 3756  FontCache - ok
00:09:33.0212 3756  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:09:33.0218 3756  FontCache3.0.0.0 - ok
00:09:33.0220 3756  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:09:33.0227 3756  FsDepends - ok
00:09:33.0230 3756  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:09:33.0235 3756  Fs_Rec - ok
00:09:33.0239 3756  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:09:33.0249 3756  fvevol - ok
00:09:33.0252 3756  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:09:33.0258 3756  gagp30kx - ok
00:09:33.0270 3756  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
00:09:33.0290 3756  gpsvc - ok
00:09:33.0293 3756  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:09:33.0302 3756  hcw85cir - ok
00:09:33.0308 3756  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:09:33.0321 3756  HdAudAddService - ok
00:09:33.0325 3756  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:09:33.0334 3756  HDAudBus - ok
00:09:33.0336 3756  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:09:33.0344 3756  HidBatt - ok
00:09:33.0348 3756  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:09:33.0358 3756  HidBth - ok
00:09:33.0361 3756  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:09:33.0370 3756  HidIr - ok
00:09:33.0373 3756  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
00:09:33.0395 3756  hidserv - ok
00:09:33.0398 3756  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:09:33.0405 3756  HidUsb - ok
00:09:33.0408 3756  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:09:33.0431 3756  hkmsvc - ok
00:09:33.0436 3756  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:09:33.0446 3756  HomeGroupListener - ok
00:09:33.0451 3756  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:09:33.0460 3756  HomeGroupProvider - ok
00:09:33.0463 3756  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
00:09:33.0470 3756  HpSAMD - ok
00:09:33.0480 3756  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:09:33.0510 3756  HTTP - ok
00:09:33.0513 3756  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:09:33.0518 3756  hwpolicy - ok
00:09:33.0521 3756  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:09:33.0531 3756  i8042prt - ok
00:09:33.0538 3756  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
00:09:33.0548 3756  iaStorV - ok
00:09:33.0552 3756  [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
00:09:33.0556 3756  ICCWDT - ok
00:09:33.0567 3756  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:09:33.0584 3756  idsvc - ok
00:09:33.0587 3756  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:09:33.0593 3756  iirsp - ok
00:09:33.0605 3756  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
00:09:33.0637 3756  IKEEXT - ok
00:09:33.0642 3756  [ D7B978F4504D3DA95A21002863D0E7EE ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
00:09:33.0649 3756  Intel® PROSet Monitoring Service - ok
00:09:33.0651 3756  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
00:09:33.0657 3756  intelide - ok
00:09:33.0660 3756  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:09:33.0668 3756  intelppm - ok
00:09:33.0671 3756  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:09:33.0695 3756  IPBusEnum - ok
00:09:33.0698 3756  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:09:33.0721 3756  IpFilterDriver - ok
00:09:33.0729 3756  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:09:33.0757 3756  iphlpsvc - ok
00:09:33.0760 3756  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:09:33.0768 3756  IPMIDRV - ok
00:09:33.0772 3756  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:09:33.0795 3756  IPNAT - ok
00:09:33.0797 3756  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:09:33.0807 3756  IRENUM - ok
00:09:33.0810 3756  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
00:09:33.0815 3756  isapnp - ok
00:09:33.0820 3756  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:09:33.0829 3756  iScsiPrt - ok
00:09:33.0832 3756  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:09:33.0837 3756  kbdclass - ok
00:09:33.0840 3756  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:09:33.0848 3756  kbdhid - ok
00:09:33.0851 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
00:09:33.0858 3756  KeyIso - ok
00:09:33.0861 3756  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:09:33.0867 3756  KSecDD - ok
00:09:33.0872 3756  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:09:33.0879 3756  KSecPkg - ok
00:09:33.0881 3756  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:09:33.0902 3756  ksthunk - ok
00:09:33.0908 3756  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:09:33.0935 3756  KtmRm - ok
00:09:33.0940 3756  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:09:33.0950 3756  LanmanServer - ok
00:09:33.0954 3756  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:09:33.0978 3756  LanmanWorkstation - ok
00:09:33.0982 3756  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:09:34.0004 3756  lltdio - ok
00:09:34.0010 3756  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:09:34.0035 3756  lltdsvc - ok
00:09:34.0037 3756  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:09:34.0059 3756  lmhosts - ok
00:09:34.0064 3756  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:09:34.0070 3756  LSI_FC - ok
00:09:34.0074 3756  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:09:34.0081 3756  LSI_SAS - ok
00:09:34.0084 3756  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:09:34.0090 3756  LSI_SAS2 - ok
00:09:34.0093 3756  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:09:34.0100 3756  LSI_SCSI - ok
00:09:34.0103 3756  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:09:34.0126 3756  luafv - ok
00:09:34.0130 3756  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:09:34.0138 3756  Mcx2Svc - ok
00:09:34.0141 3756  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:09:34.0148 3756  megasas - ok
00:09:34.0153 3756  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:09:34.0163 3756  MegaSR - ok
00:09:34.0166 3756  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
00:09:34.0170 3756  MEIx64 - ok
00:09:34.0173 3756  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:09:34.0196 3756  MMCSS - ok
00:09:34.0199 3756  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:09:34.0221 3756  Modem - ok
00:09:34.0224 3756  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:09:34.0232 3756  monitor - ok
00:09:34.0235 3756  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:09:34.0240 3756  mouclass - ok
00:09:34.0243 3756  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:09:34.0251 3756  mouhid - ok
00:09:34.0254 3756  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:09:34.0260 3756  mountmgr - ok
00:09:34.0266 3756  [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
00:09:34.0274 3756  MpFilter - ok
00:09:34.0279 3756  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
00:09:34.0286 3756  mpio - ok
00:09:34.0289 3756  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:09:34.0311 3756  mpsdrv - ok
00:09:34.0322 3756  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:09:34.0354 3756  MpsSvc - ok
00:09:34.0358 3756  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:09:34.0370 3756  MRxDAV - ok
00:09:34.0374 3756  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:09:34.0384 3756  mrxsmb - ok
00:09:34.0389 3756  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:09:34.0399 3756  mrxsmb10 - ok
00:09:34.0403 3756  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:09:34.0411 3756  mrxsmb20 - ok
00:09:34.0413 3756  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
00:09:34.0418 3756  msahci - ok
00:09:34.0422 3756  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
00:09:34.0429 3756  msdsm - ok
00:09:34.0433 3756  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:09:34.0443 3756  MSDTC - ok
00:09:34.0447 3756  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:09:34.0469 3756  Msfs - ok
00:09:34.0471 3756  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:09:34.0493 3756  mshidkmdf - ok
00:09:34.0496 3756  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
00:09:34.0501 3756  msisadrv - ok
00:09:34.0505 3756  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:09:34.0529 3756  MSiSCSI - ok
00:09:34.0531 3756  msiserver - ok
00:09:34.0534 3756  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:09:34.0556 3756  MSKSSRV - ok
00:09:34.0560 3756  [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:09:34.0566 3756  MsMpSvc - ok
00:09:34.0568 3756  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:09:34.0590 3756  MSPCLOCK - ok
00:09:34.0592 3756  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:09:34.0614 3756  MSPQM - ok
00:09:34.0620 3756  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:09:34.0630 3756  MsRPC - ok
00:09:34.0634 3756  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:09:34.0639 3756  mssmbios - ok
00:09:34.0641 3756  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:09:34.0663 3756  MSTEE - ok
00:09:34.0666 3756  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:09:34.0673 3756  MTConfig - ok
00:09:34.0676 3756  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:09:34.0682 3756  Mup - ok
00:09:34.0690 3756  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
00:09:34.0717 3756  napagent - ok
00:09:34.0723 3756  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:09:34.0738 3756  NativeWifiP - ok
00:09:34.0750 3756  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:09:34.0768 3756  NDIS - ok
00:09:34.0771 3756  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:09:34.0793 3756  NdisCap - ok
00:09:34.0796 3756  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:09:34.0818 3756  NdisTapi - ok
00:09:34.0821 3756  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:09:34.0843 3756  Ndisuio - ok
00:09:34.0847 3756  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:34.0871 3756  NdisWan - ok
00:09:34.0874 3756  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:09:34.0897 3756  NDProxy - ok
00:09:34.0900 3756  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:09:34.0921 3756  NetBIOS - ok
00:09:34.0926 3756  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:09:34.0950 3756  NetBT - ok
00:09:34.0953 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
00:09:34.0960 3756  Netlogon - ok
00:09:34.0966 3756  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:09:34.0992 3756  Netman - ok
00:09:34.0995 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:35.0003 3756  NetMsmqActivator - ok
00:09:35.0006 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:35.0011 3756  NetPipeActivator - ok
00:09:35.0018 3756  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:09:35.0045 3756  netprofm - ok
00:09:35.0048 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:35.0053 3756  NetTcpActivator - ok
00:09:35.0056 3756  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:35.0061 3756  NetTcpPortSharing - ok
00:09:35.0064 3756  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:09:35.0070 3756  nfrd960 - ok
00:09:35.0075 3756  [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:09:35.0081 3756  NisDrv - ok
00:09:35.0087 3756  [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
00:09:35.0096 3756  NisSrv - ok
00:09:35.0102 3756  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:09:35.0128 3756  NlaSvc - ok
00:09:35.0131 3756  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:09:35.0153 3756  Npfs - ok
00:09:35.0156 3756  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:09:35.0178 3756  nsi - ok
00:09:35.0180 3756  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:09:35.0202 3756  nsiproxy - ok
00:09:35.0220 3756  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:09:35.0249 3756  Ntfs - ok
00:09:35.0252 3756  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:09:35.0274 3756  Null - ok
00:09:35.0278 3756  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
00:09:35.0284 3756  NVHDA - ok
00:09:35.0400 3756  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:09:35.0539 3756  nvlddmkm - ok
00:09:35.0545 3756  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
00:09:35.0552 3756  nvraid - ok
00:09:35.0557 3756  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
00:09:35.0565 3756  nvstor - ok
00:09:35.0576 3756  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:09:35.0593 3756  nvsvc - ok
00:09:35.0608 3756  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:09:35.0631 3756  nvUpdatusService - ok
00:09:35.0634 3756  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
00:09:35.0641 3756  nv_agp - ok
00:09:35.0645 3756  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
00:09:35.0653 3756  ohci1394 - ok
00:09:35.0659 3756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:09:35.0671 3756  p2pimsvc - ok
00:09:35.0679 3756  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:09:35.0691 3756  p2psvc - ok
00:09:35.0694 3756  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:09:35.0702 3756  Parport - ok
00:09:35.0705 3756  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:09:35.0711 3756  partmgr - ok
00:09:35.0716 3756  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:09:35.0728 3756  PcaSvc - ok
00:09:35.0732 3756  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
00:09:35.0740 3756  pci - ok
00:09:35.0743 3756  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
00:09:35.0748 3756  pciide - ok
00:09:35.0753 3756  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:09:35.0761 3756  pcmcia - ok
00:09:35.0765 3756  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:09:35.0770 3756  pcw - ok
00:09:35.0779 3756  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:09:35.0809 3756  PEAUTH - ok
00:09:35.0824 3756  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:09:35.0846 3756  PeerDistSvc - ok
00:09:35.0863 3756  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:09:35.0871 3756  PerfHost - ok
00:09:35.0890 3756  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
00:09:35.0927 3756  pla - ok
00:09:35.0934 3756  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:09:35.0946 3756  PlugPlay - ok
00:09:35.0949 3756  PnkBstrA - ok
00:09:35.0952 3756  PnkBstrB - ok
00:09:35.0955 3756  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:09:35.0963 3756  PNRPAutoReg - ok
00:09:35.0969 3756  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:09:35.0977 3756  PNRPsvc - ok
00:09:35.0984 3756  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:09:36.0012 3756  PolicyAgent - ok
00:09:36.0017 3756  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:09:36.0041 3756  Power - ok
00:09:36.0045 3756  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:09:36.0067 3756  PptpMiniport - ok
00:09:36.0070 3756  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:09:36.0079 3756  Processor - ok
00:09:36.0084 3756  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
00:09:36.0108 3756  ProfSvc - ok
00:09:36.0111 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
00:09:36.0118 3756  ProtectedStorage - ok
00:09:36.0122 3756  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:09:36.0144 3756  Psched - ok
00:09:36.0160 3756  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:09:36.0188 3756  ql2300 - ok
00:09:36.0191 3756  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:09:36.0199 3756  ql40xx - ok
00:09:36.0204 3756  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:09:36.0217 3756  QWAVE - ok
00:09:36.0219 3756  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:09:36.0230 3756  QWAVEdrv - ok
00:09:36.0232 3756  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:09:36.0254 3756  RasAcd - ok
00:09:36.0257 3756  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:09:37.0435 3756  RasAgileVpn - ok
00:09:37.0438 3756  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:09:37.0462 3756  RasAuto - ok
00:09:37.0466 3756  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:09:37.0490 3756  Rasl2tp - ok
00:09:37.0496 3756  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
00:09:37.0523 3756  RasMan - ok
00:09:37.0526 3756  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:09:37.0549 3756  RasPppoe - ok
00:09:37.0553 3756  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:09:37.0576 3756  RasSstp - ok
00:09:37.0582 3756  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:09:37.0607 3756  rdbss - ok
00:09:37.0610 3756  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:09:37.0619 3756  rdpbus - ok
00:09:37.0621 3756  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:09:37.0643 3756  RDPCDD - ok
00:09:37.0648 3756  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:09:37.0658 3756  RDPDR - ok
00:09:37.0661 3756  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:09:37.0683 3756  RDPENCDD - ok
00:09:37.0686 3756  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:09:37.0708 3756  RDPREFMP - ok
00:09:37.0712 3756  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:09:37.0736 3756  RDPWD - ok
00:09:37.0741 3756  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:09:37.0749 3756  rdyboost - ok
00:09:37.0752 3756  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:09:37.0775 3756  RemoteAccess - ok
00:09:37.0780 3756  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:09:37.0804 3756  RemoteRegistry - ok
00:09:37.0809 3756  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:09:37.0819 3756  RFCOMM - ok
00:09:37.0822 3756  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:09:37.0845 3756  RpcEptMapper - ok
00:09:37.0848 3756  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:09:37.0855 3756  RpcLocator - ok
00:09:37.0863 3756  [ 428F3F99F1B5D29E5F7FDDDF39C3A638 ] RpcSs           C:\Windows\system32\rpcss.dll
00:09:37.0869 3756  RpcSs ( UnsignedFile.Multi.Generic ) - warning
00:09:37.0869 3756  RpcSs - detected UnsignedFile.Multi.Generic (1)
00:09:37.0872 3756  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:09:37.0895 3756  rspndr - ok
00:09:37.0898 3756  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
00:09:37.0906 3756  s3cap - ok
00:09:37.0909 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
00:09:37.0916 3756  SamSs - ok
00:09:37.0920 3756  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
00:09:37.0927 3756  sbp2port - ok
00:09:37.0931 3756  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:09:37.0956 3756  SCardSvr - ok
00:09:37.0958 3756  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:09:37.0980 3756  scfilter - ok
00:09:37.0994 3756  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
00:09:38.0015 3756  Schedule - ok
00:09:38.0018 3756  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:09:38.0039 3756  SCPolicySvc - ok
00:09:38.0044 3756  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:09:38.0053 3756  SDRSVC - ok
00:09:38.0056 3756  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:09:38.0078 3756  secdrv - ok
00:09:38.0081 3756  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
00:09:38.0104 3756  seclogon - ok
00:09:38.0107 3756  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
00:09:38.0130 3756  SENS - ok
00:09:38.0132 3756  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:09:38.0140 3756  SensrSvc - ok
00:09:38.0143 3756  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:09:38.0150 3756  Serenum - ok
00:09:38.0154 3756  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:09:38.0162 3756  Serial - ok
00:09:38.0165 3756  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:09:38.0173 3756  sermouse - ok
00:09:38.0179 3756  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
00:09:38.0202 3756  SessionEnv - ok
00:09:38.0205 3756  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
00:09:38.0214 3756  sffdisk - ok
00:09:38.0217 3756  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:09:38.0226 3756  sffp_mmc - ok
00:09:38.0229 3756  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
00:09:38.0238 3756  sffp_sd - ok
00:09:38.0241 3756  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:09:38.0249 3756  sfloppy - ok
00:09:38.0255 3756  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:09:38.0281 3756  SharedAccess - ok
00:09:38.0287 3756  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:09:38.0303 3756  ShellHWDetection - ok
00:09:38.0306 3756  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:09:38.0312 3756  SiSRaid2 - ok
00:09:38.0315 3756  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:09:38.0321 3756  SiSRaid4 - ok
00:09:38.0326 3756  [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:09:38.0334 3756  SkypeUpdate - ok
00:09:38.0337 3756  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:09:38.0360 3756  Smb - ok
00:09:38.0364 3756  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:09:38.0373 3756  SNMPTRAP - ok
00:09:38.0375 3756  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:09:38.0380 3756  spldr - ok
00:09:38.0390 3756  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
00:09:38.0405 3756  Spooler - ok
00:09:38.0436 3756  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:09:38.0483 3756  sppsvc - ok
00:09:38.0486 3756  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:09:38.0510 3756  sppuinotify - ok
00:09:38.0517 3756  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:09:38.0530 3756  srv - ok
00:09:38.0537 3756  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:09:38.0547 3756  srv2 - ok
00:09:38.0552 3756  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:09:38.0560 3756  srvnet - ok
00:09:38.0565 3756  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:09:38.0589 3756  SSDPSRV - ok
00:09:38.0592 3756  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:09:38.0615 3756  SstpSvc - ok
00:09:38.0624 3756  [ C3D855CC0A8E5E373FDFCF4F743C5C9D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:09:38.0637 3756  Steam Client Service - ok
00:09:38.0644 3756  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:09:38.0653 3756  Stereo Service - ok
00:09:38.0656 3756  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:09:38.0710 3756  stexstor - ok
00:09:38.0719 3756  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
00:09:38.0736 3756  stisvc - ok
00:09:38.0740 3756  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
00:09:38.0745 3756  storflt - ok
00:09:38.0748 3756  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
00:09:38.0756 3756  StorSvc - ok
00:09:38.0759 3756  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
00:09:38.0765 3756  storvsc - ok
00:09:38.0768 3756  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:09:38.0773 3756  swenum - ok
00:09:38.0781 3756  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:09:38.0809 3756  swprv - ok
00:09:38.0828 3756  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
00:09:38.0858 3756  SysMain - ok
00:09:38.0861 3756  szathlwl - ok
00:09:38.0865 3756  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:09:38.0876 3756  TabletInputService - ok
00:09:38.0882 3756  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:09:38.0908 3756  TapiSrv - ok
00:09:38.0911 3756  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:09:38.0934 3756  TBS - ok
00:09:38.0954 3756  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:09:38.0985 3756  Tcpip - ok
00:09:39.0004 3756  [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:09:39.0027 3756  TCPIP6 - ok
00:09:39.0031 3756  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:09:39.0053 3756  tcpipreg - ok
00:09:39.0057 3756  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:09:39.0078 3756  TDPIPE - ok
00:09:39.0081 3756  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:09:39.0135 3756  TDTCP - ok
00:09:39.0139 3756  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:09:39.0161 3756  tdx - ok
00:09:39.0164 3756  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:09:39.0169 3756  TermDD - ok
00:09:39.0180 3756  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
00:09:39.0211 3756  TermService - ok
00:09:39.0214 3756  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:09:39.0225 3756  Themes - ok
00:09:39.0228 3756  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:09:39.0250 3756  THREADORDER - ok
00:09:39.0253 3756  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:09:39.0276 3756  TrkWks - ok
00:09:39.0281 3756  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:09:39.0291 3756  TrustedInstaller - ok
00:09:39.0294 3756  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:09:39.0317 3756  tssecsrv - ok
00:09:39.0321 3756  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:09:39.0344 3756  tunnel - ok
00:09:39.0347 3756  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:09:39.0353 3756  uagp35 - ok
00:09:39.0359 3756  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:09:39.0385 3756  udfs - ok
00:09:39.0390 3756  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:09:39.0398 3756  UI0Detect - ok
00:09:39.0402 3756  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
00:09:39.0409 3756  uliagpkx - ok
00:09:39.0412 3756  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:09:39.0419 3756  umbus - ok
00:09:39.0422 3756  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:09:39.0429 3756  UmPass - ok
00:09:39.0434 3756  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:09:39.0443 3756  UmRdpService - ok
00:09:39.0449 3756  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:09:39.0475 3756  upnphost - ok
00:09:39.0479 3756  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:09:39.0496 3756  usbaudio - ok
00:09:39.0500 3756  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:09:39.0514 3756  usbccgp - ok
00:09:39.0517 3756  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
00:09:39.0527 3756  usbcir - ok
00:09:39.0530 3756  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:09:39.0538 3756  usbehci - ok
00:09:39.0544 3756  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:09:39.0554 3756  usbhub - ok
00:09:39.0557 3756  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
00:09:39.0565 3756  usbohci - ok
00:09:39.0567 3756  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:09:39.0577 3756  usbprint - ok
00:09:39.0580 3756  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:09:39.0589 3756  usbscan - ok
00:09:39.0592 3756  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:09:39.0600 3756  USBSTOR - ok
00:09:39.0603 3756  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:09:39.0610 3756  usbuhci - ok
00:09:39.0613 3756  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:09:39.0636 3756  UxSms - ok
00:09:39.0638 3756  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
00:09:39.0645 3756  VaultSvc - ok
00:09:39.0648 3756  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
00:09:39.0653 3756  vdrvroot - ok
00:09:39.0661 3756  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
00:09:39.0676 3756  vds - ok
00:09:39.0679 3756  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:09:39.0688 3756  vga - ok
00:09:39.0690 3756  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:09:39.0712 3756  VgaSave - ok
00:09:39.0717 3756  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
00:09:39.0725 3756  vhdmp - ok
00:09:39.0728 3756  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
00:09:39.0734 3756  viaide - ok
00:09:39.0738 3756  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
00:09:39.0747 3756  vmbus - ok
00:09:39.0749 3756  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
00:09:39.0756 3756  VMBusHID - ok
00:09:39.0759 3756  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
00:09:39.0765 3756  volmgr - ok
00:09:39.0771 3756  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:09:39.0782 3756  volmgrx - ok
00:09:39.0787 3756  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
00:09:39.0796 3756  volsnap - ok
00:09:39.0801 3756  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:09:39.0808 3756  vsmraid - ok
00:09:39.0825 3756  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
00:09:39.0850 3756  VSS - ok
00:09:39.0853 3756  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:09:39.0862 3756  vwifibus - ok
00:09:39.0868 3756  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:09:39.0894 3756  W32Time - ok
00:09:39.0899 3756  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:09:39.0907 3756  WacomPen - ok
00:09:39.0910 3756  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:09:39.0933 3756  WANARP - ok
00:09:39.0936 3756  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:09:39.0959 3756  Wanarpv6 - ok
00:09:39.0978 3756  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
00:09:40.0002 3756  wbengine - ok
00:09:40.0006 3756  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:09:40.0019 3756  WbioSrvc - ok
00:09:40.0025 3756  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:09:40.0040 3756  wcncsvc - ok
00:09:40.0043 3756  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:09:40.0051 3756  WcsPlugInService - ok
00:09:40.0054 3756  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:09:40.0059 3756  Wd - ok
00:09:40.0068 3756  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:09:40.0083 3756  Wdf01000 - ok
00:09:40.0086 3756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:09:40.0098 3756  WdiServiceHost - ok
00:09:40.0101 3756  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:09:40.0111 3756  WdiSystemHost - ok
00:09:40.0116 3756  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
00:09:40.0129 3756  WebClient - ok
00:09:40.0134 3756  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:09:40.0160 3756  Wecsvc - ok
00:09:40.0163 3756  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:09:40.0186 3756  wercplsupport - ok
00:09:40.0189 3756  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:09:40.0213 3756  WerSvc - ok
00:09:40.0216 3756  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:09:40.0237 3756  WfpLwf - ok
00:09:40.0240 3756  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:09:40.0246 3756  WIMMount - ok
00:09:40.0248 3756  WinDefend - ok
00:09:40.0252 3756  WinHttpAutoProxySvc - ok
00:09:40.0264 3756  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:09:40.0289 3756  Winmgmt - ok
00:09:40.0309 3756  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:09:40.0353 3756  WinRM - ok
00:09:40.0359 3756  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:09:40.0368 3756  WinUsb - ok
00:09:40.0379 3756  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:09:40.0401 3756  Wlansvc - ok
00:09:40.0424 3756  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:09:40.0461 3756  wlidsvc - ok
00:09:40.0464 3756  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:09:40.0471 3756  WmiAcpi - ok
00:09:40.0476 3756  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:09:40.0486 3756  wmiApSrv - ok
00:09:40.0488 3756  WMPNetworkSvc - ok
00:09:40.0491 3756  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:09:40.0499 3756  WPCSvc - ok
00:09:40.0502 3756  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:09:40.0512 3756  WPDBusEnum - ok
00:09:40.0514 3756  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:09:40.0536 3756  ws2ifsl - ok
00:09:40.0540 3756  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
00:09:40.0551 3756  wscsvc - ok
00:09:40.0553 3756  WSearch - ok
00:09:40.0578 3756  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:09:40.0628 3756  wuauserv - ok
00:09:40.0632 3756  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:09:40.0655 3756  WudfPf - ok
00:09:40.0660 3756  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:09:40.0684 3756  WUDFRd - ok
00:09:40.0687 3756  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:09:40.0711 3756  wudfsvc - ok
00:09:40.0716 3756  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:09:40.0729 3756  WwanSvc - ok
00:09:40.0736 3756  ================ Scan global ===============================
00:09:40.0738 3756  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:09:40.0743 3756  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:09:40.0750 3756  [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:09:40.0753 3756  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:09:40.0759 3756  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:09:40.0761 3756  [Global] - ok
00:09:40.0762 3756  ================ Scan MBR ==================================
00:09:40.0763 3756  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:09:40.0868 3756  \Device\Harddisk0\DR0 - ok
00:09:40.0879 3756  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
00:09:44.0981 3756  \Device\Harddisk2\DR2 - ok
00:09:44.0984 3756  [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk1\DR1
00:09:45.0008 3756  \Device\Harddisk1\DR1 - ok
00:09:45.0008 3756  ================ Scan VBR ==================================
00:09:45.0010 3756  [ 3AE16FBA7D0F88333A82DAABBAA24CED ] \Device\Harddisk0\DR0\Partition1
00:09:45.0011 3756  \Device\Harddisk0\DR0\Partition1 - ok
00:09:45.0013 3756  [ 36640A8103A0687F22F0C153FDEC6B38 ] \Device\Harddisk0\DR0\Partition2
00:09:45.0014 3756  \Device\Harddisk0\DR0\Partition2 - ok
00:09:45.0041 3756  [ 81F50A0230BD7160B7F81F84902D72FC ] \Device\Harddisk2\DR2\Partition1
00:09:45.0138 3756  \Device\Harddisk2\DR2\Partition1 - ok
00:09:45.0139 3756  ============================================================
00:09:45.0139 3756  Scan finished
00:09:45.0139 3756  ============================================================
00:09:45.0144 3068  Detected object count: 4
00:09:45.0144 3068  Actual detected object count: 4
00:10:25.0097 3068  applewtp ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:25.0097 3068  applewtp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:10:25.0097 3068  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:25.0097 3068  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:10:25.0098 3068  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:25.0098 3068  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:10:25.0099 3068  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:25.0099 3068  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#14 damonkashu

damonkashu
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 23 January 2014 - 03:22 AM

ComboFix 14-01-22.01 - Daniel Quach 01/23/2014   0:14.4.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.8167.6565 [GMT -8:00]
Running from: d:\users\Daniel Quach\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-23 to 2014-01-23  )))))))))))))))))))))))))))))))
.
.
2014-01-23 08:17 . 2014-01-23 08:17 -------- d-----w- d:\users\UpdatusUser\AppData\Local\temp
2014-01-22 20:24 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B55509AD-7E7C-47BD-AD19-30059C10EF79}\mpengine.dll
2014-01-21 20:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-10 04:26 . 2014-01-10 04:26 -------- d-----w- c:\windows\ERUNT
2014-01-09 06:08 . 2014-01-09 06:14 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-08 05:13 . 2014-01-08 05:13 -------- d-----w- c:\programdata\Malwarebytes
2014-01-08 05:13 . 2014-01-09 06:08 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-08 05:13 . 2014-01-09 06:08 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-08 04:44 . 2014-01-08 04:44 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C43B0F6C-A872-496E-9C65-892F38FFDDED}\gapaengine.dll
2014-01-06 06:15 . 2014-01-06 06:15 -------- d-----w- c:\program files\HitmanPro
2014-01-04 23:23 . 2014-01-04 23:23 -------- d-----w- d:\users\Daniel Quach\AppData\Local\CDWLauncher
2014-01-04 22:29 . 2014-01-04 22:29 -------- d-----w- c:\windows\system32\MRT
2014-01-04 22:25 . 2014-01-04 22:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-01-04 21:56 . 2014-01-04 22:02 -------- d-----w- c:\programdata\HitmanPro
2014-01-04 20:53 . 2014-01-04 20:53 -------- d-----w- d:\users\Daniel Quach\AppData\Roaming\TuneUp Software
2014-01-04 20:51 . 2014-01-04 21:52 -------- d-----w- c:\programdata\MFAData
2014-01-04 20:51 . 2014-01-04 20:51 -------- d--h--w- c:\programdata\Common Files
2014-01-04 20:51 . 2014-01-04 20:51 -------- d-----w- d:\users\Daniel Quach\AppData\Local\MFAData
2014-01-04 20:12 . 2014-01-04 20:12 -------- d---a-w- c:\windows\system32\catroot2.old
2014-01-04 19:36 . 2014-01-11 08:46 -------- d-----w- d:\users\Daniel Quach\AppData\Local\Hzhymedia
2014-01-04 19:34 . 2014-01-04 19:34 -------- d-----w- c:\windows\Sun
2014-01-03 04:43 . 2014-01-03 04:44 -------- d-----w- d:\users\Daniel Quach\AppData\Local\PAYDAY 2
2014-01-03 04:43 . 2014-01-03 04:43 -------- d-----w- c:\program files (x86)\AGEIA Technologies
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2011-12-07 23:34 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 . 428F3F99F1B5D29E5F7FDDDF39C3A638 . 509952 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-07 1815464]
"F.lux"="d:\users\Daniel Quach\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"chromium"="d:\users\Daniel Quach\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
"Hzhymedia Update"="d:\users\Daniel Quach\AppData\Local\Hzhymedia\QtNetwork4.dll" [2014-01-11 809984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]
"Hzhymedia"="c:\windows\system32\config\systemprofile\AppData\Local\Hzhymedia\EMFFilter.DLL" [2013-09-19 598016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 szathlwl;szathlwl;c:\windows\system32\drivers\szathlwl.sys;c:\windows\SYSNATIVE\drivers\szathlwl.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 applewtp;Apple Wireless Trackpad;c:\windows\system32\DRIVERS\applewtp.sys;c:\windows\SYSNATIVE\DRIVERS\applewtp.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 60676369
*Deregistered* - 60676369
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1461491823-1839461868-418585636-1003Core.job
- d:\users\Daniel Quach\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 23:35]
.
2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1461491823-1839461868-418585636-1003UA.job
- d:\users\Daniel Quach\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 23:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
AddRemove-Wubi - f:\ubuntu\uninstall-wubi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-23  00:18:23
ComboFix-quarantined-files.txt  2014-01-23 08:18
ComboFix2.txt  2014-01-05 03:08
ComboFix3.txt  2014-01-04 22:09
.
Pre-Run: 698,523,648 bytes free
Post-Run: 637,112,320 bytes free
.
- - End Of File - - B43235F4774E127459730463E7F89E06
A36C5E4F47E84449FF07ED3517B43A31


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:10 PM

Posted 23 January 2014 - 11:36 AM

Open notepad and copy/paste the text in the quote box below into it:
 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hzhymedia"=-

ClearJavaCache::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users