Jump to content

I'm so infected big time, help


Bearz

Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.54

Windows Vista Service Pack 2 x64

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

System Shield

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 26

Java 6 Update 22

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSASCui.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Common Files Authentium AntiVirus5 vsedsps.exe

Common Files Authentium AntiVirus5 vseamps.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Windows Defender MSASCui.exe

iolo Common Lib ioloServiceManager.exe

iolo System Mechanic Professional System Shield ioloSSTray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0 %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 03:42:03

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Chris - CHRIS-LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\Chris\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit

Deleted on reboot : C:\Users\Chris\AppData\Local\Conduit

Deleted on reboot : C:\Users\Chris\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Ask.com.tmp

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1198 octets] - [10/11/2012 03:42:03]

########## EOF - C:\AdwCleaner[s1].txt - [1258 octets] ##########

Link to post
Share on other sites

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Chris [Admin rights]

Mode : Remove -- Date : 11/10/2012 04:00:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp) -> REPLACED (C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SCSI Disk Device +++++

--- User ---

[MBR] b1a3b188bdba9672fc0e2980a21daeb7

[bSP] ee5cba5ffbe844c74988c3343b4ebe5c : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 293243 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic-Multi-Card USB Device +++++

--- User ---

[MBR] f88b70e514c1edfae01ff8f50a59e496

[bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 137 | Size: 1875 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_D_11102012_02d0400.txt >>

RKreport[1]_S_11102012_02d0359.txt ; RKreport[2]_D_11102012_02d0400.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

  • Staff

Make sure, your settings are correct.

1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)

2. Double click Network Connections (Vista/7 users: Network and Sharing Center)

3. Vista/7 users - From the list of tasks on the left, click Manage network connections.

4. For a wired network connection, right-click Local Area Connection, and then select Properties.

For a wireless network connection, right-click Wireless Network Connection, and then select Properties.

5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties

6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.

7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:

p4491747.gif

Make sure "DNS" tab looks like this:

p4491748.gif

Make sure "WINS" tab looks like this:

p4491749.gif

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.

If you made any changes OK your way out.

Restart computer.

------------------------------------------------

If that doesn't work...

Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.

Reconnect everything.

Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...

Go Start>Run (Start search in Vista), type in:

cmd

Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:

ipconfig /flushdns

ipconfig /registerdns

ipconfig /release

ipconfig /renew

net stop "dns client"

net start "dns client"

Restart computer.

-------------------------------------------------------

If that doesn't work...

Go Start>Run (Start search in Vista and 7), type in:

cmd

Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:

netsh int ip reset reset.log

Hit Enter.

Type in:

netsh winsock reset catalog

Hit Enter.

Restart computer.

Link to post
Share on other sites

Ok, I went down the list completing each item per your instruction, still no luck. Now it shows that computer is connected to internet according to icon on bottom. Am i missing something? On the first list #5 at first box was not checked, so i checked it but when i clicked properties a different dialog box appeared RPC service, if that helps any. Also i wasnt able to open the 3 links on #7 Thanks

Link to post
Share on other sites

ComboFix 12-11-14.01 - Chris 11/14/2012 9:54.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2307 [GMT -8:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\dsgsdgdsgdsgw.pad

c:\programdata\reweivmaet.pad

c:\programdata\vsloops.pad

.

.

((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))

.

.

2012-11-14 18:18 . 2012-11-14 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-03 14:42 . 2012-11-03 14:42 -------- d-----w- c:\users\Chris\AppData\Roaming\Avira

2012-11-03 14:37 . 2012-11-14 03:47 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-03 14:37 . 2012-11-14 03:47 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-03 14:37 . 2012-09-24 16:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-03 10:15 . 2012-10-17 09:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8E658F-48DE-4BED-909B-8E82085DAD9E}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 10:04 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe

2012-10-09 12:14 . 2012-04-09 20:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 12:14 . 2011-06-08 19:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 02:54 . 2010-04-08 15:28 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-23 09:30 . 2012-09-23 09:30 74703 ----a-w- c:\windows\SysWow64\mfc45.dat

2012-09-13 13:45 . 2012-10-10 10:11 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-13 13:28 . 2012-10-10 10:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-29 11:40 . 2012-10-10 10:12 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 16:07 . 2012-10-10 10:11 218624 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 15:53 . 2012-10-10 10:11 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-23 10:04 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-23 10:04 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-23 10:04 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-23 10:04 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-23 10:04 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-23 10:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-23 10:04 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-23 10:04 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-23 10:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-23 10:04 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-23 10:04 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-23 10:04 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-23 10:04 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-23 10:04 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-23 10:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-23 10:04 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-23 10:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-23 10:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-23 10:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-23 10:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-23 10:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-23 10:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]

"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-02-19 866824]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-03-10 232192]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"Lexmark 5600-6600 Series"="c:\program files (x86)\Lexmark 5600-6600 Series\fm3032.exe" [2009-09-04 311976]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-14 384800]

.

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ R/\0???\0\0????\0\0????

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 12:14]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 11:25]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-21 11:25]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258758175-614393232-539768171-1000Core.job

- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-04 05:23]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-258758175-614393232-539768171-1000UA.job

- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-04 05:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2008-11-06 492600]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-01-10 281088]

"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-04-04 818720]

"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2009-09-04 676520]

"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2009-09-04 16040]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com

mDefault_Page_URL = hxxp://www.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.15.1

DPF: {9282A3AA-4954-46B4-B4AE-F086CE3F1110} - hxxp://f06adcf.websamsung.net:8080/activex/regtrustsite.cab

DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://f06adcf.websamsung.net:8080/activex/WebViewer.cab

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)

SafeBoot-AMP

SafeBoot-AMPSE

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

HKLM-Run-PLFSetI - c:\program files (x86)\PLFSetI.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\atashost.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe

.

**************************************************************************

.

Completion time: 2012-11-14 10:40:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-14 18:40

.

Pre-Run: 114,709,360,640 bytes free

Post-Run: 114,037,374,976 bytes free

.

- - End Of File - - 725A79FAEE587A879A83E7A61D1DFE54

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

03:26:56.0412 41016 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

03:26:57.0504 41016 ============================================================

03:26:57.0504 41016 Current date / time: 2012/11/18 03:26:57.0504

03:26:57.0504 41016 SystemInfo:

03:26:57.0504 41016

03:26:57.0504 41016 OS Version: 6.0.6002 ServicePack: 2.0

03:26:57.0504 41016 Product type: Workstation

03:26:57.0504 41016 ComputerName: CHRIS-LAPTOP

03:26:57.0504 41016 UserName: Chris

03:26:57.0504 41016 Windows directory: C:\Windows

03:26:57.0504 41016 System windows directory: C:\Windows

03:26:57.0504 41016 Running under WOW64

03:26:57.0504 41016 Processor architecture: Intel x64

03:26:57.0504 41016 Number of processors: 2

03:26:57.0504 41016 Page size: 0x1000

03:26:57.0504 41016 Boot type: Normal boot

03:26:57.0504 41016 ============================================================

03:26:59.0330 41016 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

03:27:00.0484 41016 Drive \Device\Harddisk1\DR1 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

03:27:00.0484 41016 ============================================================

03:27:00.0484 41016 \Device\Harddisk0\DR0:

03:27:00.0500 41016 MBR partitions:

03:27:00.0500 41016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x23CBD800

03:27:00.0500 41016 \Device\Harddisk1\DR1:

03:27:00.0500 41016 MBR partitions:

03:27:00.0500 41016 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x89, BlocksNum 0x3A9F77

03:27:00.0500 41016 ============================================================

03:27:00.0640 41016 C: <-> \Device\Harddisk0\DR0\Partition1

03:27:00.0640 41016 ============================================================

03:27:00.0640 41016 Initialize success

03:27:00.0640 41016 ============================================================

03:27:25.0616 38764 ============================================================

03:27:25.0616 38764 Scan started

03:27:25.0616 38764 Mode: Manual;

03:27:25.0616 38764 ============================================================

03:27:26.0630 38764 ================ Scan system memory ========================

03:27:26.0630 38764 System memory - ok

03:27:26.0630 38764 ================ Scan services =============================

03:27:26.0895 38764 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

03:27:26.0910 38764 ACDaemon - ok

03:27:27.0488 38764 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

03:27:27.0519 38764 ACPI - ok

03:27:27.0628 38764 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

03:27:27.0628 38764 AdobeARMservice - ok

03:27:28.0080 38764 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

03:27:28.0080 38764 AdobeFlashPlayerUpdateSvc - ok

03:27:28.0330 38764 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

03:27:28.0424 38764 adp94xx - ok

03:27:28.0470 38764 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

03:27:28.0502 38764 adpahci - ok

03:27:28.0595 38764 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

03:27:28.0658 38764 adpu160m - ok

03:27:28.0751 38764 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

03:27:28.0798 38764 adpu320 - ok

03:27:28.0860 38764 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

03:27:28.0892 38764 AeLookupSvc - ok

03:27:28.0938 38764 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

03:27:28.0970 38764 AFD - ok

03:27:28.0985 38764 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

03:27:28.0985 38764 agp440 - ok

03:27:29.0048 38764 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys

03:27:29.0048 38764 ahcix64s - ok

03:27:29.0094 38764 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

03:27:29.0094 38764 aic78xx - ok

03:27:29.0141 38764 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

03:27:29.0157 38764 ALG - ok

03:27:29.0172 38764 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

03:27:29.0172 38764 aliide - ok

03:27:29.0204 38764 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

03:27:29.0204 38764 amdide - ok

03:27:29.0219 38764 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

03:27:29.0219 38764 AmdK8 - ok

03:27:29.0266 38764 [ 6FD5FD2F0E6D779DB19BCA6AADF0EE40 ] AMP C:\Windows\system32\Drivers\amp.sys

03:27:29.0297 38764 AMP - ok

03:27:29.0422 38764 [ 5F8A1F692BC5F68150354C18FD85259E ] AMPSE C:\Windows\system32\Drivers\ampse.sys

03:27:29.0484 38764 AMPSE - ok

03:27:29.0609 38764 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

03:27:29.0609 38764 AntiVirSchedulerService - ok

03:27:29.0672 38764 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

03:27:29.0672 38764 AntiVirService - ok

03:27:29.0828 38764 [ DD3FE8C4554563B7095ADA9AA53001F4 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

03:27:29.0890 38764 ApfiltrService - ok

03:27:29.0952 38764 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

03:27:29.0952 38764 Appinfo - ok

03:27:30.0046 38764 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

03:27:30.0046 38764 Apple Mobile Device - ok

03:27:30.0108 38764 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

03:27:30.0155 38764 arc - ok

03:27:30.0202 38764 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

03:27:30.0202 38764 arcsas - ok

03:27:30.0264 38764 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

03:27:30.0296 38764 AsyncMac - ok

03:27:30.0342 38764 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

03:27:30.0342 38764 atapi - ok

03:27:30.0452 38764 [ 40767B965A8D575D794F1F95E2E017E9 ] atashost C:\Windows\SysWOW64\atashost.exe

03:27:30.0452 38764 atashost - ok

03:27:30.0576 38764 [ 3CC9F98E01E0B4F4657E1149C14EC6E0 ] athr C:\Windows\system32\DRIVERS\athrx.sys

03:27:30.0623 38764 athr - ok

03:27:30.0888 38764 [ 3EFDF3F401B5865AF4DAE40EFF355705 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

03:27:30.0920 38764 Ati External Event Utility - ok

03:27:31.0450 38764 [ C7D2BFBEA0099CE29BAA32EB93DAC434 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

03:27:31.0622 38764 atikmdag - ok

03:27:31.0731 38764 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

03:27:31.0731 38764 AtiPcie - ok

03:27:31.0793 38764 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

03:27:31.0809 38764 AudioEndpointBuilder - ok

03:27:31.0824 38764 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

03:27:31.0824 38764 AudioSrv - ok

03:27:31.0887 38764 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

03:27:31.0949 38764 avgntflt - ok

03:27:31.0980 38764 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

03:27:31.0980 38764 avipbb - ok

03:27:32.0058 38764 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

03:27:32.0105 38764 avkmgr - ok

03:27:32.0152 38764 [ 1777E5AC9FC74F7991B2ABA25EA34759 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

03:27:32.0168 38764 b57nd60a - ok

03:27:32.0370 38764 [ 008E5114255D9BEBCB9F2B2A0229EA98 ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys

03:27:32.0402 38764 bcm - ok

03:27:32.0448 38764 [ BFB7341ACD81EAFA2A42A4DA73DCF1E7 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys

03:27:32.0448 38764 bcmbusctr - ok

03:27:32.0495 38764 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

03:27:32.0526 38764 BFE - ok

03:27:32.0636 38764 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

03:27:32.0667 38764 BITS - ok

03:27:32.0714 38764 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

03:27:32.0729 38764 blbdrive - ok

03:27:32.0776 38764 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

03:27:32.0792 38764 bowser - ok

03:27:32.0807 38764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

03:27:32.0823 38764 BrFiltLo - ok

03:27:32.0854 38764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

03:27:32.0870 38764 BrFiltUp - ok

03:27:32.0901 38764 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

03:27:32.0901 38764 Browser - ok

03:27:32.0916 38764 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

03:27:32.0932 38764 Brserid - ok

03:27:32.0948 38764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

03:27:32.0948 38764 BrSerWdm - ok

03:27:32.0963 38764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

03:27:32.0963 38764 BrUsbMdm - ok

03:27:32.0979 38764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

03:27:32.0979 38764 BrUsbSer - ok

03:27:32.0994 38764 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

03:27:33.0010 38764 BTHMODEM - ok

03:27:33.0041 38764 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys

03:27:33.0072 38764 CAXHWAZL - ok

03:27:33.0088 38764 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

03:27:33.0088 38764 cdfs - ok

03:27:33.0119 38764 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

03:27:33.0119 38764 cdrom - ok

03:27:33.0166 38764 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

03:27:33.0166 38764 CertPropSvc - ok

03:27:33.0182 38764 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

03:27:33.0182 38764 circlass - ok

03:27:33.0228 38764 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

03:27:33.0228 38764 CLFS - ok

03:27:33.0431 38764 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

03:27:33.0431 38764 clr_optimization_v2.0.50727_32 - ok

03:27:33.0494 38764 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

03:27:33.0556 38764 clr_optimization_v2.0.50727_64 - ok

03:27:33.0634 38764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

03:27:33.0634 38764 clr_optimization_v4.0.30319_32 - ok

03:27:33.0759 38764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

03:27:33.0759 38764 clr_optimization_v4.0.30319_64 - ok

03:27:33.0837 38764 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

03:27:33.0899 38764 CmBatt - ok

03:27:33.0930 38764 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

03:27:33.0946 38764 cmdide - ok

03:27:33.0977 38764 [ 08365037E04F9C054CDBA1B07CCCCEEB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

03:27:34.0024 38764 CnxtHdAudService - ok

03:27:34.0055 38764 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

03:27:34.0055 38764 Compbatt - ok

03:27:34.0071 38764 COMSysApp - ok

03:27:34.0118 38764 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

03:27:34.0133 38764 crcdisk - ok

03:27:34.0305 38764 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll

03:27:34.0367 38764 CryptSvc - ok

03:27:34.0617 38764 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

03:27:34.0632 38764 DcomLaunch - ok

03:27:34.0679 38764 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

03:27:34.0710 38764 DfsC - ok

03:27:35.0054 38764 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

03:27:35.0163 38764 DFSR - ok

03:27:35.0225 38764 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

03:27:35.0225 38764 Dhcp - ok

03:27:35.0272 38764 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

03:27:35.0272 38764 disk - ok

03:27:35.0319 38764 [ F655C320762177F39FCD9C85CFCD8BD8 ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys

03:27:35.0334 38764 DKbFltr - ok

03:27:35.0366 38764 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

03:27:35.0397 38764 Dnscache - ok

03:27:35.0444 38764 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

03:27:35.0444 38764 dot3svc - ok

03:27:35.0600 38764 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

03:27:35.0646 38764 Dot4 - ok

03:27:35.0709 38764 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

03:27:35.0740 38764 Dot4Print - ok

03:27:35.0787 38764 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

03:27:35.0787 38764 dot4usb - ok

03:27:35.0818 38764 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

03:27:35.0818 38764 DPS - ok

03:27:35.0849 38764 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

03:27:35.0849 38764 drmkaud - ok

03:27:36.0099 38764 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

03:27:36.0161 38764 DXGKrnl - ok

03:27:36.0208 38764 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

03:27:36.0255 38764 E1G60 - ok

03:27:36.0286 38764 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

03:27:36.0286 38764 EapHost - ok

03:27:36.0348 38764 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

03:27:36.0364 38764 Ecache - ok

03:27:36.0426 38764 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

03:27:36.0442 38764 ehRecvr - ok

03:27:36.0458 38764 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

03:27:36.0473 38764 ehSched - ok

03:27:36.0489 38764 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

03:27:36.0504 38764 ehstart - ok

03:27:36.0551 38764 [ F21A07780BBD64ADEF872F50E8CE2E75 ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys

03:27:36.0582 38764 ElRawDisk - ok

03:27:36.0676 38764 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

03:27:36.0707 38764 elxstor - ok

03:27:36.0754 38764 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

03:27:36.0785 38764 EMDMgmt - ok

03:27:37.0066 38764 [ 083FFA7424767838A5E6E79858B14703 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

03:27:37.0082 38764 ePowerSvc - ok

03:27:37.0160 38764 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

03:27:37.0206 38764 ErrDev - ok

03:27:37.0284 38764 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

03:27:37.0331 38764 EventSystem - ok

03:27:37.0394 38764 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

03:27:37.0394 38764 exfat - ok

03:27:37.0456 38764 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

03:27:37.0472 38764 fastfat - ok

03:27:37.0487 38764 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

03:27:37.0503 38764 fdc - ok

03:27:37.0518 38764 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

03:27:37.0518 38764 fdPHost - ok

03:27:37.0534 38764 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

03:27:37.0534 38764 FDResPub - ok

03:27:37.0550 38764 FileDisk - ok

03:27:37.0550 38764 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

03:27:37.0565 38764 FileInfo - ok

03:27:37.0581 38764 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

03:27:37.0581 38764 Filetrace - ok

03:27:37.0581 38764 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

03:27:37.0596 38764 flpydisk - ok

03:27:37.0612 38764 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

03:27:37.0612 38764 FltMgr - ok

03:27:37.0674 38764 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

03:27:37.0706 38764 FontCache - ok

03:27:37.0799 38764 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

03:27:37.0862 38764 FontCache3.0.0.0 - ok

03:27:37.0893 38764 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

03:27:37.0893 38764 fssfltr - ok

03:27:38.0033 38764 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

03:27:38.0127 38764 fsssvc - ok

03:27:38.0205 38764 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

03:27:38.0236 38764 Fs_Rec - ok

03:27:38.0267 38764 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

03:27:38.0267 38764 gagp30kx - ok

03:27:38.0564 38764 [ 73A2EC1A8DD15F85F92F8AC303A7E39B ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

03:27:38.0579 38764 GameConsoleService - ok

03:27:38.0704 38764 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

03:27:38.0720 38764 gpsvc - ok

03:27:38.0829 38764 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

03:27:38.0844 38764 gupdate - ok

03:27:39.0000 38764 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

03:27:39.0000 38764 gupdatem - ok

03:27:39.0125 38764 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

03:27:39.0188 38764 gusvc - ok

03:27:39.0234 38764 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

03:27:39.0250 38764 HdAudAddService - ok

03:27:39.0312 38764 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

03:27:39.0359 38764 HDAudBus - ok

03:27:39.0437 38764 [ 68214C82FA6222591873677A72DF2A66 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

03:27:39.0453 38764 HidBatt - ok

03:27:39.0484 38764 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

03:27:39.0500 38764 HidBth - ok

03:27:39.0515 38764 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

03:27:39.0515 38764 HidIr - ok

03:27:39.0562 38764 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll

03:27:39.0578 38764 hidserv - ok

03:27:39.0609 38764 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

03:27:39.0609 38764 HidUsb - ok

03:27:39.0640 38764 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

03:27:39.0640 38764 hkmsvc - ok

03:27:39.0656 38764 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

03:27:39.0656 38764 HpCISSs - ok

03:27:39.0702 38764 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS

03:27:39.0718 38764 HSFHWAZL - ok

03:27:39.0765 38764 [ 14492080EC1C7FF89673A98F0E6162F1 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll

03:27:39.0765 38764 HsfXAudioService - ok

03:27:40.0155 38764 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys

03:27:40.0248 38764 HSF_DPV - ok

03:27:40.0498 38764 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

03:27:40.0529 38764 HTTP - ok

03:27:40.0576 38764 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

03:27:40.0592 38764 i2omp - ok

03:27:40.0607 38764 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

03:27:40.0607 38764 i8042prt - ok

03:27:40.0638 38764 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

03:27:40.0654 38764 iaStorV - ok

03:27:40.0716 38764 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

03:27:40.0748 38764 idsvc - ok

03:27:40.0779 38764 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

03:27:40.0779 38764 iirsp - ok

03:27:40.0826 38764 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

03:27:40.0857 38764 IKEEXT - ok

03:27:40.0888 38764 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

03:27:40.0904 38764 intelide - ok

03:27:40.0919 38764 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

03:27:40.0919 38764 intelppm - ok

03:27:41.0044 38764 [ 440A02FA25BE8DCCD2103D820036EDA1 ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

03:27:41.0060 38764 ioloSystemService - ok

03:27:41.0138 38764 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

03:27:41.0169 38764 IPBusEnum - ok

03:27:41.0216 38764 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

03:27:41.0231 38764 IpFilterDriver - ok

03:27:41.0340 38764 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

03:27:41.0356 38764 iphlpsvc - ok

03:27:41.0356 38764 IpInIp - ok

03:27:41.0403 38764 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

03:27:41.0418 38764 IPMIDRV - ok

03:27:41.0450 38764 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

03:27:41.0465 38764 IPNAT - ok

03:27:41.0481 38764 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

03:27:41.0481 38764 IRENUM - ok

03:27:41.0512 38764 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

03:27:41.0512 38764 isapnp - ok

03:27:41.0637 38764 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

03:27:41.0699 38764 iScsiPrt - ok

03:27:41.0762 38764 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

03:27:41.0777 38764 iteatapi - ok

03:27:41.0824 38764 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

03:27:41.0840 38764 iteraid - ok

03:27:41.0996 38764 [ 54D14E71DCC55D22CF9A7F4D52A654B6 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

03:27:42.0042 38764 k57nd60a - ok

03:27:42.0089 38764 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

03:27:42.0105 38764 kbdclass - ok

03:27:42.0120 38764 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

03:27:42.0120 38764 kbdhid - ok

03:27:42.0230 38764 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

03:27:42.0276 38764 KeyIso - ok

03:27:42.0339 38764 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

03:27:42.0354 38764 KSecDD - ok

03:27:42.0401 38764 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

03:27:42.0401 38764 ksthunk - ok

03:27:42.0542 38764 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

03:27:42.0573 38764 KtmRm - ok

03:27:42.0620 38764 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll

03:27:42.0635 38764 LanmanServer - ok

03:27:42.0744 38764 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

03:27:42.0744 38764 LanmanWorkstation - ok

03:27:42.0791 38764 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

03:27:42.0807 38764 lltdio - ok

03:27:42.0854 38764 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

03:27:42.0869 38764 lltdsvc - ok

03:27:42.0885 38764 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

03:27:42.0885 38764 lmhosts - ok

03:27:42.0932 38764 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

03:27:42.0947 38764 LSI_FC - ok

03:27:42.0978 38764 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

03:27:42.0978 38764 LSI_SAS - ok

03:27:43.0010 38764 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

03:27:43.0010 38764 LSI_SCSI - ok

03:27:43.0025 38764 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

03:27:43.0025 38764 luafv - ok

03:27:43.0150 38764 [ 4208B958E35F0E596AA241EFB664636B ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe

03:27:43.0212 38764 lxduCATSCustConnectService - ok

03:27:43.0228 38764 lxdu_device - ok

03:27:43.0290 38764 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

03:27:43.0290 38764 MBAMProtector - ok

03:27:43.0462 38764 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

03:27:43.0478 38764 MBAMScheduler - ok

03:27:43.0618 38764 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

03:27:43.0618 38764 MBAMService - ok

03:27:43.0743 38764 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

03:27:43.0758 38764 Mcx2Svc - ok

03:27:43.0805 38764 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

03:27:43.0836 38764 mdmxsdk - ok

03:27:43.0868 38764 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

03:27:43.0883 38764 megasas - ok

03:27:43.0914 38764 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

03:27:43.0930 38764 MegaSR - ok

03:27:43.0961 38764 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

03:27:43.0961 38764 MMCSS - ok

03:27:43.0977 38764 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

03:27:43.0992 38764 Modem - ok

03:27:44.0008 38764 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

03:27:44.0008 38764 monitor - ok

03:27:44.0024 38764 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

03:27:44.0039 38764 mouclass - ok

03:27:44.0055 38764 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

03:27:44.0070 38764 mouhid - ok

03:27:44.0086 38764 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

03:27:44.0086 38764 MountMgr - ok

03:27:44.0102 38764 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

03:27:44.0133 38764 mpio - ok

03:27:44.0148 38764 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

03:27:44.0180 38764 mpsdrv - ok

03:27:44.0367 38764 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

03:27:44.0398 38764 MpsSvc - ok

03:27:44.0429 38764 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

03:27:44.0429 38764 Mraid35x - ok

03:27:44.0460 38764 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

03:27:44.0460 38764 MRxDAV - ok

03:27:44.0523 38764 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

03:27:44.0554 38764 mrxsmb - ok

03:27:44.0694 38764 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

03:27:44.0710 38764 mrxsmb10 - ok

03:27:44.0741 38764 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

03:27:44.0741 38764 mrxsmb20 - ok

03:27:44.0788 38764 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys

03:27:44.0788 38764 msahci - ok

03:27:44.0850 38764 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

03:27:44.0913 38764 msdsm - ok

03:27:44.0960 38764 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

03:27:44.0960 38764 MSDTC - ok

03:27:44.0991 38764 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

03:27:44.0991 38764 Msfs - ok

03:27:45.0038 38764 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

03:27:45.0038 38764 msisadrv - ok

03:27:45.0162 38764 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

03:27:45.0194 38764 MSiSCSI - ok

03:27:45.0225 38764 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

03:27:45.0240 38764 MSKSSRV - ok

03:27:45.0256 38764 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

03:27:45.0256 38764 MSPCLOCK - ok

03:27:45.0287 38764 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

03:27:45.0287 38764 MSPQM - ok

03:27:45.0334 38764 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

03:27:45.0334 38764 MsRPC - ok

03:27:45.0350 38764 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

03:27:45.0365 38764 mssmbios - ok

03:27:45.0381 38764 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

03:27:45.0381 38764 MSTEE - ok

03:27:45.0412 38764 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

03:27:45.0412 38764 Mup - ok

03:27:45.0459 38764 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

03:27:45.0474 38764 napagent - ok

03:27:45.0521 38764 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

03:27:45.0537 38764 NativeWifiP - ok

03:27:45.0740 38764 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

03:27:45.0771 38764 NDIS - ok

03:27:45.0818 38764 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

03:27:45.0818 38764 NdisTapi - ok

03:27:45.0864 38764 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

03:27:45.0911 38764 Ndisuio - ok

03:27:45.0974 38764 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

03:27:46.0005 38764 NdisWan - ok

03:27:46.0036 38764 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

03:27:46.0036 38764 NDProxy - ok

03:27:46.0067 38764 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

03:27:46.0067 38764 Net Driver HPZ12 - ok

03:27:46.0083 38764 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

03:27:46.0083 38764 NetBIOS - ok

03:27:46.0145 38764 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

03:27:46.0161 38764 netbt - ok

03:27:46.0208 38764 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

03:27:46.0208 38764 Netlogon - ok

03:27:46.0379 38764 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

03:27:46.0395 38764 Netman - ok

03:27:46.0457 38764 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

03:27:46.0488 38764 netprofm - ok

03:27:46.0520 38764 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

03:27:46.0535 38764 NetTcpPortSharing - ok

03:27:46.0566 38764 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

03:27:46.0566 38764 nfrd960 - ok

03:27:46.0582 38764 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

03:27:46.0598 38764 NlaSvc - ok

03:27:46.0832 38764 [ CD569FA91EC6F59D045C19D0D3850F44 ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

03:27:46.0847 38764 nmservice - ok

03:27:46.0972 38764 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

03:27:46.0972 38764 Npfs - ok

03:27:47.0066 38764 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

03:27:47.0066 38764 nsi - ok

03:27:47.0112 38764 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

03:27:47.0128 38764 nsiproxy - ok

03:27:47.0393 38764 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

03:27:47.0518 38764 Ntfs - ok

03:27:47.0690 38764 [ 952BF6DFC96E3E94D1D88FD0B78EC443 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

03:27:47.0690 38764 NTI IScheduleSvc - ok

03:27:47.0752 38764 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys

03:27:47.0768 38764 NTIDrvr - ok

03:27:47.0799 38764 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

03:27:47.0814 38764 Null - ok

03:27:47.0908 38764 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

03:27:47.0955 38764 nvraid - ok

03:27:48.0002 38764 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

03:27:48.0002 38764 nvstor - ok

03:27:48.0048 38764 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

03:27:48.0080 38764 nv_agp - ok

03:27:48.0095 38764 NwlnkFlt - ok

03:27:48.0111 38764 NwlnkFwd - ok

03:27:48.0267 38764 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

03:27:48.0282 38764 odserv - ok

03:27:48.0329 38764 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

03:27:48.0329 38764 ohci1394 - ok

03:27:48.0423 38764 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

03:27:48.0423 38764 ose - ok

03:27:48.0501 38764 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

03:27:48.0532 38764 p2pimsvc - ok

03:27:48.0579 38764 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

03:27:48.0594 38764 p2psvc - ok

03:27:48.0672 38764 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

03:27:48.0688 38764 Parport - ok

03:27:48.0750 38764 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

03:27:48.0750 38764 partmgr - ok

03:27:48.0782 38764 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

03:27:48.0813 38764 PcaSvc - ok

03:27:48.0906 38764 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

03:27:48.0953 38764 pci - ok

03:27:49.0016 38764 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys

03:27:49.0031 38764 pciide - ok

03:27:49.0062 38764 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

03:27:49.0078 38764 pcmcia - ok

03:27:49.0094 38764 PCTINDIS5X64 - ok

03:27:49.0265 38764 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

03:27:49.0359 38764 PEAUTH - ok

03:27:49.0421 38764 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

03:27:49.0437 38764 PerfHost - ok

03:27:49.0749 38764 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

03:27:49.0811 38764 pla - ok

03:27:49.0998 38764 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

03:27:50.0030 38764 PlugPlay - ok

03:27:50.0092 38764 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

03:27:50.0108 38764 Pml Driver HPZ12 - ok

03:27:50.0139 38764 [ F1965AE69FDB4C6D9FFECEB2C12F7898 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys

03:27:50.0154 38764 pnarp - ok

03:27:50.0186 38764 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

03:27:50.0201 38764 PNRPAutoReg - ok

03:27:50.0357 38764 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

03:27:50.0357 38764 PNRPsvc - ok

03:27:50.0404 38764 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

03:27:50.0435 38764 PolicyAgent - ok

03:27:50.0498 38764 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

03:27:50.0544 38764 PptpMiniport - ok

03:27:50.0591 38764 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys

03:27:50.0622 38764 Processor - ok

03:27:50.0654 38764 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

03:27:50.0669 38764 ProfSvc - ok

03:27:50.0716 38764 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

03:27:50.0716 38764 ProtectedStorage - ok

03:27:50.0841 38764 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

03:27:50.0841 38764 PSched - ok

03:27:50.0950 38764 [ EC7333FC339FC6A1F9BB3E50AD9B13C6 ] purendis C:\Windows\system32\DRIVERS\purendis.sys

03:27:51.0012 38764 purendis - ok

03:27:51.0122 38764 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

03:27:51.0184 38764 ql2300 - ok

03:27:51.0215 38764 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

03:27:51.0215 38764 ql40xx - ok

03:27:51.0324 38764 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

03:27:51.0371 38764 QWAVE - ok

03:27:51.0418 38764 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

03:27:51.0449 38764 QWAVEdrv - ok

03:27:51.0480 38764 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

03:27:51.0480 38764 RasAcd - ok

03:27:51.0512 38764 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

03:27:51.0512 38764 RasAuto - ok

03:27:51.0590 38764 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

03:27:51.0636 38764 Rasl2tp - ok

03:27:51.0761 38764 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

03:27:51.0777 38764 RasMan - ok

03:27:51.0824 38764 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

03:27:51.0855 38764 RasPppoe - ok

03:27:51.0933 38764 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

03:27:51.0964 38764 RasSstp - ok

03:27:52.0104 38764 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

03:27:52.0104 38764 rdbss - ok

03:27:52.0182 38764 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

03:27:52.0198 38764 RDPCDD - ok

03:27:52.0245 38764 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

03:27:52.0245 38764 rdpdr - ok

03:27:52.0276 38764 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

03:27:52.0276 38764 RDPENCDD - ok

03:27:52.0463 38764 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

03:27:52.0479 38764 RDPWD - ok

03:27:52.0541 38764 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

03:27:52.0541 38764 RemoteAccess - ok

03:27:52.0588 38764 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

03:27:52.0619 38764 RemoteRegistry - ok

03:27:52.0666 38764 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

03:27:52.0697 38764 RpcLocator - ok

03:27:52.0900 38764 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

03:27:52.0916 38764 RpcSs - ok

03:27:52.0962 38764 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

03:27:52.0978 38764 rspndr - ok

03:27:53.0009 38764 [ 39E74E264338934DBF11F8DB79A3E116 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS

03:27:53.0025 38764 RTSTOR - ok

03:27:53.0040 38764 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

03:27:53.0040 38764 SamSs - ok

03:27:53.0072 38764 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

03:27:53.0072 38764 sbp2port - ok

03:27:53.0181 38764 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

03:27:53.0196 38764 SCardSvr - ok

03:27:53.0462 38764 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

03:27:53.0477 38764 Schedule - ok

03:27:53.0555 38764 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

03:27:53.0555 38764 SCPolicySvc - ok

03:27:53.0696 38764 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

03:27:53.0711 38764 SDRSVC - ok

03:27:53.0758 38764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

03:27:53.0774 38764 secdrv - ok

03:27:53.0789 38764 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

03:27:53.0820 38764 seclogon - ok

03:27:53.0852 38764 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

03:27:53.0898 38764 SENS - ok

03:27:53.0930 38764 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

03:27:53.0930 38764 Serenum - ok

03:27:53.0961 38764 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

03:27:53.0961 38764 Serial - ok

03:27:53.0992 38764 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

03:27:53.0992 38764 sermouse - ok

03:27:54.0039 38764 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

03:27:54.0039 38764 SessionEnv - ok

03:27:54.0054 38764 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

03:27:54.0054 38764 sffdisk - ok

03:27:54.0086 38764 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

03:27:54.0086 38764 sffp_mmc - ok

03:27:54.0101 38764 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

03:27:54.0101 38764 sffp_sd - ok

03:27:54.0117 38764 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

03:27:54.0117 38764 sfloppy - ok

03:27:54.0164 38764 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

03:27:54.0164 38764 SharedAccess - ok

03:27:54.0226 38764 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

03:27:54.0226 38764 ShellHWDetection - ok

03:27:54.0242 38764 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

03:27:54.0257 38764 SiSRaid2 - ok

03:27:54.0273 38764 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

03:27:54.0288 38764 SiSRaid4 - ok

03:27:54.0507 38764 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

03:27:54.0632 38764 slsvc - ok

03:27:54.0725 38764 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

03:27:54.0725 38764 SLUINotify - ok

03:27:54.0788 38764 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

03:27:54.0803 38764 Smb - ok

03:27:54.0834 38764 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

03:27:54.0850 38764 SNMPTRAP - ok

03:27:54.0897 38764 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

03:27:54.0897 38764 spldr - ok

03:27:55.0053 38764 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

03:27:55.0053 38764 Spooler - ok

03:27:55.0146 38764 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

03:27:55.0178 38764 srv - ok

03:27:55.0209 38764 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

03:27:55.0209 38764 srv2 - ok

03:27:55.0256 38764 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

03:27:55.0256 38764 srvnet - ok

03:27:55.0302 38764 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

03:27:55.0302 38764 SSDPSRV - ok

03:27:55.0318 38764 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

03:27:55.0318 38764 SstpSvc - ok

03:27:55.0443 38764 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

03:27:55.0536 38764 stisvc - ok

03:27:55.0583 38764 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

03:27:55.0583 38764 swenum - ok

03:27:55.0724 38764 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

03:27:55.0739 38764 swprv - ok

03:27:55.0770 38764 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

03:27:55.0786 38764 Symc8xx - ok

03:27:55.0802 38764 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

03:27:55.0833 38764 Sym_hi - ok

03:27:55.0864 38764 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

03:27:55.0864 38764 Sym_u3 - ok

03:27:55.0989 38764 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

03:27:56.0067 38764 SysMain - ok

03:27:56.0114 38764 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

03:27:56.0129 38764 TabletInputService - ok

03:27:56.0207 38764 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

03:27:56.0238 38764 TapiSrv - ok

03:27:56.0254 38764 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

03:27:56.0270 38764 TBS - ok

03:27:56.0535 38764 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

03:27:56.0613 38764 Tcpip - ok

03:27:56.0831 38764 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

03:27:56.0847 38764 Tcpip6 - ok

03:27:56.0894 38764 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

03:27:56.0909 38764 tcpipreg - ok

03:27:56.0956 38764 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

03:27:56.0956 38764 TDPIPE - ok

03:27:56.0987 38764 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

03:27:56.0987 38764 TDTCP - ok

03:27:57.0034 38764 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

03:27:57.0081 38764 tdx - ok

03:27:57.0143 38764 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

03:27:57.0159 38764 TermDD - ok

03:27:57.0299 38764 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

03:27:57.0330 38764 TermService - ok

03:27:57.0362 38764 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

03:27:57.0377 38764 Themes - ok

03:27:57.0408 38764 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

03:27:57.0408 38764 THREADORDER - ok

03:27:57.0455 38764 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

03:27:57.0486 38764 TrkWks - ok

03:27:57.0518 38764 [ 9BF9E809FBB2D5D0403B32B15ABE5F30 ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys

03:27:57.0518 38764 TrojanKillerDriver - ok

03:27:57.0627 38764 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

03:27:57.0627 38764 TrustedInstaller - ok

03:27:57.0689 38764 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

03:27:57.0689 38764 tssecsrv - ok

03:27:57.0720 38764 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

03:27:57.0752 38764 tunmp - ok

03:27:57.0798 38764 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

03:27:57.0798 38764 tunnel - ok

03:27:57.0908 38764 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

03:27:57.0939 38764 uagp35 - ok

03:27:57.0986 38764 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

03:27:57.0986 38764 UBHelper - ok

03:27:58.0157 38764 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

03:27:58.0188 38764 udfs - ok

03:27:58.0251 38764 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

03:27:58.0251 38764 UI0Detect - ok

03:27:58.0282 38764 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

03:27:58.0282 38764 uliagpkx - ok

03:27:58.0313 38764 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

03:27:58.0329 38764 uliahci - ok

03:27:58.0360 38764 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

03:27:58.0360 38764 UlSata - ok

03:27:58.0391 38764 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

03:27:58.0391 38764 ulsata2 - ok

03:27:58.0407 38764 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

03:27:58.0422 38764 umbus - ok

03:27:58.0610 38764 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

03:27:58.0625 38764 upnphost - ok

03:27:58.0672 38764 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

03:27:58.0688 38764 usbccgp - ok

03:27:58.0734 38764 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

03:27:58.0734 38764 usbcir - ok

03:27:58.0766 38764 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

03:27:58.0766 38764 usbehci - ok

03:27:58.0797 38764 [ 8FEC71666ABA7114F9CAB9E56065EC80 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

03:27:58.0828 38764 usbfilter - ok

03:27:58.0875 38764 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

03:27:58.0937 38764 usbhub - ok

03:27:58.0968 38764 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

03:27:58.0968 38764 usbohci - ok

03:27:59.0000 38764 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

03:27:59.0015 38764 usbprint - ok

03:27:59.0109 38764 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

03:27:59.0109 38764 usbscan - ok

03:27:59.0171 38764 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

03:27:59.0187 38764 USBSTOR - ok

03:27:59.0249 38764 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

03:27:59.0249 38764 usbuhci - ok

03:27:59.0265 38764 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

03:27:59.0280 38764 usbvideo - ok

03:27:59.0327 38764 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

03:27:59.0343 38764 UxSms - ok

03:27:59.0405 38764 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

03:27:59.0421 38764 vds - ok

03:27:59.0452 38764 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

03:27:59.0468 38764 vga - ok

03:27:59.0499 38764 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

03:27:59.0499 38764 VgaSave - ok

03:27:59.0514 38764 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

03:27:59.0514 38764 viaide - ok

03:27:59.0530 38764 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

03:27:59.0546 38764 volmgr - ok

03:27:59.0577 38764 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

03:27:59.0608 38764 volmgrx - ok

03:27:59.0639 38764 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys

03:27:59.0639 38764 volsnap - ok

03:27:59.0842 38764 [ D358BF81F109B08708E7D1038C54DB83 ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

03:27:59.0842 38764 vseamps - ok

03:27:59.0904 38764 [ 33F3F69F0290E74EB3A5D948670174C7 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

03:27:59.0904 38764 vsedsps - ok

03:27:59.0982 38764 [ C643EBF274FFA93F38B294C61AD489E2 ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

03:27:59.0998 38764 vseqrts - ok

03:28:00.0045 38764 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

03:28:00.0045 38764 vsmraid - ok

03:28:00.0294 38764 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

03:28:00.0357 38764 VSS - ok

03:28:00.0388 38764 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

03:28:00.0419 38764 W32Time - ok

03:28:00.0466 38764 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

03:28:00.0466 38764 WacomPen - ok

03:28:00.0513 38764 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

03:28:00.0528 38764 Wanarp - ok

03:28:00.0544 38764 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

03:28:00.0544 38764 Wanarpv6 - ok

03:28:00.0762 38764 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

03:28:00.0778 38764 wcncsvc - ok

03:28:00.0825 38764 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

03:28:00.0840 38764 WcsPlugInService - ok

03:28:00.0856 38764 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

03:28:00.0856 38764 Wd - ok

03:28:00.0903 38764 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

03:28:00.0934 38764 Wdf01000 - ok

03:28:00.0950 38764 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

03:28:00.0950 38764 WdiServiceHost - ok

03:28:00.0965 38764 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

03:28:00.0965 38764 WdiSystemHost - ok

03:28:00.0996 38764 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

03:28:01.0012 38764 WebClient - ok

03:28:01.0043 38764 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

03:28:01.0074 38764 Wecsvc - ok

03:28:01.0090 38764 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

03:28:01.0090 38764 wercplsupport - ok

03:28:01.0106 38764 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

03:28:01.0121 38764 WerSvc - ok

03:28:01.0152 38764 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys

03:28:01.0184 38764 winachsf - ok

03:28:01.0215 38764 WinDefend - ok

03:28:01.0230 38764 WinHttpAutoProxySvc - ok

03:28:01.0418 38764 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

03:28:01.0433 38764 Winmgmt - ok

03:28:01.0683 38764 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

03:28:01.0761 38764 WinRM - ok

03:28:02.0026 38764 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

03:28:02.0057 38764 Wlansvc - ok

03:28:02.0151 38764 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

03:28:02.0166 38764 wlcrasvc - ok

03:28:02.0478 38764 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

03:28:02.0510 38764 wlidsvc - ok

03:28:02.0681 38764 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

03:28:02.0697 38764 WmiAcpi - ok

03:28:02.0915 38764 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

03:28:02.0946 38764 wmiApSrv - ok

03:28:02.0993 38764 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

03:28:03.0009 38764 WPCSvc - ok

03:28:03.0056 38764 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

03:28:03.0056 38764 WPDBusEnum - ok

03:28:03.0102 38764 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

03:28:03.0149 38764 WpdUsb - ok

03:28:03.0524 38764 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

03:28:03.0570 38764 WPFFontCache_v0400 - ok

03:28:03.0617 38764 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

03:28:03.0617 38764 ws2ifsl - ok

03:28:03.0648 38764 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll

03:28:03.0648 38764 wscsvc - ok

03:28:03.0664 38764 WSearch - ok

03:28:03.0898 38764 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

03:28:03.0960 38764 wuauserv - ok

03:28:04.0007 38764 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

03:28:04.0007 38764 WUDFRd - ok

03:28:04.0054 38764 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

03:28:04.0054 38764 wudfsvc - ok

03:28:04.0085 38764 [ C22B223CC6D58E921D78E173172F66F5 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys

03:28:04.0085 38764 XAudio - ok

03:28:04.0116 38764 ================ Scan global ===============================

03:28:04.0163 38764 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

03:28:04.0350 38764 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

03:28:04.0460 38764 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

03:28:04.0709 38764 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

03:28:04.0725 38764 [Global] - ok

03:28:04.0725 38764 ================ Scan MBR ==================================

03:28:04.0772 38764 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0

03:28:08.0609 38764 \Device\Harddisk0\DR0 - ok

03:28:09.0311 38764 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

03:28:09.0389 38764 \Device\Harddisk1\DR1 - ok

03:28:09.0405 38764 ================ Scan VBR ==================================

03:28:09.0467 38764 [ 1BF8108E3C6212022A20F54A9F3F087C ] \Device\Harddisk0\DR0\Partition1

03:28:09.0561 38764 \Device\Harddisk0\DR0\Partition1 - ok

03:28:09.0576 38764 [ 7333DBE641399873AEEC60CA83FB0362 ] \Device\Harddisk1\DR1\Partition1

03:28:09.0576 38764 \Device\Harddisk1\DR1\Partition1 - ok

03:28:09.0576 38764 ============================================================

03:28:09.0592 38764 Scan finished

03:28:09.0592 38764 ============================================================

03:28:09.0623 40716 Detected object count: 0

03:28:09.0623 40716 Actual detected object count: 0

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-18 03:42:58

-----------------------------

03:42:58.515 OS Version: Windows x64 6.0.6002 Service Pack 2

03:42:58.515 Number of processors: 2 586 0x301

03:42:58.515 ComputerName: CHRIS-LAPTOP UserName: Chris

03:43:00.917 Initialize success

03:47:30.303 AVAST engine defs: 12111800

03:48:31.408 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f

03:48:31.424 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 8

03:48:31.455 Disk 0 MBR read successfully

03:48:31.470 Disk 0 MBR scan

03:48:31.502 Disk 0 unknown MBR code

03:48:31.533 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048

03:48:31.564 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293243 MB offset 24578048

03:48:31.611 Disk 0 scanning C:\Windows\system32\drivers

03:49:00.112 Service scanning

03:49:46.740 Modules scanning

03:49:46.756 Disk 0 trace - called modules:

03:49:46.787 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll ahcix64s.sys

03:49:46.803 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005382060]

03:49:46.803 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa80052ca3b0]

03:49:46.818 5 acpi.sys[fffffa60008fcfde] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa80052ca910]

03:49:49.112 AVAST engine scan C:\Windows

03:49:57.442 AVAST engine scan C:\Windows\system32

04:01:41.595 AVAST engine scan C:\Windows\system32\drivers

04:02:07.522 AVAST engine scan C:\Users\Chris

04:22:21.925 AVAST engine scan C:\ProgramData

04:29:30.347 Scan finished successfully

04:32:05.084 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Documents\MBR.dat"

04:32:05.084 The log file has been saved successfully to "C:\Users\Chris\Documents\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"


  • In your next post I need the following

    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.