Jump to content

Win7 infected with PUM.UserWLoad and TrojanRansom


Recommended Posts

Dear Sir;

 

About one week ago my internet connection became intermittent.  Ran MalwareBytes showed above infections. Attempted to remove but reappeared. Internet connected for one day then not since. Tried removal with Ad Aware and Iobit Malware fighter. Those did not reappear but found and Quarantined Babylon (fs). Sometimes I can connect to the modum but not to DNS Server..

Asking for help at this point.

Thank You

Bob L

 

Saw in another forum that  infection was rootkit requiring reformat. Like to avoid that.

Link to post
Share on other sites

Hello Uman606 and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Dear Mr Brown

After running the programs in the order you suggested, some infections were cleared but trying to access internet produces this error:

Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address. appreciate if you could suggest fix.

 

 post 1 of 2

 

15:26:54.0333 6760  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
15:26:54.0363 6760  ============================================================
15:26:54.0363 6760  Current date / time: 2013/07/01 15:26:54.0363
15:26:54.0363 6760  SystemInfo:
15:26:54.0363 6760  
15:26:54.0363 6760  OS Version: 6.1.7601 ServicePack: 1.0
15:26:54.0363 6760  Product type: Workstation
15:26:54.0364 6760  ComputerName: ROBERTH-PC
15:26:54.0364 6760  UserName: Robert L
15:26:54.0364 6760  Windows directory: C:\Windows
15:26:54.0364 6760  System windows directory: C:\Windows
15:26:54.0364 6760  Running under WOW64
15:26:54.0364 6760  Processor architecture: Intel x64
15:26:54.0364 6760  Number of processors: 2
15:26:54.0364 6760  Page size: 0x1000
15:26:54.0364 6760  Boot type: Normal boot
15:26:54.0364 6760  ============================================================
15:26:56.0713 6760  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:26:56.0721 6760  Drive \Device\Harddisk1\DR5 - Size: 0x3AFC00000 (14.75 Gb), SectorSize: 0x200, Cylinders: 0x784, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:26:56.0724 6760  ============================================================
15:26:56.0724 6760  \Device\Harddisk0\DR0:
15:26:56.0724 6760  MBR partitions:
15:26:56.0724 6760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
15:26:56.0724 6760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x48EC12B0
15:26:56.0724 6760  \Device\Harddisk1\DR5:
15:26:56.0726 6760  MBR partitions:
15:26:56.0726 6760  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x70, BlocksNum 0x1D7DF90
15:26:56.0726 6760  ============================================================
15:26:56.0767 6760  C: <-> \Device\Harddisk0\DR0\Partition2
15:26:56.0767 6760  ============================================================
15:26:56.0767 6760  Initialize success
15:26:56.0767 6760  ============================================================
15:27:12.0477 7840  ============================================================
15:27:12.0477 7840  Scan started
15:27:12.0477 7840  Mode: Manual;
15:27:12.0477 7840  ============================================================
15:27:13.0290 7840  ================ Scan system memory ========================
15:27:13.0290 7840  System memory - ok
15:27:13.0291 7840  ================ Scan services =============================
15:27:13.0491 7840  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:27:13.0503 7840  1394ohci - ok
15:27:13.0530 7840  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:27:13.0536 7840  ACPI - ok
15:27:13.0567 7840  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:27:13.0572 7840  AcpiPmi - ok
15:27:13.0682 7840  [ E9BACEDF8511EF671E817D8690E12DE3 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:27:13.0716 7840  Ad-Aware Service - ok
15:27:13.0801 7840  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:13.0804 7840  AdobeARMservice - ok
15:27:13.0988 7840  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:13.0993 7840  AdobeFlashPlayerUpdateSvc - ok
15:27:14.0033 7840  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:27:14.0053 7840  adp94xx - ok
15:27:14.0075 7840  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:27:14.0086 7840  adpahci - ok
15:27:14.0110 7840  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:27:14.0119 7840  adpu320 - ok
15:27:14.0223 7840  [ 9243229DFCCC99B5441750EBA49F1B14 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
15:27:14.0236 7840  AdvancedSystemCareService6 - ok
15:27:14.0269 7840  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:27:14.0272 7840  AeLookupSvc - ok
15:27:14.0310 7840  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:27:14.0320 7840  AFD - ok
15:27:14.0363 7840  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:27:14.0368 7840  agp440 - ok
15:27:14.0393 7840  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:27:14.0397 7840  ALG - ok
15:27:14.0417 7840  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:27:14.0422 7840  aliide - ok
15:27:14.0455 7840  [ D45D3540C5AE2A48C6112DF03F06F374 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:27:14.0969 7840  AMD External Events Utility - ok
15:27:15.0045 7840  AMD FUEL Service - ok
15:27:15.0080 7840  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:27:15.0088 7840  amdide - ok
15:27:15.0130 7840  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
15:27:15.0142 7840  amdiox64 - ok
15:27:15.0176 7840  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:27:15.0182 7840  AmdK8 - ok
15:27:15.0461 7840  [ 5B871F3E4A4A6C4693A413E3138B51D0 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:27:16.0540 7840  amdkmdag - ok
15:27:16.0621 7840  [ 9BE1140CE8D2C5E878F136A7B85D41B3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:27:16.0945 7840  amdkmdap - ok
15:27:17.0019 7840  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:27:17.0025 7840  AmdPPM - ok
15:27:17.0122 7840  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:27:17.0157 7840  amdsata - ok
15:27:17.0184 7840  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:27:17.0206 7840  amdsbs - ok
15:27:17.0241 7840  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:27:17.0242 7840  amdxata - ok
15:27:17.0264 7840  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
15:27:17.0270 7840  AmUStor - ok
15:27:17.0297 7840  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:27:17.0302 7840  AODDriver4.1 - ok
15:27:17.0365 7840  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
15:27:17.0382 7840  AppHostSvc - ok
15:27:17.0419 7840  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:27:17.0426 7840  AppID - ok
15:27:17.0459 7840  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:27:17.0466 7840  AppIDSvc - ok
15:27:17.0508 7840  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:27:17.0515 7840  Appinfo - ok
15:27:17.0555 7840  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:27:17.0565 7840  arc - ok
15:27:17.0577 7840  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:27:17.0586 7840  arcsas - ok
15:27:17.0723 7840  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:27:17.0727 7840  aspnet_state - ok
15:27:17.0751 7840  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:17.0758 7840  AsyncMac - ok
15:27:17.0792 7840  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:27:17.0793 7840  atapi - ok
15:27:17.0861 7840  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:27:18.0076 7840  athr - ok
15:27:18.0115 7840  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:27:18.0122 7840  AtiHDAudioService - ok
15:27:18.0171 7840  [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
15:27:18.0183 7840  AtiHdmiService - ok
15:27:18.0207 7840  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
15:27:18.0209 7840  AtiPcie - ok
15:27:18.0253 7840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:27:18.0287 7840  AudioEndpointBuilder - ok
15:27:18.0309 7840  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:27:18.0321 7840  AudioSrv - ok
15:27:18.0358 7840  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:27:18.0364 7840  AxInstSV - ok
15:27:18.0403 7840  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:27:18.0425 7840  b06bdrv - ok
15:27:18.0451 7840  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:18.0462 7840  b57nd60a - ok
15:27:18.0544 7840  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
15:27:18.0553 7840  BBSvc - ok
15:27:18.0584 7840  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
15:27:18.0586 7840  BBUpdate - ok
15:27:18.0641 7840  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:27:18.0713 7840  BCM43XX - ok
15:27:18.0749 7840  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:27:18.0754 7840  BDESVC - ok
15:27:18.0768 7840  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:27:18.0772 7840  Beep - ok
15:27:18.0821 7840  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:27:18.0855 7840  BFE - ok
15:27:18.0917 7840  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:27:18.0951 7840  BITS - ok
15:27:18.0970 7840  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:18.0975 7840  blbdrive - ok
15:27:19.0005 7840  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:27:19.0007 7840  bowser - ok
15:27:19.0046 7840  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:27:19.0051 7840  BrFiltLo - ok
15:27:19.0077 7840  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:27:19.0085 7840  BrFiltUp - ok
15:27:19.0117 7840  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:27:19.0126 7840  Browser - ok
15:27:19.0151 7840  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:27:19.0163 7840  Brserid - ok
15:27:19.0182 7840  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:19.0188 7840  BrSerWdm - ok
15:27:19.0211 7840  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:19.0215 7840  BrUsbMdm - ok
15:27:19.0228 7840  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:27:19.0231 7840  BrUsbSer - ok
15:27:19.0243 7840  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:27:19.0248 7840  BTHMODEM - ok
15:27:19.0272 7840  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:27:19.0276 7840  bthserv - ok
15:27:19.0305 7840  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:27:19.0307 7840  cdfs - ok
15:27:19.0347 7840  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:27:19.0352 7840  cdrom - ok
15:27:19.0397 7840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:27:19.0402 7840  CertPropSvc - ok
15:27:19.0420 7840  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:27:19.0426 7840  circlass - ok
15:27:19.0466 7840  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:27:19.0472 7840  CLFS - ok
15:27:19.0538 7840  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:19.0546 7840  clr_optimization_v2.0.50727_32 - ok
15:27:19.0580 7840  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:19.0585 7840  clr_optimization_v2.0.50727_64 - ok
15:27:19.0661 7840  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:19.0665 7840  clr_optimization_v4.0.30319_32 - ok
15:27:19.0705 7840  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:19.0709 7840  clr_optimization_v4.0.30319_64 - ok
15:27:19.0726 7840  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:19.0732 7840  CmBatt - ok
15:27:19.0762 7840  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:27:19.0767 7840  cmdide - ok
15:27:19.0804 7840  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:27:19.0811 7840  CNG - ok
15:27:19.0836 7840  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:27:19.0838 7840  Compbatt - ok
15:27:19.0853 7840  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:27:19.0857 7840  CompositeBus - ok
15:27:19.0864 7840  COMSysApp - ok
15:27:19.0887 7840  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:27:19.0892 7840  crcdisk - ok
15:27:19.0932 7840  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:27:19.0938 7840  CryptSvc - ok
15:27:20.0053 7840  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:27:20.0067 7840  cvhsvc - ok
15:27:20.0117 7840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:27:20.0125 7840  DcomLaunch - ok
15:27:20.0149 7840  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:27:20.0155 7840  defragsvc - ok
15:27:20.0197 7840  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:27:20.0201 7840  DfsC - ok
15:27:20.0243 7840  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:27:20.0256 7840  Dhcp - ok
15:27:20.0279 7840  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:27:20.0284 7840  discache - ok
15:27:20.0296 7840  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:27:20.0298 7840  Disk - ok
15:27:20.0345 7840  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:27:20.0356 7840  Dnscache - ok
15:27:20.0408 7840  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:27:20.0420 7840  dot3svc - ok
15:27:20.0460 7840  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:27:20.0466 7840  DPS - ok
15:27:20.0490 7840  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:27:20.0494 7840  drmkaud - ok
15:27:20.0534 7840  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:27:20.0539 7840  DsiWMIService - ok
15:27:20.0602 7840  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:27:20.0637 7840  DXGKrnl - ok
15:27:20.0666 7840  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:27:20.0672 7840  EapHost - ok
15:27:20.0769 7840  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:27:20.0886 7840  ebdrv - ok
15:27:20.0918 7840  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:27:20.0922 7840  EFS - ok
15:27:20.0996 7840  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:27:21.0041 7840  ehRecvr - ok
15:27:21.0066 7840  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:27:21.0071 7840  ehSched - ok
15:27:21.0108 7840  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:27:21.0128 7840  elxstor - ok
15:27:21.0220 7840  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
15:27:21.0235 7840  ePowerSvc - ok
15:27:21.0257 7840  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:27:21.0261 7840  ErrDev - ok
15:27:21.0321 7840  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:27:21.0333 7840  EventSystem - ok
15:27:21.0368 7840  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:27:21.0378 7840  exfat - ok
15:27:21.0410 7840  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:27:21.0414 7840  fastfat - ok
15:27:21.0449 7840  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:27:21.0456 7840  fdc - ok
15:27:21.0505 7840  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:27:21.0509 7840  fdPHost - ok
15:27:21.0528 7840  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:27:21.0536 7840  FDResPub - ok
15:27:21.0548 7840  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:27:21.0550 7840  FileInfo - ok
15:27:21.0682 7840  [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor     C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
15:27:21.0684 7840  FileMonitor - ok
15:27:21.0714 7840  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:27:21.0721 7840  Filetrace - ok
15:27:21.0745 7840  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:21.0753 7840  flpydisk - ok
15:27:21.0797 7840  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:27:21.0802 7840  FltMgr - ok
15:27:21.0867 7840  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:27:21.0915 7840  FontCache - ok
15:27:21.0973 7840  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:21.0984 7840  FontCache3.0.0.0 - ok
15:27:22.0015 7840  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:27:22.0022 7840  FsDepends - ok
15:27:22.0054 7840  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:27:22.0061 7840  Fs_Rec - ok
15:27:22.0097 7840  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:27:22.0101 7840  fvevol - ok
15:27:22.0124 7840  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:27:22.0130 7840  gagp30kx - ok
15:27:22.0314 7840  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:27:22.0416 7840  GamesAppService - ok
15:27:22.0493 7840  [ 9F5E8645FECD68C0ECC374F5A4AE068A ] gfiark          C:\Windows\system32\drivers\gfiark.sys
15:27:22.0503 7840  gfiark - ok
15:27:22.0535 7840  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
15:27:22.0536 7840  gfibto - ok
15:27:22.0589 7840  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:27:22.0618 7840  gpsvc - ok
15:27:22.0678 7840  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
15:27:22.0679 7840  GREGService - ok
15:27:22.0728 7840  GsServer - ok
15:27:22.0813 7840  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:27:22.0817 7840  gupdate - ok
15:27:22.0836 7840  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:27:22.0839 7840  gupdatem - ok
15:27:22.0881 7840  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:27:22.0889 7840  gusvc - ok
15:27:22.0927 7840  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:27:22.0932 7840  hcw85cir - ok
15:27:22.0968 7840  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:27:22.0977 7840  HdAudAddService - ok
15:27:23.0003 7840  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:27:23.0008 7840  HDAudBus - ok
15:27:23.0024 7840  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:27:23.0029 7840  HidBatt - ok
15:27:23.0050 7840  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:27:23.0057 7840  HidBth - ok
15:27:23.0074 7840  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:27:23.0079 7840  HidIr - ok
15:27:23.0109 7840  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:27:23.0113 7840  hidserv - ok
15:27:23.0139 7840  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:27:23.0142 7840  HidUsb - ok
15:27:23.0175 7840  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:27:23.0179 7840  hkmsvc - ok
15:27:23.0222 7840  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:27:23.0231 7840  HomeGroupListener - ok
15:27:23.0265 7840  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:27:23.0270 7840  HomeGroupProvider - ok
15:27:23.0304 7840  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:27:23.0311 7840  HpSAMD - ok
15:27:23.0368 7840  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:27:23.0403 7840  HTTP - ok
15:27:23.0440 7840  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:27:23.0442 7840  hwpolicy - ok
15:27:23.0481 7840  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:27:23.0489 7840  i8042prt - ok
15:27:23.0549 7840  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:27:23.0577 7840  iaStorV - ok
15:27:23.0643 7840  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:23.0701 7840  idsvc - ok
15:27:23.0868 7840  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:27:24.0068 7840  igfx - ok
15:27:24.0109 7840  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:27:24.0113 7840  iirsp - ok
15:27:24.0166 7840  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:27:24.0201 7840  IKEEXT - ok
15:27:24.0266 7840  [ 8AE99EBE30E8338907361018D9030835 ] IMFservice      C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
15:27:24.0295 7840  IMFservice - ok
15:27:24.0394 7840  [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:27:24.0531 7840  IntcAzAudAddService - ok
15:27:24.0558 7840  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:27:24.0562 7840  intelide - ok
15:27:24.0587 7840  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:27:24.0591 7840  intelppm - ok
15:27:24.0622 7840  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:27:24.0626 7840  IPBusEnum - ok
15:27:24.0681 7840  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:24.0690 7840  IpFilterDriver - ok
15:27:24.0738 7840  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
15:27:24.0748 7840  IpHlpSvc - ok
15:27:24.0793 7840  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:27:24.0803 7840  IPMIDRV - ok
15:27:24.0844 7840  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:27:24.0852 7840  IPNAT - ok
15:27:24.0882 7840  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:27:24.0886 7840  IRENUM - ok
15:27:24.0910 7840  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:27:24.0915 7840  isapnp - ok
15:27:24.0953 7840  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:27:24.0960 7840  iScsiPrt - ok
15:27:25.0008 7840  [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:27:25.0020 7840  k57nd60a - ok
15:27:25.0039 7840  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:27:25.0043 7840  kbdclass - ok
15:27:25.0059 7840  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:27:25.0062 7840  kbdhid - ok
15:27:25.0074 7840  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:27:25.0076 7840  KeyIso - ok
15:27:25.0116 7840  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:27:25.0120 7840  KSecDD - ok
15:27:25.0154 7840  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:27:25.0157 7840  KSecPkg - ok
15:27:25.0186 7840  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:27:25.0190 7840  ksthunk - ok
15:27:25.0231 7840  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:27:25.0247 7840  KtmRm - ok
15:27:25.0271 7840  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
15:27:25.0277 7840  L1E - ok
15:27:25.0315 7840  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:27:25.0323 7840  LanmanServer - ok
15:27:25.0362 7840  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:25.0370 7840  LanmanWorkstation - ok
15:27:25.0390 7840  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:27:25.0395 7840  lltdio - ok
15:27:25.0436 7840  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:27:25.0445 7840  lltdsvc - ok
15:27:25.0466 7840  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:27:25.0472 7840  lmhosts - ok
15:27:25.0512 7840  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:27:25.0519 7840  LSI_FC - ok
15:27:25.0530 7840  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:27:25.0540 7840  LSI_SAS - ok
15:27:25.0561 7840  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:27:25.0566 7840  LSI_SAS2 - ok
15:27:25.0573 7840  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:27:25.0578 7840  LSI_SCSI - ok
15:27:25.0601 7840  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:27:25.0603 7840  luafv - ok
15:27:25.0676 7840  [ 0C4BC1D7DB00896EE53862FCF29E6B5C ] lxdwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe
15:27:25.0699 7840  lxdwCATSCustConnectService - ok
15:27:25.0712 7840  lxdw_device - ok
15:27:25.0760 7840  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:27:25.0764 7840  Mcx2Svc - ok
15:27:25.0800 7840  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:27:25.0808 7840  megasas - ok
15:27:25.0841 7840  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:27:25.0851 7840  MegaSR - ok
15:27:25.0881 7840  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:27:25.0884 7840  MMCSS - ok
15:27:25.0924 7840  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:27:25.0931 7840  Modem - ok
15:27:25.0957 7840  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:27:25.0960 7840  monitor - ok
15:27:25.0989 7840  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:27:25.0994 7840  mouclass - ok
15:27:26.0012 7840  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:27:26.0017 7840  mouhid - ok
15:27:26.0053 7840  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:27:26.0055 7840  mountmgr - ok
15:27:26.0099 7840  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:27:26.0103 7840  MpFilter - ok
15:27:26.0138 7840  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:27:26.0144 7840  mpio - ok
15:27:26.0175 7840  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:27:26.0179 7840  mpsdrv - ok
15:27:26.0239 7840  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:27:26.0255 7840  MpsSvc - ok
15:27:26.0301 7840  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:27:26.0307 7840  MRxDAV - ok
15:27:26.0349 7840  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:26.0353 7840  mrxsmb - ok
15:27:26.0372 7840  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:26.0377 7840  mrxsmb10 - ok
15:27:26.0409 7840  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:26.0412 7840  mrxsmb20 - ok
15:27:26.0432 7840  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:27:26.0433 7840  msahci - ok
15:27:26.0456 7840  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:27:26.0461 7840  msdsm - ok
15:27:26.0480 7840  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:27:26.0487 7840  MSDTC - ok
15:27:26.0531 7840  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:27:26.0532 7840  Msfs - ok
15:27:26.0559 7840  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:27:26.0562 7840  mshidkmdf - ok
15:27:26.0600 7840  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:27:26.0601 7840  msisadrv - ok
15:27:26.0645 7840  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:27:26.0656 7840  MSiSCSI - ok
15:27:26.0670 7840  msiserver - ok
15:27:26.0700 7840  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:27:26.0704 7840  MSKSSRV - ok
15:27:26.0767 7840  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:27:26.0769 7840  MsMpSvc - ok
15:27:26.0794 7840  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:26.0800 7840  MSPCLOCK - ok
15:27:26.0826 7840  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:27:26.0830 7840  MSPQM - ok
15:27:26.0878 7840  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:27:26.0884 7840  MsRPC - ok
15:27:26.0927 7840  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:27:26.0929 7840  mssmbios - ok
15:27:26.0957 7840  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:27:26.0960 7840  MSTEE - ok
15:27:26.0976 7840  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:27:26.0980 7840  MTConfig - ok
15:27:26.0994 7840  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:27:26.0996 7840  Mup - ok
15:27:27.0040 7840  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:27:27.0061 7840  napagent - ok
15:27:27.0081 7840  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:27:27.0089 7840  NativeWifiP - ok
15:27:27.0141 7840  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:27:27.0157 7840  NDIS - ok
15:27:27.0192 7840  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:27.0196 7840  NdisCap - ok
15:27:27.0216 7840  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:27.0219 7840  NdisTapi - ok
15:27:27.0249 7840  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:27.0253 7840  Ndisuio - ok
15:27:27.0282 7840  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:27.0286 7840  NdisWan - ok
15:27:27.0313 7840  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:27:27.0317 7840  NDProxy - ok
15:27:27.0392 7840  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:27:27.0466 7840  Nero BackItUp Scheduler 4.0 - ok
15:27:27.0498 7840  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:27:27.0499 7840  NetBIOS - ok
15:27:27.0552 7840  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:27:27.0563 7840  NetBT - ok
15:27:27.0586 7840  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:27:27.0590 7840  Netlogon - ok
15:27:27.0652 7840  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:27:27.0661 7840  Netman - ok
15:27:27.0705 7840  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:27.0719 7840  NetMsmqActivator - ok
15:27:27.0728 7840  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:27.0730 7840  NetPipeActivator - ok
15:27:27.0746 7840  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:27:27.0754 7840  netprofm - ok
15:27:27.0760 7840  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:27.0762 7840  NetTcpActivator - ok
15:27:27.0769 7840  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:27:27.0771 7840  NetTcpPortSharing - ok
15:27:27.0801 7840  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:27:27.0805 7840  nfrd960 - ok
15:27:27.0843 7840  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:27:27.0848 7840  NlaSvc - ok
15:27:27.0862 7840  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:27:27.0864 7840  Npfs - ok
15:27:27.0895 7840  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:27:27.0899 7840  nsi - ok
15:27:27.0915 7840  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:27:27.0918 7840  nsiproxy - ok
15:27:27.0987 7840  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:27:28.0020 7840  Ntfs - ok
15:27:28.0081 7840  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
15:27:28.0083 7840  NTI IScheduleSvc - ok
15:27:28.0120 7840  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:27:28.0127 7840  NTIDrvr - ok
15:27:28.0156 7840  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:27:28.0159 7840  Null - ok
15:27:28.0196 7840  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:27:28.0205 7840  nvraid - ok
15:27:28.0253 7840  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:27:28.0261 7840  nvstor - ok
15:27:28.0302 7840  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:27:28.0308 7840  nv_agp - ok
15:27:28.0346 7840  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:27:28.0350 7840  ohci1394 - ok
15:27:28.0386 7840  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:28.0399 7840  ose - ok
15:27:28.0573 7840  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:28.0604 7840  osppsvc - ok
15:27:28.0651 7840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:27:28.0663 7840  p2pimsvc - ok
15:27:28.0708 7840  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:27:28.0717 7840  p2psvc - ok
15:27:28.0746 7840  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:27:28.0753 7840  Parport - ok
15:27:28.0796 7840  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:27:28.0798 7840  partmgr - ok
15:27:28.0821 7840  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:27:28.0833 7840  PcaSvc - ok
15:27:28.0877 7840  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:27:28.0880 7840  pci - ok
15:27:28.0908 7840  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:27:28.0909 7840  pciide - ok
15:27:28.0946 7840  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:27:28.0958 7840  pcmcia - ok
15:27:28.0995 7840  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:27:28.0996 7840  pcw - ok
15:27:29.0022 7840  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:27:29.0032 7840  PEAUTH - ok
15:27:29.0144 7840  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:27:29.0149 7840  PerfHost - ok
15:27:29.0239 7840  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:27:29.0274 7840  pla - ok
15:27:29.0319 7840  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:27:29.0343 7840  PlugPlay - ok
15:27:29.0369 7840  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:27:29.0379 7840  PNRPAutoReg - ok
15:27:29.0407 7840  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:27:29.0412 7840  PNRPsvc - ok
15:27:29.0455 7840  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:27:29.0465 7840  PolicyAgent - ok
15:27:29.0512 7840  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:27:29.0519 7840  Power - ok
15:27:29.0547 7840  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:27:29.0551 7840  PptpMiniport - ok
15:27:29.0583 7840  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:27:29.0587 7840  Processor - ok
15:27:29.0620 7840  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:27:29.0624 7840  ProfSvc - ok
15:27:29.0641 7840  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:27:29.0643 7840  ProtectedStorage - ok
15:27:29.0679 7840  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:27:29.0683 7840  Psched - ok
15:27:29.0728 7840  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:27:29.0795 7840  ql2300 - ok
15:27:29.0834 7840  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:29.0841 7840  ql40xx - ok
15:27:29.0867 7840  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:27:29.0875 7840  QWAVE - ok
15:27:29.0895 7840  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:27:29.0900 7840  QWAVEdrv - ok
15:27:29.0919 7840  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:27:29.0924 7840  RasAcd - ok
15:27:29.0956 7840  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:29.0960 7840  RasAgileVpn - ok
15:27:29.0989 7840  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:27:29.0996 7840  RasAuto - ok
15:27:30.0033 7840  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:30.0041 7840  Rasl2tp - ok
15:27:30.0086 7840  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:27:30.0096 7840  RasMan - ok
15:27:30.0128 7840  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:30.0133 7840  RasPppoe - ok
15:27:30.0152 7840  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:27:30.0156 7840  RasSstp - ok
15:27:30.0199 7840  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:27:30.0204 7840  rdbss - ok
15:27:30.0231 7840  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:30.0236 7840  rdpbus - ok
15:27:30.0261 7840  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:30.0265 7840  RDPCDD - ok
15:27:30.0279 7840  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:27:30.0283 7840  RDPENCDD - ok
15:27:30.0301 7840  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:27:30.0304 7840  RDPREFMP - ok
15:27:30.0336 7840  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:27:30.0339 7840  RdpVideoMiniport - ok
15:27:30.0370 7840  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:27:30.0375 7840  RDPWD - ok
15:27:30.0416 7840  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:27:30.0420 7840  rdyboost - ok
15:27:30.0485 7840  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
15:27:30.0487 7840  RealNetworks Downloader Resolver Service - ok
15:27:30.0648 7840  [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter       C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
15:27:30.0650 7840  RegFilter - ok
15:27:30.0708 7840  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:27:30.0718 7840  RemoteAccess - ok
15:27:30.0749 7840  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:27:30.0762 7840  RemoteRegistry - ok
15:27:30.0796 7840  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:27:30.0802 7840  RpcEptMapper - ok
15:27:30.0837 7840  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:27:30.0842 7840  RpcLocator - ok
15:27:30.0896 7840  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:27:30.0903 7840  RpcSs - ok
15:27:30.0929 7840  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:27:30.0934 7840  rspndr - ok
15:27:30.0952 7840  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:27:30.0955 7840  SamSs - ok
15:27:31.0112 7840  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:27:31.0136 7840  SBAMSvc - ok
15:27:31.0173 7840  [ 8F19D62B04081C0BFF1E8D6F26220A28 ] sbapifs         C:\Windows\system32\DRIVERS\sbapifs.sys
15:27:31.0176 7840  sbapifs - ok
15:27:31.0222 7840  [ D8E08D2D24E777894744B657EA78796A ] SbFw            C:\Windows\system32\drivers\SbFw.sys
15:27:31.0244 7840  SbFw - ok
15:27:31.0270 7840  [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCL        C:\Windows\system32\DRIVERS\sbfwim.sys
15:27:31.0276 7840  SBFWIMCL - ok
15:27:31.0284 7840  [ 032CBD1D453D3BD4B38DE06AC4F8B8B4 ] SBFWIMCLMP      C:\Windows\system32\DRIVERS\SBFWIM.sys
15:27:31.0286 7840  SBFWIMCLMP - ok
15:27:31.0303 7840  [ 1490E7C7A22329BE5641D4C2E16B868E ] SBHIPS          C:\Windows\system32\drivers\sbhips.sys
15:27:31.0309 7840  SBHIPS - ok
15:27:31.0351 7840  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:27:31.0357 7840  sbp2port - ok
15:27:31.0364 7840  SBRE - ok
15:27:31.0411 7840  [ 051C35F5FF516398FFC806979C709A2F ] sbwtis          C:\Windows\system32\DRIVERS\sbwtis.sys
15:27:31.0421 7840  sbwtis - ok
15:27:31.0463 7840  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:27:31.0471 7840  SCardSvr - ok
15:27:31.0506 7840  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:27:31.0511 7840  scfilter - ok
15:27:31.0578 7840  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:27:31.0618 7840  Schedule - ok
15:27:31.0664 7840  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:27:31.0666 7840  SCPolicySvc - ok
15:27:31.0706 7840  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:27:31.0715 7840  SDRSVC - ok
15:27:31.0756 7840  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:27:31.0761 7840  secdrv - ok
15:27:31.0798 7840  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:27:31.0805 7840  seclogon - ok
15:27:31.0852 7840  [ 953F0A33DA207DC1E2763D058A14179A ] Sendori         C:\Program Files (x86)\Sendori\SendoriSvc.exe
15:27:31.0854 7840  Sendori - ok
15:27:31.0887 7840  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:27:31.0891 7840  SENS - ok
15:27:31.0918 7840  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:27:31.0924 7840  SensrSvc - ok
15:27:31.0933 7840  Ser2pl - ok
15:27:31.0964 7840  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:27:31.0968 7840  Serenum - ok
15:27:31.0986 7840  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:27:31.0992 7840  Serial - ok
15:27:32.0025 7840  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:27:32.0028 7840  sermouse - ok
15:27:32.0081 7840  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:27:32.0086 7840  SessionEnv - ok
15:27:32.0125 7840  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:27:32.0128 7840  sffdisk - ok
15:27:32.0142 7840  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:27:32.0146 7840  sffp_mmc - ok
15:27:32.0165 7840  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:27:32.0169 7840  sffp_sd - ok
15:27:32.0199 7840  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:32.0203 7840  sfloppy - ok
15:27:32.0261 7840  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:27:32.0306 7840  Sftfs - ok
15:27:32.0398 7840  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:27:32.0416 7840  sftlist - ok
15:27:32.0479 7840  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:27:32.0646 7840  Sftplay - ok
15:27:32.0713 7840  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:27:32.0716 7840  Sftredir - ok
15:27:32.0761 7840  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:27:32.0770 7840  Sftvol - ok
15:27:32.0798 7840  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:27:32.0801 7840  sftvsa - ok
15:27:32.0838 7840  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:27:32.0846 7840  SharedAccess - ok
15:27:32.0883 7840  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:27:32.0891 7840  ShellHWDetection - ok
15:27:32.0914 7840  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:32.0918 7840  SiSRaid2 - ok
15:27:32.0956 7840  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:32.0961 7840  SiSRaid4 - ok
15:27:33.0127 7840  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:27:33.0191 7840  Skype C2C Service - ok
15:27:33.0267 7840  [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:27:33.0271 7840  SkypeUpdate - ok
15:27:33.0323 7840  [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:27:33.0324 7840  SmartDefragDriver - ok
15:27:33.0347 7840  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:27:33.0351 7840  Smb - ok
15:27:33.0407 7840  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:27:33.0411 7840  SNMPTRAP - ok
15:27:33.0444 7840  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:27:33.0445 7840  spldr - ok
15:27:33.0494 7840  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:27:33.0528 7840  Spooler - ok
15:27:33.0665 7840  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:27:33.0735 7840  sppsvc - ok
15:27:33.0776 7840  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:27:33.0780 7840  sppuinotify - ok
15:27:33.0824 7840  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:27:33.0829 7840  srv - ok
15:27:33.0851 7840  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:27:33.0857 7840  srv2 - ok
15:27:33.0896 7840  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:27:33.0898 7840  srvnet - ok
15:27:33.0938 7840  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:27:33.0951 7840  SSDPSRV - ok
15:27:33.0976 7840  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:27:33.0983 7840  SstpSvc - ok
15:27:34.0020 7840  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:27:34.0024 7840  stexstor - ok
15:27:34.0053 7840  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:27:34.0057 7840  StillCam - ok
15:27:34.0108 7840  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:27:34.0119 7840  stisvc - ok
15:27:34.0155 7840  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:27:34.0159 7840  swenum - ok
15:27:34.0204 7840  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:27:34.0225 7840  swprv - ok
15:27:34.0281 7840  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:27:34.0292 7840  SynTP - ok
15:27:34.0378 7840  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:27:34.0436 7840  SysMain - ok
15:27:34.0478 7840  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:27:34.0485 7840  TabletInputService - ok
15:27:34.0530 7840  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:27:34.0540 7840  TapiSrv - ok
15:27:34.0583 7840  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:27:34.0589 7840  TBS - ok
15:27:34.0656 7840  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:27:34.0703 7840  Tcpip - ok
15:27:34.0758 7840  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:27:34.0770 7840  TCPIP6 - ok
15:27:34.0819 7840  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:27:34.0823 7840  tcpipreg - ok
15:27:34.0859 7840  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:27:34.0862 7840  TDPIPE - ok
15:27:34.0904 7840  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:27:34.0907 7840  TDTCP - ok
15:27:34.0950 7840  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:27:34.0958 7840  tdx - ok
15:27:35.0135 7840  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:27:35.0159 7840  TeamViewer8 - ok
15:27:35.0202 7840  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:27:35.0205 7840  TermDD - ok
15:27:35.0252 7840  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:27:35.0291 7840  TermService - ok
15:27:35.0329 7840  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:27:35.0333 7840  Themes - ok
15:27:35.0358 7840  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:27:35.0361 7840  THREADORDER - ok
15:27:35.0383 7840  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:27:35.0388 7840  TrkWks - ok
15:27:35.0463 7840  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:27:35.0468 7840  TrustedInstaller - ok
15:27:35.0523 7840  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:35.0530 7840  tssecsrv - ok
15:27:35.0571 7840  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:27:35.0575 7840  TsUsbFlt - ok
15:27:35.0615 7840  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:27:35.0620 7840  tunnel - ok
15:27:35.0659 7840  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:27:35.0665 7840  uagp35 - ok
15:27:35.0705 7840  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:27:35.0715 7840  UBHelper - ok
15:27:35.0765 7840  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:27:35.0778 7840  udfs - ok
15:27:35.0827 7840  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:27:35.0832 7840  UI0Detect - ok
15:27:35.0853 7840  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:27:35.0858 7840  uliagpkx - ok
15:27:35.0895 7840  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:27:35.0898 7840  umbus - ok
15:27:35.0931 7840  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:27:35.0934 7840  UmPass - ok
15:27:36.0018 7840  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
15:27:36.0024 7840  Updater Service - ok
15:27:36.0093 7840  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:27:36.0115 7840  upnphost - ok
15:27:36.0165 7840  [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter       C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
15:27:36.0166 7840  UrlFilter - ok
15:27:36.0215 7840  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:36.0223 7840  usbccgp - ok
15:27:36.0265 7840  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:27:36.0272 7840  usbcir - ok
15:27:36.0314 7840  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:27:36.0318 7840  usbehci - ok
15:27:36.0357 7840  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:27:36.0362 7840  usbfilter - ok
15:27:36.0400 7840  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:27:36.0408 7840  usbhub - ok
15:27:36.0444 7840  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:27:36.0448 7840  usbohci - ok
15:27:36.0473 7840  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:27:36.0476 7840  usbprint - ok
15:27:36.0518 7840  [ 54EAFFD31C377C8C1055D33E6B6B4B27 ] usbrndis6       C:\Windows\system32\DRIVERS\usb80236.sys
15:27:36.0521 7840  usbrndis6 - ok
15:27:36.0529 7840  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:27:36.0534 7840  usbscan - ok
15:27:36.0569 7840  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:36.0574 7840  USBSTOR - ok
15:27:36.0620 7840  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:27:36.0623 7840  usbuhci - ok
15:27:36.0654 7840  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:27:36.0659 7840  usbvideo - ok
15:27:36.0681 7840  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:27:36.0686 7840  UxSms - ok
15:27:36.0707 7840  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:27:36.0709 7840  VaultSvc - ok
15:27:36.0729 7840  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:27:36.0730 7840  vdrvroot - ok
15:27:36.0771 7840  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:27:36.0782 7840  vds - ok
15:27:36.0809 7840  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:36.0813 7840  vga - ok
15:27:36.0837 7840  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:27:36.0840 7840  VgaSave - ok
15:27:36.0884 7840  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:27:36.0889 7840  vhdmp - ok
15:27:36.0923 7840  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:27:36.0927 7840  viaide - ok
15:27:36.0953 7840  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:27:36.0955 7840  volmgr - ok
15:27:36.0997 7840  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:27:37.0002 7840  volmgrx - ok
15:27:37.0020 7840  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:27:37.0024 7840  volsnap - ok
15:27:37.0062 7840  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:37.0069 7840  vsmraid - ok
15:27:37.0131 7840  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:27:37.0166 7840  VSS - ok
15:27:37.0192 7840  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:27:37.0195 7840  vwifibus - ok
15:27:37.0215 7840  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:27:37.0218 7840  vwififlt - ok
15:27:37.0229 7840  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:27:37.0232 7840  vwifimp - ok
15:27:37.0274 7840  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:27:37.0281 7840  W32Time - ok
15:27:37.0351 7840  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
15:27:37.0372 7840  W3SVC - ok
15:27:37.0414 7840  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:27:37.0419 7840  WacomPen - ok
15:27:37.0463 7840  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:27:37.0468 7840  WANARP - ok
15:27:37.0478 7840  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:27:37.0480 7840  Wanarpv6 - ok
15:27:37.0497 7840  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
15:27:37.0501 7840  WAS - ok
15:27:37.0578 7840  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:37.0662 7840  WatAdminSvc - ok
15:27:37.0786 7840  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:27:37.0839 7840  wbengine - ok
15:27:37.0883 7840  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:27:37.0890 7840  WbioSrvc - ok
15:27:37.0934 7840  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:27:37.0943 7840  wcncsvc - ok
15:27:37.0952 7840  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:27:37.0957 7840  WcsPlugInService - ok
15:27:37.0989 7840  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:27:37.0993 7840  Wd - ok
15:27:38.0039 7840  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:27:38.0056 7840  Wdf01000 - ok
15:27:38.0095 7840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:27:38.0099 7840  WdiServiceHost - ok
15:27:38.0108 7840  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:27:38.0111 7840  WdiSystemHost - ok
15:27:38.0159 7840  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:27:38.0166 7840  WebClient - ok
15:27:38.0197 7840  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:27:38.0204 7840  Wecsvc - ok
15:27:38.0221 7840  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:27:38.0226 7840  wercplsupport - ok
15:27:38.0244 7840  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:27:38.0249 7840  WerSvc - ok
15:27:38.0278 7840  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:38.0282 7840  WfpLwf - ok
15:27:38.0303 7840  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:27:38.0306 7840  WIMMount - ok
15:27:38.0322 7840  WinDefend - ok
15:27:38.0363 7840  WinHttpAutoProxySvc - ok
15:27:38.0439 7840  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:27:38.0449 7840  Winmgmt - ok
15:27:38.0535 7840  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:27:38.0582 7840  WinRM - ok
15:27:38.0656 7840  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:27:38.0691 7840  Wlansvc - ok
15:27:38.0734 7840  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:27:38.0737 7840  WmiAcpi - ok
15:27:38.0782 7840  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:27:38.0788 7840  wmiApSrv - ok
15:27:38.0812 7840  WMPNetworkSvc - ok
15:27:38.0838 7840  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:27:38.0843 7840  WPCSvc - ok
15:27:38.0890 7840  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:27:38.0894 7840  WPDBusEnum - ok
15:27:38.0917 7840  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:27:38.0920 7840  ws2ifsl - ok
15:27:38.0945 7840  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:27:38.0949 7840  wscsvc - ok
15:27:38.0977 7840  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:27:38.0981 7840  WSDPrintDevice - ok
15:27:38.0990 7840  WSearch - ok
15:27:39.0087 7840  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:27:39.0160 7840  wuauserv - ok
15:27:39.0195 7840  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:27:39.0199 7840  WudfPf - ok
15:27:39.0231 7840  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:39.0236 7840  WUDFRd - ok
15:27:39.0253 7840  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:27:39.0259 7840  wudfsvc - ok
15:27:39.0295 7840  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:27:39.0302 7840  WwanSvc - ok
15:27:39.0359 7840  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:27:39.0366 7840  YahooAUService - ok
15:27:39.0388 7840  ================ Scan global ===============================
15:27:39.0440 7840  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:27:39.0483 7840  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:27:39.0515 7840  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:27:39.0564 7840  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:27:39.0594 7840  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:27:39.0601 7840  [Global] - ok
15:27:39.0602 7840  ================ Scan MBR ==================================
15:27:39.0624 7840  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:27:40.0014 7840  \Device\Harddisk0\DR0 - ok
15:27:40.0022 7840  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
15:27:40.0031 7840  \Device\Harddisk1\DR5 - ok
15:27:40.0032 7840  ================ Scan VBR ==================================
15:27:40.0036 7840  [ 5A64F90184CD0AF9829259F2970F7869 ] \Device\Harddisk0\DR0\Partition1
15:27:40.0038 7840  \Device\Harddisk0\DR0\Partition1 - ok
15:27:40.0054 7840  [ F5C6D6458D86E260FCA7FEBEB576651D ] \Device\Harddisk0\DR0\Partition2
15:27:40.0056 7840  \Device\Harddisk0\DR0\Partition2 - ok
15:27:40.0062 7840  [ 4BBEB70A8FF711BE4DB56520C1A57538 ] \Device\Harddisk1\DR5\Partition1
15:27:40.0063 7840  \Device\Harddisk1\DR5\Partition1 - ok
15:27:40.0064 7840  ============================================================
15:27:40.0064 7840  Scan finished
15:27:40.0064 7840  ============================================================
15:27:40.0081 3676  Detected object count: 0
15:27:40.0081 3676  Actual detected object count: 0
15:28:09.0771 1248  Deinitialize success
 

========================================================================================

Link to post
Share on other sites

post 2 of 2

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4024614912, free: 2351919104

Initializing...
------------ Kernel report ------------
     07/01/2013 15:35:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
\??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ole32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xfffffa800b691790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800a5e2060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c29340
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004797060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c29340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c2a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c29340, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004797060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 65546554

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 26624000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 26626048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 26830848  Numsec = 1223430832

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b691790, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80088c26d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b691790, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a7886c0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800a5e2060, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 112  Numsec = 30924688

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 15833497600 bytes
Sector size: 512 bytes

Done!
Infected: c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\@ --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\U --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\L --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b --> [Trojan.Siredef.C]
Infected: c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_26626048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

====================================================================================

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Robert L :: ROBERTH-PC [administrator]

7/1/2013 3:35:37 PM
mbar-log-2013-07-01 (15-35-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 305164
Time elapsed: 47 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 2
c:\$Recycle.Bin\S-1-5-18\$886ee4756213373c8498e6c2ce30cf3b\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3334870878-1075156716-579433900-1000\$886ee4756213373c8498e6c2ce30cf3b\@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

==============================================================================

 

ComboFix 13-06-30.01 - Robert L 07/01/2013  16:55:24.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.2115 [GMT -6:00]
Running from: c:\users\Robert H\Desktop\AntiMalware Programs\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL568C.tmp
c:\programdata\SPLDE3D.tmp
c:\windows\SysWow64\SETB61C.tmp
c:\windows\SysWow64\SETBAEF.tmp
c:\windows\SysWow64\SETE8FE.tmp
c:\windows\SysWow64\SETF3D1.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-01 to 2013-07-01  )))))))))))))))))))))))))))))))
.
.
2013-07-01 23:06 . 2013-07-01 23:20    --------    d-----w-    c:\users\Robert L\AppData\Local\temp
2013-07-01 23:06 . 2013-07-01 23:06    --------    d-----w-    c:\users\DefaultAppPool\AppData\Local\temp
2013-07-01 21:35 . 2013-07-01 22:25    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-01 21:34 . 2013-07-01 21:34    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-06-29 16:28 . 2013-06-29 16:28    --------    d-----w-    c:\users\Robert L\AppData\Local\Apple
2013-06-29 16:25 . 2013-06-29 16:25    --------    d-----w-    c:\users\Robert L\AppData\Roaming\HpUpdate
2013-06-29 16:08 . 2013-06-29 16:08    --------    d-----w-    c:\users\Robert L\AppData\Local\ElevatedDiagnostics
2013-06-28 20:46 . 2013-06-28 20:54    --------    d-----w-    c:\users\Robert L\AppData\Roaming\Ad-Aware Antivirus
2013-06-26 19:22 . 2013-06-26 19:22    --------    d-----w-    c:\users\Robert L\AppData\Roaming\Yahoo!
2013-06-26 19:18 . 2013-06-26 19:18    --------    d-----w-    c:\users\Robert L\AppData\Roaming\QuickScan
2013-06-26 19:17 . 2013-06-26 19:25    --------    d-----w-    c:\users\Robert L\AppData\Roaming\OpswatLogs
2013-06-26 19:11 . 2013-07-01 21:30    --------    d-----w-    C:\temp
2013-06-26 19:10 . 2013-06-29 05:39    --------    d-----w-    c:\program files (x86)\Office Depot PC Support Agent
2013-06-26 19:10 . 2013-06-26 19:10    --------    d-----w-    c:\program files (x86)\Common Files\supportsoft
2013-06-22 01:05 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-22 01:00 . 2013-04-26 05:51    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-22 01:00 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-06-22 01:00 . 2013-05-10 05:49    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-06-22 01:00 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-06-21 19:18 . 2013-06-21 19:21    --------    d-----w-    c:\users\Robert L\AppData\Roaming\GoodSync
2013-06-15 04:19 . 2013-06-21 20:23    --------    d-----w-    c:\program files (x86)\IObit Apps Toolbar
2013-06-15 04:19 . 2013-06-15 04:19    --------    d-----w-    c:\program files (x86)\Common Files\Spigot
2013-06-07 05:23 . 2013-06-07 05:23    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-04 10:10 . 2013-06-04 10:10    --------    d-----w-    c:\users\Robert L\AppData\Roaming\Malwarebytes
2013-06-04 10:09 . 2013-06-04 10:10    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-04 10:09 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-04 10:09 . 2013-06-04 10:09    --------    d-----w-    c:\users\Robert L\AppData\Local\Programs
2013-06-02 01:01 . 2013-06-02 01:01    --------    d-----w-    c:\users\Robert L\AppData\Local\FileTypeAssistant
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 01:29 . 2011-08-01 18:40    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-22 01:13 . 2012-04-11 15:10    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-22 01:13 . 2011-09-19 02:42    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-13 21:47 . 2010-12-14 16:22    505128    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2013-05-13 21:47 . 2010-12-14 16:22    353576    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2013-05-13 21:47 . 2010-12-14 16:22    29480    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-05-03 16:00 . 2013-05-03 16:00    333424    ----a-r-    c:\users\Robert L\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe
2013-05-03 16:00 . 2013-05-03 16:00    333424    ----a-r-    c:\users\Robert L\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\ARPPRODUCTICON.exe
2013-05-01 10:59 . 2013-05-01 10:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-18 03:20 . 2011-12-22 10:33    26432    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2013-04-17 00:08 . 2013-04-17 00:08    1073808    ----a-w-    c:\windows\boinc.scr
2013-04-13 05:49 . 2013-05-15 16:52    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:52    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:52    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:52    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:52    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:52    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:56    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-11 18:06 . 2012-12-27 17:02    39504    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-04-10 06:01 . 2013-05-15 16:52    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 16:52    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 16:51    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-07 17:35 . 2013-04-07 17:35    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-07 17:35 . 2012-06-21 05:41    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-07 17:35 . 2011-12-31 01:45    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41    87448    ----a-w-    c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-17 5868688]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-10 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"lxdwmon.exe"="c:\program files (x86) (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"lxdwamon"="c:\program files (x86) (x86)\Lexmark 7600 Series\lxdwamon.exe" [2010-02-10 16040]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SearchProtection"="c:\programdata\Search Protection\_run.bat" [2012-12-09 141]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-26 4474832]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-17 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-10 109784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdwserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R3 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SBHIPS;SBHIPS;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe;c:\windows\SYSNATIVE\lxdwcoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 01:13]
.
2013-07-01 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-11-16 02:40]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 03:57]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 03:57]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334870878-1075156716-579433900-1000Core.job
- c:\users\Robert H\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 17:40]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3334870878-1075156716-579433900-1000UA.job
- c:\users\Robert H\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2010-02-10 16040]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-04-17 5868688]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-04-17 72848]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm




TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{107FE8F9-5656-4163-9E09-921898B2DACB}: NameServer = 192.168.0.1
TCP: Interfaces\{710BABB1-D3BD-4546-90AA-DC78A33C8CE3}: NameServer = 192.168.0.1
TCP: Interfaces\{710BABB1-D3BD-4546-90AA-DC78A33C8CE3}\C456560275962756C6563737D27657563747: NameServer = 192.168.0.1
TCP: Interfaces\{710BABB1-D3BD-4546-90AA-DC78A33C8CE3}\E656772616375693: NameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{07364a98-eb02-4736-bc54-ebe437fccb87} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Robert H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Robert L\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{6C97A91E-4524-4019-86AF-2AA2D567BF5C}"=hex:51,66,7a,6c,4c,1d,38,12,70,aa,84,
   68,16,0b,77,05,f9,b9,69,e2,d0,39,fb,48
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
   d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,e7,bc,56,76,fd,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,72,93,a9,2b,91,c1,47,b9,a5,93,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,72,93,a9,2b,91,c1,47,b9,a5,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,72,93,a9,2b,91,c1,47,b9,a5,93,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Completion time: 2013-07-01  17:25:01 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-01 23:25
.
Pre-Run: 560,009,629,696 bytes free
Post-Run: 559,244,087,296 bytes free
.
- - End Of File - - B138522E79CFD3571573C897A63170D3
5C616939100B85E558DA92B899A0FC36
 

 

Thank you for your help

Bob L

Link to post
Share on other sites

Before we move on, let's see if we can fix your internet issues:

 

Run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

(Just run fixdamage.exe)

Afterwards, check your internet connection- does it work now?

Link to post
Share on other sites

Dear Mr Brown,

Tried it with hope in my heart but, alas,, still no DNS. I tried turning off all fire walls to no avail.

This all started when, while online, a warning box told me about a long running script. When it stopped so did my internet.

What now?

Link to post
Share on other sites

Hmm. Let's do some more digging:

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.