kalikidd05 Posted December 2, 2013 ID:759851 Share Posted December 2, 2013 Hi Expert, I suspect I am infected with alureon virus. My computer stops crashing that a dllhost / COM surrogate file keeps using up all my memory in the start up processes. I cannot permanently delete the process as it would restart again. My website also keeps redirecting itself and I cannot download some anti-virus programs - it says download blocked. I have tried to scan with various anti-viral programs like super anti-spyware, windows security essentials, malwarebytes anti-malware and have deleted temporary files through disk scan and etc but have only partially solved the problem. The dllhost / COM surrogate process is blocked (I believe by MAM, as occasionally I get pop ups saying that the program has blocked a process). However, my browser still gets redirected when I'm on google search. could you help me solve the problem? I have attached the two logs as specified. I am also unstalling mtorrent as we speak. Thanks for your help!attach.txtdds.txt Link to post Share on other sites More sharing options...
Psychotic Posted December 2, 2013 ID:759914 Share Posted December 2, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start ScanIf Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
Psychotic Posted December 2, 2013 ID:759973 Share Posted December 2, 2013 I need the information within this log to provide further assistance so please run the tool and post up the log, please. You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.The logs can be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Zip any and all of these logs and attach the file to your next reply. Link to post Share on other sites More sharing options...
kalikidd05 Posted December 2, 2013 Author ID:759991 Share Posted December 2, 2013 Hi Psychotic - to avoid confusion, the last reply was not from me. HTrueOLLC - would appreciate if you could start a new thread as the forum rule suggested to avoid confusion. Good luck!! I did the TDSSKiller scan as recommended. It told me no threat found after scanning 420 objects. I used default settings, with "loaded modules", "verify file digital signatures" and "detect TDLFS file system" left unchecked. Here is the log... 08:30:44.0601 0x1714 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:5008:30:49.0376 0x1714 ============================================================08:30:49.0376 0x1714 Current date / time: 2013/12/02 08:30:49.037608:30:49.0376 0x1714 SystemInfo:08:30:49.0376 0x1714 08:30:49.0376 0x1714 OS Version: 6.1.7601 ServicePack: 1.008:30:49.0376 0x1714 Product type: Workstation08:30:49.0376 0x1714 ComputerName: USER-PC08:30:49.0376 0x1714 UserName: user08:30:49.0376 0x1714 Windows directory: C:\Windows08:30:49.0376 0x1714 System windows directory: C:\Windows08:30:49.0376 0x1714 Running under WOW6408:30:49.0376 0x1714 Processor architecture: Intel x6408:30:49.0376 0x1714 Number of processors: 808:30:49.0376 0x1714 Page size: 0x100008:30:49.0376 0x1714 Boot type: Normal boot08:30:49.0376 0x1714 ============================================================08:30:51.0539 0x1714 KLMD registered as C:\Windows\system32\drivers\81525943.sys08:30:51.0707 0x1714 System UUID: {8DBC039D-2F24-E34B-E5AE-900B85E675CC}08:30:52.0207 0x1714 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004008:30:52.0212 0x1714 ============================================================08:30:52.0212 0x1714 \Device\Harddisk0\DR0:08:30:52.0212 0x1714 MBR partitions:08:30:52.0212 0x1714 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3180008:30:52.0212 0x1714 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73F4600008:30:52.0212 0x1714 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73F78800, BlocksNum 0x74E8F00008:30:52.0212 0x1714 ============================================================08:30:52.0233 0x1714 C: <-> \Device\Harddisk0\DR0\Partition208:30:52.0282 0x1714 D: <-> \Device\Harddisk0\DR0\Partition308:30:52.0282 0x1714 ============================================================08:30:52.0282 0x1714 Initialize success08:30:52.0282 0x1714 ============================================================08:31:42.0583 0x1328 ============================================================08:31:42.0583 0x1328 Scan started08:31:42.0583 0x1328 Mode: Manual; 08:31:42.0583 0x1328 ============================================================08:31:42.0583 0x1328 KSN ping started08:31:46.0073 0x1328 KSN ping finished: true08:31:48.0390 0x1328 ================ Scan system memory ========================08:31:48.0390 0x1328 System memory - ok08:31:48.0391 0x1328 ================ Scan services =============================08:31:48.0568 0x1328 [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE08:31:48.0572 0x1328 !SASCORE - ok08:31:49.0099 0x1328 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys08:31:49.0105 0x1328 1394ohci - ok08:31:49.0218 0x1328 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys08:31:49.0226 0x1328 ACPI - ok08:31:49.0269 0x1328 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys08:31:49.0269 0x1328 AcpiPmi - ok08:31:50.0888 0x1328 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe08:31:50.0990 0x1328 AdobeFlashPlayerUpdateSvc - ok08:31:51.0217 0x1328 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys08:31:51.0231 0x1328 adp94xx - ok08:31:51.0303 0x1328 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys08:31:51.0309 0x1328 adpahci - ok08:31:51.0491 0x1328 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys08:31:51.0497 0x1328 adpu320 - ok08:31:51.0524 0x1328 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll08:31:51.0526 0x1328 AeLookupSvc - ok08:31:51.0621 0x1328 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys08:31:51.0635 0x1328 AFD - ok08:31:51.0686 0x1328 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys08:31:51.0688 0x1328 agp440 - ok08:31:51.0708 0x1328 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe08:31:51.0710 0x1328 ALG - ok08:31:51.0737 0x1328 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys08:31:51.0738 0x1328 aliide - ok08:31:51.0781 0x1328 [ 3DC106C903C1BD42E2ACC3D5DEFF9367, 3FD5365BA40BEBFFCD2652EEE020F78B133739BB8818673D8B99C947BB952658 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe08:31:51.0785 0x1328 AMD External Events Utility - ok08:31:51.0798 0x1328 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys08:31:51.0799 0x1328 amdide - ok08:31:51.0898 0x1328 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys08:31:51.0901 0x1328 AmdK8 - ok08:31:52.0215 0x1328 [ BBAB5B28253FE0FC7255D8775BA05C1D, 99DA451DBAE4854D449D7342336E7C02718EACB393EE53B6BDB900A78B2A4DEE ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys08:31:52.0329 0x1328 amdkmdag - ok08:31:52.0459 0x1328 [ CBA35FF4092B91E105D93ED11A0250B6, F0BD1907DF278ED16810619FDCEB123A4C7D1186A45F560BE4D85927CD9C6D19 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys08:31:52.0463 0x1328 amdkmdap - ok08:31:52.0472 0x1328 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys08:31:52.0473 0x1328 AmdPPM - ok08:31:52.0517 0x1328 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys08:31:52.0520 0x1328 amdsata - ok08:31:52.0536 0x1328 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys08:31:52.0541 0x1328 amdsbs - ok08:31:52.0556 0x1328 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys08:31:52.0557 0x1328 amdxata - ok08:31:52.0589 0x1328 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys08:31:52.0590 0x1328 AppID - ok08:31:52.0606 0x1328 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll08:31:52.0607 0x1328 AppIDSvc - ok08:31:52.0653 0x1328 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll08:31:52.0655 0x1328 Appinfo - ok08:31:52.0672 0x1328 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys08:31:52.0674 0x1328 arc - ok08:31:52.0687 0x1328 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys08:31:52.0689 0x1328 arcsas - ok08:31:52.0726 0x1328 [ A82C01606DC27D05D9D3BFB6BB807E32, CE231637422709D927FB6FA0C4F2215B9C0E3EBBD951FB2FA97B8E64DA479B96 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys08:31:52.0726 0x1328 AsIO - ok08:31:52.0753 0x1328 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys08:31:52.0754 0x1328 AsyncMac - ok08:31:52.0761 0x1328 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys08:31:52.0762 0x1328 atapi - ok08:31:52.0798 0x1328 [ FDA1E117A7E880BFF5540D180C06EA87, 061A0AC1DBCF93D568C740BB18A5D76C7FFB1E86AE9339E046E6372EB8B93426 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys08:31:52.0800 0x1328 AtiHDAudioService - ok08:31:52.0867 0x1328 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll08:31:52.0877 0x1328 AudioEndpointBuilder - ok08:31:52.0892 0x1328 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll08:31:52.0902 0x1328 AudioSrv - ok08:31:52.0964 0x1328 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll08:31:52.0966 0x1328 AxInstSV - ok08:31:52.0995 0x1328 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys08:31:53.0002 0x1328 b06bdrv - ok08:31:53.0057 0x1328 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys08:31:53.0061 0x1328 b57nd60a - ok08:31:53.0162 0x1328 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll08:31:53.0164 0x1328 BDESVC - ok08:31:53.0176 0x1328 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys08:31:53.0176 0x1328 Beep - ok08:31:53.0295 0x1328 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll08:31:53.0305 0x1328 BFE - ok08:31:53.0330 0x1328 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll08:31:53.0344 0x1328 BITS - ok08:31:53.0376 0x1328 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys08:31:53.0377 0x1328 blbdrive - ok08:31:53.0458 0x1328 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe08:31:53.0465 0x1328 Bonjour Service - ok08:31:53.0518 0x1328 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys08:31:53.0519 0x1328 bowser - ok08:31:53.0522 0x1328 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys08:31:53.0523 0x1328 BrFiltLo - ok08:31:53.0575 0x1328 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys08:31:53.0576 0x1328 BrFiltUp - ok08:31:53.0625 0x1328 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll08:31:53.0627 0x1328 Browser - ok08:31:53.0727 0x1328 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys08:31:53.0732 0x1328 Brserid - ok08:31:53.0744 0x1328 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys08:31:53.0745 0x1328 BrSerWdm - ok08:31:53.0756 0x1328 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys08:31:53.0757 0x1328 BrUsbMdm - ok08:31:53.0759 0x1328 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys08:31:53.0760 0x1328 BrUsbSer - ok08:31:53.0774 0x1328 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys08:31:53.0775 0x1328 BTHMODEM - ok08:31:53.0789 0x1328 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll08:31:53.0790 0x1328 bthserv - ok08:31:53.0802 0x1328 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys08:31:53.0803 0x1328 cdfs - ok08:31:53.0858 0x1328 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys08:31:53.0861 0x1328 cdrom - ok08:31:53.0915 0x1328 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll08:31:53.0918 0x1328 CertPropSvc - ok08:31:53.0923 0x1328 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys08:31:53.0924 0x1328 circlass - ok08:31:53.0946 0x1328 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys08:31:53.0954 0x1328 CLFS - ok08:31:53.0995 0x1328 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:31:53.0997 0x1328 clr_optimization_v2.0.50727_32 - ok08:31:54.0032 0x1328 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe08:31:54.0035 0x1328 clr_optimization_v2.0.50727_64 - ok08:31:54.0112 0x1328 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe08:31:54.0115 0x1328 clr_optimization_v4.0.30319_32 - ok08:31:54.0141 0x1328 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe08:31:54.0143 0x1328 clr_optimization_v4.0.30319_64 - ok08:31:54.0146 0x1328 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys08:31:54.0146 0x1328 CmBatt - ok08:31:54.0161 0x1328 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys08:31:54.0161 0x1328 cmdide - ok08:31:54.0197 0x1328 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys08:31:54.0210 0x1328 CNG - ok08:31:54.0224 0x1328 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys08:31:54.0224 0x1328 Compbatt - ok08:31:54.0243 0x1328 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys08:31:54.0244 0x1328 CompositeBus - ok08:31:54.0245 0x1328 COMSysApp - ok08:31:54.0248 0x1328 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys08:31:54.0249 0x1328 crcdisk - ok08:31:54.0286 0x1328 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll08:31:54.0293 0x1328 CryptSvc - ok08:31:54.0368 0x1328 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll08:31:54.0383 0x1328 DcomLaunch - ok08:31:54.0412 0x1328 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll08:31:54.0421 0x1328 defragsvc - ok08:31:54.0477 0x1328 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys08:31:54.0480 0x1328 DfsC - ok08:31:54.0573 0x1328 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll08:31:54.0578 0x1328 Dhcp - ok08:31:54.0599 0x1328 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys08:31:54.0600 0x1328 discache - ok08:31:54.0656 0x1328 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys08:31:54.0657 0x1328 Disk - ok08:31:54.0708 0x1328 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll08:31:54.0711 0x1328 Dnscache - ok08:31:54.0746 0x1328 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll08:31:54.0750 0x1328 dot3svc - ok08:31:54.0811 0x1328 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll08:31:54.0814 0x1328 DPS - ok08:31:54.0979 0x1328 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys08:31:54.0984 0x1328 drmkaud - ok08:31:55.0542 0x1328 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys08:31:55.0556 0x1328 DXGKrnl - ok08:31:55.0754 0x1328 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll08:31:55.0756 0x1328 EapHost - ok08:31:56.0331 0x1328 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys08:31:56.0378 0x1328 ebdrv - ok08:31:56.0488 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe08:31:56.0489 0x1328 EFS - ok08:31:56.0584 0x1328 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe08:31:56.0594 0x1328 ehRecvr - ok08:31:56.0611 0x1328 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe08:31:56.0613 0x1328 ehSched - ok08:31:56.0637 0x1328 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys08:31:56.0644 0x1328 elxstor - ok08:31:56.0697 0x1328 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys08:31:56.0697 0x1328 ErrDev - ok08:31:56.0723 0x1328 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll08:31:56.0729 0x1328 EventSystem - ok08:31:56.0739 0x1328 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys08:31:56.0742 0x1328 exfat - ok08:31:56.0755 0x1328 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys08:31:56.0758 0x1328 fastfat - ok08:31:56.0817 0x1328 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe08:31:56.0834 0x1328 Fax - ok08:31:56.0847 0x1328 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys08:31:56.0848 0x1328 fdc - ok08:31:56.0877 0x1328 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll08:31:56.0878 0x1328 fdPHost - ok08:31:56.0891 0x1328 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll08:31:56.0893 0x1328 FDResPub - ok08:31:56.0928 0x1328 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys08:31:56.0929 0x1328 FileInfo - ok08:31:56.0942 0x1328 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys08:31:56.0943 0x1328 Filetrace - ok08:31:56.0959 0x1328 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys08:31:56.0960 0x1328 flpydisk - ok08:31:57.0008 0x1328 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys08:31:57.0012 0x1328 FltMgr - ok08:31:57.0141 0x1328 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll08:31:57.0166 0x1328 FontCache - ok08:31:57.0254 0x1328 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe08:31:57.0256 0x1328 FontCache3.0.0.0 - ok08:31:57.0290 0x1328 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys08:31:57.0292 0x1328 FsDepends - ok08:31:57.0353 0x1328 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys08:31:57.0353 0x1328 Fs_Rec - ok08:31:57.0444 0x1328 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys08:31:57.0450 0x1328 fvevol - ok08:31:57.0504 0x1328 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys08:31:57.0506 0x1328 gagp30kx - ok08:31:57.0589 0x1328 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll08:31:57.0607 0x1328 gpsvc - ok08:31:57.0706 0x1328 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe08:31:57.0710 0x1328 gupdate - ok08:31:57.0779 0x1328 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe08:31:57.0783 0x1328 gupdatem - ok08:31:57.0837 0x1328 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys08:31:57.0838 0x1328 hcw85cir - ok08:31:57.0926 0x1328 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys08:31:57.0936 0x1328 HdAudAddService - ok08:31:58.0000 0x1328 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys08:31:58.0003 0x1328 HDAudBus - ok08:31:58.0070 0x1328 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys08:31:58.0071 0x1328 HidBatt - ok08:31:58.0090 0x1328 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys08:31:58.0093 0x1328 HidBth - ok08:31:58.0112 0x1328 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys08:31:58.0113 0x1328 HidIr - ok08:31:58.0130 0x1328 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll08:31:58.0132 0x1328 hidserv - ok08:31:58.0172 0x1328 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys08:31:58.0173 0x1328 HidUsb - ok08:31:58.0230 0x1328 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll08:31:58.0234 0x1328 hkmsvc - ok08:31:58.0315 0x1328 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll08:31:58.0322 0x1328 HomeGroupListener - ok08:31:58.0348 0x1328 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll08:31:58.0354 0x1328 HomeGroupProvider - ok08:31:58.0378 0x1328 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys08:31:58.0380 0x1328 HpSAMD - ok08:31:58.0482 0x1328 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys08:31:58.0503 0x1328 HTTP - ok08:31:58.0546 0x1328 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys08:31:58.0547 0x1328 hwpolicy - ok08:31:58.0578 0x1328 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys08:31:58.0581 0x1328 i8042prt - ok08:31:58.0602 0x1328 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys08:31:58.0608 0x1328 iaStorV - ok08:31:58.0653 0x1328 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe08:31:58.0665 0x1328 idsvc - ok08:31:58.0682 0x1328 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys08:31:58.0682 0x1328 iirsp - ok08:31:58.0759 0x1328 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll08:31:58.0779 0x1328 IKEEXT - ok08:31:58.0852 0x1328 [ D42D651676883181400E22957A7E0B1E, 56AA20FFEA6DBF69244707621A7967E3EFAE3874072DA65C0B6165BC9C4CF7BB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys08:31:58.0877 0x1328 IntcAzAudAddService - ok08:31:58.0889 0x1328 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys08:31:58.0889 0x1328 intelide - ok08:31:58.0901 0x1328 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys08:31:58.0902 0x1328 intelppm - ok08:31:58.0915 0x1328 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll08:31:58.0917 0x1328 IPBusEnum - ok08:31:58.0948 0x1328 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys08:31:58.0949 0x1328 IpFilterDriver - ok08:31:59.0173 0x1328 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll08:31:59.0183 0x1328 iphlpsvc - ok08:31:59.0205 0x1328 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys08:31:59.0207 0x1328 IPMIDRV - ok08:31:59.0241 0x1328 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys08:31:59.0243 0x1328 IPNAT - ok08:31:59.0277 0x1328 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys08:31:59.0278 0x1328 IRENUM - ok08:31:59.0309 0x1328 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys08:31:59.0310 0x1328 isapnp - ok08:31:59.0369 0x1328 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys08:31:59.0377 0x1328 iScsiPrt - ok08:31:59.0439 0x1328 [ AEF3A925CAC519CC6A9A48E9BDCA1AE3, 0F78B14BF4FAE4C2F7A880E9471E5E661E5351BC2A91A4D1DC653AAF9924221D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys08:31:59.0442 0x1328 JRAID - ok08:31:59.0480 0x1328 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys08:31:59.0482 0x1328 kbdclass - ok08:31:59.0518 0x1328 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys08:31:59.0519 0x1328 kbdhid - ok08:31:59.0550 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe08:31:59.0552 0x1328 KeyIso - ok08:31:59.0613 0x1328 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys08:31:59.0616 0x1328 KSecDD - ok08:31:59.0671 0x1328 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys08:31:59.0674 0x1328 KSecPkg - ok08:31:59.0731 0x1328 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys08:31:59.0732 0x1328 ksthunk - ok08:31:59.0772 0x1328 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll08:31:59.0781 0x1328 KtmRm - ok08:31:59.0841 0x1328 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll08:31:59.0849 0x1328 LanmanServer - ok08:31:59.0895 0x1328 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll08:31:59.0900 0x1328 LanmanWorkstation - ok08:31:59.0916 0x1328 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys08:31:59.0918 0x1328 lltdio - ok08:31:59.0947 0x1328 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll08:31:59.0952 0x1328 lltdsvc - ok08:31:59.0963 0x1328 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll08:31:59.0964 0x1328 lmhosts - ok08:31:59.0988 0x1328 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys08:31:59.0990 0x1328 LSI_FC - ok08:32:00.0004 0x1328 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys08:32:00.0006 0x1328 LSI_SAS - ok08:32:00.0016 0x1328 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys08:32:00.0017 0x1328 LSI_SAS2 - ok08:32:00.0025 0x1328 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys08:32:00.0027 0x1328 LSI_SCSI - ok08:32:00.0043 0x1328 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys08:32:00.0045 0x1328 luafv - ok08:32:00.0323 0x1328 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys08:32:00.0325 0x1328 MBAMProtector - ok08:32:00.0353 0x1328 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe08:32:00.0365 0x1328 MBAMScheduler - ok08:32:00.0406 0x1328 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe08:32:00.0426 0x1328 MBAMService - ok08:32:00.0458 0x1328 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll08:32:00.0460 0x1328 Mcx2Svc - ok08:32:00.0468 0x1328 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys08:32:00.0469 0x1328 megasas - ok08:32:00.0492 0x1328 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys08:32:00.0498 0x1328 MegaSR - ok08:32:00.0567 0x1328 Microsoft SharePoint Workspace Audit Service - ok08:32:00.0589 0x1328 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll08:32:00.0592 0x1328 MMCSS - ok08:32:00.0604 0x1328 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys08:32:00.0605 0x1328 Modem - ok08:32:00.0620 0x1328 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys08:32:00.0621 0x1328 monitor - ok08:32:00.0669 0x1328 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys08:32:00.0670 0x1328 mouclass - ok08:32:00.0679 0x1328 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys08:32:00.0680 0x1328 mouhid - ok08:32:00.0721 0x1328 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys08:32:00.0722 0x1328 mountmgr - ok08:32:00.0810 0x1328 [ 46297FA8E30A6007F14118FC2B942FBC, 40785B7121DBFA411EA922ECF6008BA4A94BC742662E271BFD6B31288ECC1BA4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe08:32:00.0812 0x1328 MozillaMaintenance - ok08:32:00.0866 0x1328 [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys08:32:00.0873 0x1328 MpFilter - ok08:32:00.0903 0x1328 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys08:32:00.0907 0x1328 mpio - ok08:32:00.0927 0x1328 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys08:32:00.0929 0x1328 mpsdrv - ok08:32:01.0068 0x1328 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll08:32:01.0091 0x1328 MpsSvc - ok08:32:01.0176 0x1328 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys08:32:01.0180 0x1328 MRxDAV - ok08:32:01.0228 0x1328 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys08:32:01.0230 0x1328 mrxsmb - ok08:32:01.0296 0x1328 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys08:32:01.0303 0x1328 mrxsmb10 - ok08:32:01.0329 0x1328 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys08:32:01.0332 0x1328 mrxsmb20 - ok08:32:01.0368 0x1328 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys08:32:01.0369 0x1328 msahci - ok08:32:01.0386 0x1328 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys08:32:01.0390 0x1328 msdsm - ok08:32:01.0407 0x1328 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe08:32:01.0411 0x1328 MSDTC - ok08:32:01.0438 0x1328 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys08:32:01.0439 0x1328 Msfs - ok08:32:01.0468 0x1328 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys08:32:01.0469 0x1328 mshidkmdf - ok08:32:01.0537 0x1328 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys08:32:01.0538 0x1328 msisadrv - ok08:32:01.0622 0x1328 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll08:32:01.0627 0x1328 MSiSCSI - ok08:32:01.0630 0x1328 msiserver - ok08:32:01.0656 0x1328 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys08:32:01.0657 0x1328 MSKSSRV - ok08:32:01.0704 0x1328 [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe08:32:01.0705 0x1328 MsMpSvc - ok08:32:01.0717 0x1328 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys08:32:01.0718 0x1328 MSPCLOCK - ok08:32:01.0721 0x1328 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys08:32:01.0722 0x1328 MSPQM - ok08:32:01.0769 0x1328 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys08:32:01.0780 0x1328 MsRPC - ok08:32:01.0795 0x1328 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys08:32:01.0795 0x1328 mssmbios - ok08:32:01.0798 0x1328 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys08:32:01.0798 0x1328 MSTEE - ok08:32:01.0806 0x1328 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys08:32:01.0806 0x1328 MTConfig - ok08:32:01.0835 0x1328 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys08:32:01.0835 0x1328 MTsensor - ok Link to post Share on other sites More sharing options...
kalikidd05 Posted December 2, 2013 Author ID:759992 Share Posted December 2, 2013 08:32:01.0852 0x1328 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys08:32:01.0854 0x1328 Mup - ok08:32:01.0931 0x1328 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll08:32:01.0946 0x1328 napagent - ok08:32:01.0980 0x1328 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys08:32:01.0989 0x1328 NativeWifiP - ok08:32:02.0064 0x1328 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys08:32:02.0084 0x1328 NDIS - ok08:32:02.0111 0x1328 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys08:32:02.0112 0x1328 NdisCap - ok08:32:02.0128 0x1328 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys08:32:02.0128 0x1328 NdisTapi - ok08:32:02.0165 0x1328 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys08:32:02.0167 0x1328 Ndisuio - ok08:32:02.0208 0x1328 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys08:32:02.0213 0x1328 NdisWan - ok08:32:02.0239 0x1328 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys08:32:02.0241 0x1328 NDProxy - ok08:32:02.0262 0x1328 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys08:32:02.0264 0x1328 NetBIOS - ok08:32:02.0310 0x1328 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys08:32:02.0317 0x1328 NetBT - ok08:32:02.0326 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe08:32:02.0328 0x1328 Netlogon - ok08:32:02.0363 0x1328 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll08:32:02.0372 0x1328 Netman - ok08:32:02.0394 0x1328 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll08:32:02.0401 0x1328 netprofm - ok08:32:02.0422 0x1328 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe08:32:02.0424 0x1328 NetTcpPortSharing - ok08:32:02.0446 0x1328 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys08:32:02.0447 0x1328 nfrd960 - ok08:32:02.0490 0x1328 [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys08:32:02.0492 0x1328 NisDrv - ok08:32:02.0538 0x1328 [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe08:32:02.0548 0x1328 NisSrv - ok08:32:02.0611 0x1328 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll08:32:02.0621 0x1328 NlaSvc - ok08:32:02.0628 0x1328 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys08:32:02.0630 0x1328 Npfs - ok08:32:02.0637 0x1328 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll08:32:02.0639 0x1328 nsi - ok08:32:02.0650 0x1328 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys08:32:02.0651 0x1328 nsiproxy - ok08:32:02.0767 0x1328 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys08:32:02.0793 0x1328 Ntfs - ok08:32:02.0807 0x1328 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys08:32:02.0808 0x1328 Null - ok08:32:02.0841 0x1328 [ E20ABD5B229760158F753CA90B97E090, 9970A8ECFA13647B4F2032CB3C21C48458B5ED137254E3FB9C9B93E4A0EBD709 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys08:32:02.0845 0x1328 NVHDA - ok08:32:03.0214 0x1328 [ 50812C24349A0E0E3AED5A71482CFFE5, BD25B25AF06E6FF0A88635BFAE9B20E154F7111C85CD95F2C809BF5AF6F1CDFD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys08:32:03.0399 0x1328 nvlddmkm - ok08:32:03.0462 0x1328 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys08:32:03.0467 0x1328 nvraid - ok08:32:03.0485 0x1328 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys08:32:03.0489 0x1328 nvstor - ok08:32:03.0505 0x1328 [ 1B3524DF1C5977122D09F531ED98D0B3, 4B7936E239CD784597CDACFBA716DAB4A65C67759FA8AB281CC34E44342D040F ] nvsvc C:\Windows\system32\nvvsvc.exe08:32:03.0508 0x1328 nvsvc - ok08:32:03.0529 0x1328 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys08:32:03.0531 0x1328 nv_agp - ok08:32:03.0567 0x1328 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys08:32:03.0569 0x1328 ohci1394 - ok08:32:03.0614 0x1328 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:32:03.0617 0x1328 ose - ok08:32:03.0793 0x1328 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE08:32:03.0863 0x1328 osppsvc - ok08:32:03.0892 0x1328 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll08:32:03.0898 0x1328 p2pimsvc - ok08:32:03.0918 0x1328 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll08:32:03.0925 0x1328 p2psvc - ok08:32:03.0937 0x1328 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys08:32:03.0938 0x1328 Parport - ok08:32:03.0974 0x1328 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys08:32:03.0977 0x1328 partmgr - ok08:32:03.0996 0x1328 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll08:32:04.0003 0x1328 PcaSvc - ok08:32:04.0022 0x1328 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys08:32:04.0028 0x1328 pci - ok08:32:04.0058 0x1328 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys08:32:04.0059 0x1328 pciide - ok08:32:04.0093 0x1328 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys08:32:04.0099 0x1328 pcmcia - ok08:32:04.0116 0x1328 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys08:32:04.0118 0x1328 pcw - ok08:32:04.0141 0x1328 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys08:32:04.0152 0x1328 PEAUTH - ok08:32:04.0208 0x1328 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe08:32:04.0210 0x1328 PerfHost - ok08:32:04.0317 0x1328 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll08:32:04.0342 0x1328 pla - ok08:32:04.0407 0x1328 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll08:32:04.0420 0x1328 PlugPlay - ok08:32:04.0567 0x1328 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll08:32:04.0569 0x1328 PNRPAutoReg - ok08:32:04.0613 0x1328 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll08:32:04.0623 0x1328 PNRPsvc - ok08:32:04.0648 0x1328 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll08:32:04.0655 0x1328 PolicyAgent - ok08:32:04.0684 0x1328 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll08:32:04.0688 0x1328 Power - ok08:32:04.0759 0x1328 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys08:32:04.0763 0x1328 PptpMiniport - ok08:32:04.0781 0x1328 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys08:32:04.0783 0x1328 Processor - ok08:32:04.0836 0x1328 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll08:32:04.0842 0x1328 ProfSvc - ok08:32:04.0849 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe08:32:04.0850 0x1328 ProtectedStorage - ok08:32:04.0892 0x1328 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys08:32:04.0895 0x1328 Psched - ok08:32:04.0946 0x1328 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys08:32:04.0968 0x1328 ql2300 - ok08:32:04.0986 0x1328 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys08:32:04.0988 0x1328 ql40xx - ok08:32:05.0056 0x1328 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll08:32:05.0064 0x1328 QWAVE - ok08:32:05.0085 0x1328 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys08:32:05.0086 0x1328 QWAVEdrv - ok08:32:05.0099 0x1328 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys08:32:05.0100 0x1328 RasAcd - ok08:32:05.0144 0x1328 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys08:32:05.0146 0x1328 RasAgileVpn - ok08:32:05.0177 0x1328 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll08:32:05.0181 0x1328 RasAuto - ok08:32:05.0223 0x1328 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys08:32:05.0227 0x1328 Rasl2tp - ok08:32:05.0280 0x1328 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll08:32:05.0291 0x1328 RasMan - ok08:32:05.0307 0x1328 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys08:32:05.0310 0x1328 RasPppoe - ok08:32:05.0341 0x1328 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys08:32:05.0344 0x1328 RasSstp - ok08:32:05.0381 0x1328 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys08:32:05.0390 0x1328 rdbss - ok08:32:05.0408 0x1328 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys08:32:05.0409 0x1328 rdpbus - ok08:32:05.0423 0x1328 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys08:32:05.0424 0x1328 RDPCDD - ok08:32:05.0434 0x1328 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys08:32:05.0434 0x1328 RDPENCDD - ok08:32:05.0451 0x1328 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys08:32:05.0452 0x1328 RDPREFMP - ok08:32:05.0492 0x1328 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys08:32:05.0496 0x1328 RDPWD - ok08:32:05.0536 0x1328 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys08:32:05.0539 0x1328 rdyboost - ok08:32:05.0565 0x1328 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll08:32:05.0567 0x1328 RemoteAccess - ok08:32:05.0582 0x1328 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll08:32:05.0585 0x1328 RemoteRegistry - ok08:32:05.0598 0x1328 [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys08:32:05.0599 0x1328 RimUsb - ok08:32:05.0614 0x1328 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll08:32:05.0616 0x1328 RpcEptMapper - ok08:32:05.0621 0x1328 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe08:32:05.0621 0x1328 RpcLocator - ok08:32:05.0677 0x1328 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll08:32:05.0691 0x1328 RpcSs - ok08:32:05.0700 0x1328 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys08:32:05.0702 0x1328 rspndr - ok08:32:05.0732 0x1328 [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys08:32:05.0735 0x1328 RTL8167 - ok08:32:05.0823 0x1328 [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys08:32:05.0836 0x1328 RTL8192su - ok08:32:05.0845 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe08:32:05.0846 0x1328 SamSs - ok08:32:05.0881 0x1328 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS08:32:05.0882 0x1328 SASDIFSV - ok08:32:05.0885 0x1328 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS08:32:05.0885 0x1328 SASKUTIL - ok08:32:05.0921 0x1328 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys08:32:05.0924 0x1328 sbp2port - ok08:32:05.0948 0x1328 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll08:32:05.0955 0x1328 SCardSvr - ok08:32:05.0993 0x1328 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys08:32:05.0994 0x1328 scfilter - ok08:32:06.0067 0x1328 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll08:32:06.0092 0x1328 Schedule - ok08:32:06.0141 0x1328 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll08:32:06.0143 0x1328 SCPolicySvc - ok08:32:06.0156 0x1328 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll08:32:06.0161 0x1328 SDRSVC - ok08:32:06.0179 0x1328 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys08:32:06.0179 0x1328 secdrv - ok08:32:06.0227 0x1328 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll08:32:06.0229 0x1328 seclogon - ok08:32:06.0304 0x1328 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll08:32:06.0308 0x1328 SENS - ok08:32:06.0366 0x1328 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll08:32:06.0369 0x1328 SensrSvc - ok08:32:06.0388 0x1328 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys08:32:06.0389 0x1328 Serenum - ok08:32:06.0423 0x1328 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys08:32:06.0427 0x1328 Serial - ok08:32:06.0436 0x1328 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys08:32:06.0437 0x1328 sermouse - ok08:32:06.0485 0x1328 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll08:32:06.0490 0x1328 SessionEnv - ok08:32:06.0526 0x1328 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys08:32:06.0526 0x1328 sffdisk - ok08:32:06.0539 0x1328 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys08:32:06.0540 0x1328 sffp_mmc - ok08:32:06.0551 0x1328 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys08:32:06.0551 0x1328 sffp_sd - ok08:32:06.0565 0x1328 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys08:32:06.0566 0x1328 sfloppy - ok08:32:06.0604 0x1328 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll08:32:06.0615 0x1328 SharedAccess - ok08:32:06.0683 0x1328 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll08:32:06.0694 0x1328 ShellHWDetection - ok08:32:06.0788 0x1328 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys08:32:06.0789 0x1328 SiSRaid2 - ok08:32:06.0845 0x1328 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys08:32:06.0848 0x1328 SiSRaid4 - ok08:32:06.0936 0x1328 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe08:32:06.0938 0x1328 SkypeUpdate - ok08:32:06.0955 0x1328 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys08:32:06.0957 0x1328 Smb - ok08:32:06.0981 0x1328 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe08:32:06.0983 0x1328 SNMPTRAP - ok08:32:07.0042 0x1328 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys08:32:07.0043 0x1328 spldr - ok08:32:07.0137 0x1328 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe08:32:07.0151 0x1328 Spooler - ok08:32:07.0327 0x1328 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe08:32:07.0377 0x1328 sppsvc - ok08:32:07.0402 0x1328 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll08:32:07.0404 0x1328 sppuinotify - ok08:32:07.0480 0x1328 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys08:32:07.0490 0x1328 srv - ok08:32:07.0573 0x1328 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys08:32:07.0585 0x1328 srv2 - ok08:32:07.0600 0x1328 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys08:32:07.0603 0x1328 srvnet - ok08:32:07.0628 0x1328 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll08:32:07.0633 0x1328 SSDPSRV - ok08:32:07.0655 0x1328 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll08:32:07.0657 0x1328 SstpSvc - ok08:32:07.0710 0x1328 Steam Client Service - ok08:32:07.0808 0x1328 [ 108F1BE5B024E5FA0B8801E5B9F5288B, 743C604D8AFF79FD5ED946713EA147EA478CB55D79FD21FD2C137FC985E7E52A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe08:32:07.0815 0x1328 Stereo Service - ok08:32:07.0826 0x1328 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys08:32:07.0827 0x1328 stexstor - ok08:32:07.0910 0x1328 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll08:32:07.0928 0x1328 stisvc - ok08:32:07.0979 0x1328 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys08:32:07.0980 0x1328 swenum - ok08:32:08.0066 0x1328 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll08:32:08.0081 0x1328 swprv - ok08:32:08.0171 0x1328 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll08:32:08.0197 0x1328 SysMain - ok08:32:08.0284 0x1328 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll08:32:08.0288 0x1328 TabletInputService - ok08:32:08.0355 0x1328 [ FA08663E58C3B856CD9A83F3279337FE, D7479595189AF6869C8791003001C90E23C0BD457CB453C2EE2E8ADFA87FDB2F ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys08:32:08.0356 0x1328 taphss6 - ok08:32:08.0401 0x1328 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll08:32:08.0409 0x1328 TapiSrv - ok08:32:08.0426 0x1328 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll08:32:08.0429 0x1328 TBS - ok08:32:08.0524 0x1328 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys08:32:08.0552 0x1328 Tcpip - ok08:32:08.0628 0x1328 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys08:32:08.0655 0x1328 TCPIP6 - ok08:32:08.0693 0x1328 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys08:32:08.0694 0x1328 tcpipreg - ok08:32:08.0706 0x1328 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys08:32:08.0706 0x1328 TDPIPE - ok08:32:08.0756 0x1328 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys08:32:08.0757 0x1328 TDTCP - ok08:32:08.0837 0x1328 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys08:32:08.0840 0x1328 tdx - ok08:32:08.0848 0x1328 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys08:32:08.0851 0x1328 TermDD - ok08:32:08.0880 0x1328 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll08:32:08.0894 0x1328 TermService - ok08:32:08.0909 0x1328 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll08:32:08.0911 0x1328 Themes - ok08:32:08.0929 0x1328 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll08:32:08.0930 0x1328 THREADORDER - ok08:32:08.0944 0x1328 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll08:32:08.0946 0x1328 TrkWks - ok08:32:09.0028 0x1328 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe08:32:09.0032 0x1328 TrustedInstaller - ok08:32:09.0063 0x1328 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys08:32:09.0065 0x1328 tssecsrv - ok08:32:09.0086 0x1328 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys08:32:09.0087 0x1328 TsUsbFlt - ok08:32:09.0155 0x1328 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys08:32:09.0159 0x1328 tunnel - ok08:32:09.0173 0x1328 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys08:32:09.0175 0x1328 uagp35 - ok08:32:09.0205 0x1328 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys08:32:09.0210 0x1328 udfs - ok08:32:09.0237 0x1328 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe08:32:09.0239 0x1328 UI0Detect - ok08:32:09.0270 0x1328 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys08:32:09.0271 0x1328 uliagpkx - ok08:32:09.0315 0x1328 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys08:32:09.0316 0x1328 umbus - ok08:32:09.0328 0x1328 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys08:32:09.0329 0x1328 UmPass - ok08:32:09.0348 0x1328 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll08:32:09.0356 0x1328 upnphost - ok08:32:09.0417 0x1328 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys08:32:09.0420 0x1328 usbaudio - ok08:32:09.0481 0x1328 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys08:32:09.0485 0x1328 usbccgp - ok08:32:09.0512 0x1328 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys08:32:09.0515 0x1328 usbcir - ok08:32:09.0535 0x1328 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys08:32:09.0537 0x1328 usbehci - ok08:32:09.0563 0x1328 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys08:32:09.0573 0x1328 usbhub - ok08:32:09.0587 0x1328 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\Windows\system32\drivers\usbohci.sys08:32:09.0588 0x1328 usbohci - ok08:32:09.0599 0x1328 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys08:32:09.0600 0x1328 usbprint - ok08:32:09.0615 0x1328 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS08:32:09.0616 0x1328 USBSTOR - ok08:32:09.0623 0x1328 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys08:32:09.0624 0x1328 usbuhci - ok08:32:09.0642 0x1328 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys08:32:09.0645 0x1328 usbvideo - ok08:32:09.0659 0x1328 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll08:32:09.0661 0x1328 UxSms - ok08:32:09.0670 0x1328 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe08:32:09.0672 0x1328 VaultSvc - ok08:32:09.0685 0x1328 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys08:32:09.0685 0x1328 vdrvroot - ok08:32:09.0715 0x1328 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe08:32:09.0724 0x1328 vds - ok08:32:09.0744 0x1328 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys08:32:09.0744 0x1328 vga - ok08:32:09.0762 0x1328 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys08:32:09.0764 0x1328 VgaSave - ok08:32:09.0784 0x1328 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys08:32:09.0790 0x1328 vhdmp - ok08:32:09.0805 0x1328 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys08:32:09.0806 0x1328 viaide - ok08:32:09.0822 0x1328 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys08:32:09.0823 0x1328 volmgr - ok08:32:09.0879 0x1328 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys08:32:09.0887 0x1328 volmgrx - ok08:32:09.0910 0x1328 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys08:32:09.0916 0x1328 volsnap - ok08:32:09.0938 0x1328 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys08:32:09.0941 0x1328 vsmraid - ok08:32:10.0026 0x1328 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe08:32:10.0051 0x1328 VSS - ok08:32:10.0067 0x1328 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys08:32:10.0067 0x1328 vwifibus - ok08:32:10.0075 0x1328 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys08:32:10.0076 0x1328 vwififlt - ok08:32:10.0095 0x1328 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys08:32:10.0096 0x1328 vwifimp - ok08:32:10.0108 0x1328 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll08:32:10.0115 0x1328 W32Time - ok08:32:10.0132 0x1328 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys08:32:10.0133 0x1328 WacomPen - ok08:32:10.0157 0x1328 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys08:32:10.0159 0x1328 WANARP - ok08:32:10.0166 0x1328 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys08:32:10.0168 0x1328 Wanarpv6 - ok08:32:10.0288 0x1328 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe08:32:10.0309 0x1328 WatAdminSvc - ok08:32:10.0396 0x1328 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe08:32:10.0419 0x1328 wbengine - ok08:32:10.0441 0x1328 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll08:32:10.0445 0x1328 WbioSrvc - ok08:32:10.0499 0x1328 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll08:32:10.0510 0x1328 wcncsvc - ok08:32:10.0517 0x1328 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll08:32:10.0519 0x1328 WcsPlugInService - ok08:32:10.0529 0x1328 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys08:32:10.0529 0x1328 Wd - ok08:32:10.0605 0x1328 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys08:32:10.0618 0x1328 Wdf01000 - ok08:32:10.0633 0x1328 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll08:32:10.0635 0x1328 WdiServiceHost - ok08:32:10.0639 0x1328 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll08:32:10.0641 0x1328 WdiSystemHost - ok08:32:10.0689 0x1328 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll08:32:10.0694 0x1328 WebClient - ok08:32:10.0701 0x1328 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll08:32:10.0705 0x1328 Wecsvc - ok08:32:10.0716 0x1328 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll08:32:10.0719 0x1328 wercplsupport - ok08:32:10.0738 0x1328 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll08:32:10.0740 0x1328 WerSvc - ok08:32:10.0749 0x1328 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys08:32:10.0750 0x1328 WfpLwf - ok08:32:10.0757 0x1328 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys08:32:10.0758 0x1328 WIMMount - ok08:32:10.0784 0x1328 WinDefend - ok08:32:10.0801 0x1328 WinHttpAutoProxySvc - ok08:32:10.0850 0x1328 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll08:32:10.0857 0x1328 Winmgmt - ok08:32:10.0963 0x1328 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll08:32:10.0993 0x1328 WinRM - ok08:32:11.0063 0x1328 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys08:32:11.0064 0x1328 WinUsb - ok08:32:11.0120 0x1328 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll08:32:11.0143 0x1328 Wlansvc - ok08:32:11.0161 0x1328 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys08:32:11.0162 0x1328 WmiAcpi - ok08:32:11.0185 0x1328 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe08:32:11.0188 0x1328 wmiApSrv - ok08:32:11.0198 0x1328 WMPNetworkSvc - ok08:32:11.0207 0x1328 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll08:32:11.0209 0x1328 WPCSvc - ok08:32:11.0242 0x1328 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll08:32:11.0245 0x1328 WPDBusEnum - ok08:32:11.0257 0x1328 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys08:32:11.0258 0x1328 ws2ifsl - ok08:32:11.0267 0x1328 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll08:32:11.0269 0x1328 wscsvc - ok08:32:11.0271 0x1328 WSearch - ok08:32:11.0370 0x1328 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll08:32:11.0406 0x1328 wuauserv - ok08:32:11.0442 0x1328 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys08:32:11.0444 0x1328 WudfPf - ok08:32:11.0453 0x1328 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys08:32:11.0456 0x1328 WUDFRd - ok08:32:11.0491 0x1328 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll08:32:11.0493 0x1328 wudfsvc - ok08:32:11.0524 0x1328 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll08:32:11.0528 0x1328 WwanSvc - ok08:32:11.0567 0x1328 [ C53A0A55ADF8E41DCB766D667AC59CF9, DECA4221A283BEB00E3066C9E3A1FBDBB3F5C3010206F076A29335A9AA029AF9 ] wyuppnst C:\Windows\system32\drivers\wyuppnst.sys08:32:11.0569 0x1328 wyuppnst - ok08:32:11.0590 0x1328 ================ Scan global ===============================08:32:11.0627 0x1328 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll08:32:11.0679 0x1328 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll08:32:11.0696 0x1328 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll08:32:11.0731 0x1328 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll08:32:11.0770 0x1328 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe08:32:11.0778 0x1328 [ Global ] - ok08:32:11.0778 0x1328 ================ Scan MBR ==================================08:32:11.0789 0x1328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR008:32:12.0066 0x1328 \Device\Harddisk0\DR0 - ok08:32:12.0066 0x1328 ================ Scan VBR ==================================08:32:12.0073 0x1328 [ F04FEF92863B0051FE5BB31C9A986890 ] \Device\Harddisk0\DR0\Partition108:32:12.0074 0x1328 \Device\Harddisk0\DR0\Partition1 - ok08:32:12.0082 0x1328 [ 877AE649E7830417460821CC9C893577 ] \Device\Harddisk0\DR0\Partition208:32:12.0084 0x1328 \Device\Harddisk0\DR0\Partition2 - ok08:32:12.0106 0x1328 [ 451E47CA7E19B4753FC25C3700C8559D ] \Device\Harddisk0\DR0\Partition308:32:12.0107 0x1328 \Device\Harddisk0\DR0\Partition3 - ok08:32:12.0108 0x1328 Waiting for KSN requests completion. In queue: 34708:32:13.0108 0x1328 Waiting for KSN requests completion. In queue: 34708:32:14.0108 0x1328 Waiting for KSN requests completion. In queue: 3908:32:15.0126 0x1328 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )08:32:15.0131 0x1328 Win FW state via NFP2: enabled08:32:18.0480 0x1328 ============================================================08:32:18.0480 0x1328 Scan finished08:32:18.0480 0x1328 ============================================================08:32:18.0487 0x05a0 Detected object count: 008:32:18.0487 0x05a0 Actual detected object count: 008:32:24.0820 0x08e4 Deinitialize success Link to post Share on other sites More sharing options...
Psychotic Posted December 3, 2013 ID:760281 Share Posted December 3, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
kalikidd05 Posted December 3, 2013 Author ID:760391 Share Posted December 3, 2013 I ran combofix and here is the log. Don't know whether it's important but I forgot to disable windows security essentials. Combofix detected it and prompted to disable WSE. I uninstalled WSE and continued with combofixComboFix 13-12-01.01 - user 12/03/2013 7:54.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9697 [GMT -8:00]Running from: c:\users\user\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}. ADS - Windows: deleted 0 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\FlashPlayerApp.exe..((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))..2013-12-03 16:00 . 2013-12-03 16:00 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-12-03 16:00 . 2013-12-03 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-03 11:09 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-12-01 22:31 . 2013-12-01 22:31 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\programdata\Malwarebytes2013-12-01 22:30 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-01 22:30 . 2013-12-01 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\users\user\AppData\Local\Programs2013-11-29 00:08 . 2013-11-29 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware2013-11-29 00:08 . 2013-11-29 00:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2013-11-28 19:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-28 19:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-28 19:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-28 19:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-28 19:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-28 19:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-28 19:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-28 17:56 . 2013-11-28 17:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com2013-11-28 00:34 . 2013-11-28 00:34 -------- d-----w- C:\4c2b1ca437fcbd7b19a4dea2452013-11-27 20:59 . 2013-12-01 22:37 -------- d-----w- c:\users\user\AppData\Local\LzduPack2013-11-18 01:28 . 2013-11-18 01:28 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia2013-11-14 03:57 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-14 03:57 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-14 03:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-14 03:57 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-14 03:57 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-14 03:57 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-14 03:57 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-13 20:54 . 2013-11-13 20:54 -------- d-----w- c:\programdata\McAfee2013-11-07 20:08 . 2013-11-08 19:58 -------- d-----w- c:\users\user\AppData\Roaming\rpvoip2013-11-07 20:08 . 2013-11-07 20:08 -------- d-----w- c:\users\user\AppData\Roaming\Reservationless-Plus VoIP2013-11-07 17:50 . 2013-11-07 17:50 -------- d-----w- c:\users\user\AppData\Roaming\GMATPrep2013-11-04 01:26 . 2013-11-04 01:26 -------- d-----w- C:\6915ab90234b225ce0e12013-11-04 00:31 . 2013-11-04 00:31 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-11-04 00:16 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll2013-11-04 00:16 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll2013-11-04 00:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll2013-11-04 00:16 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-11-04 00:16 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll2013-11-04 00:16 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-11-04 00:16 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-11-04 00:16 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-11-04 00:14 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-11-04 00:13 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2013-11-04 00:13 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-11-04 00:13 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-11-04 00:12 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-19 10:21 . 2010-10-26 07:35 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-14 11:04 . 2010-12-29 00:07 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-04 02:00 . 2011-07-09 01:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-24 1597864]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 6604568].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-22 296096]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - NisDrv.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-27 07:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 02:00].2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000Core.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29].2013-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000UA.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29].2013-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3048ae8f-db2d-479d-8057-c0792f8d0c12.job- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55].2013-12-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a964d1fe-cd7e-4152-a303-6725ea71ffa7.job- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>uInternet Settings,ProxyServer = http=127.0.0.1:8555IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: pps.tvTrusted Zone: ppstream.comTrusted Zone: webscache.comTCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgsf5sw1.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - ExtSQL: !HIDDEN! 2010-01-17 05:54; vmoncfsezb@vmoncfsezb.org; c:\users\user\Application Data\Mozilla\Firefox\Profiles\jgsf5sw1.default\extensions\vmoncfsezb@vmoncfsezb.org.xpi.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exeWow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exeWow6432Node-HKCU-Run-LzduPack Update - c:\users\user\AppData\Local\LzduPack\res1.dllSafeBoot-29742043.sysSafeBoot-47953678.sysHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dllWebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-03 08:02:03ComboFix-quarantined-files.txt 2013-12-03 16:02.Pre-Run: 247,626,338,304 bytes freePost-Run: 249,121,144,832 bytes free.- - End Of File - - EC31AAF35C3498D7394AD5FC37C7C3DFA36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Psychotic Posted December 5, 2013 ID:760964 Share Posted December 5, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes AntimalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. CFScript.txt Link to post Share on other sites More sharing options...
kalikidd05 Posted December 5, 2013 Author ID:761030 Share Posted December 5, 2013 I did what you recommended and after dropping the CFscript.txt file into combofix.exe, it started running automatically. However, mid-way through the process, it said there is a new version available and asked me to update. I selected updated and combofix reran itself. After that I ran Malwarebytes as suggest. MWB did not find any malware. Below are the two logs ComboFix 13-12-04.04 - user 12/05/2013 9:05.2.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6327 [GMT -8:00]Running from: c:\users\user\Desktop\ComboFix.exeCommand switches used :: c:\users\user\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-11-05 to 2013-12-05 )))))))))))))))))))))))))))))))..2013-12-05 17:10 . 2013-12-05 17:10 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-12-05 17:10 . 2013-12-05 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-04 23:50 . 2013-12-05 13:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E4DBACC-3BA8-458F-93A3-89097B93B597}\offreg.dll2013-12-04 12:41 . 2013-11-18 09:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E4DBACC-3BA8-458F-93A3-89097B93B597}\mpengine.dll2013-12-03 11:09 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-12-01 22:31 . 2013-12-01 22:31 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\programdata\Malwarebytes2013-12-01 22:30 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-01 22:30 . 2013-12-01 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\users\user\AppData\Local\Programs2013-11-28 19:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-28 19:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-28 19:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-28 19:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-28 19:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-28 19:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-28 19:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-28 17:56 . 2013-11-28 17:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com2013-11-28 00:34 . 2013-11-28 00:34 -------- d-----w- C:\4c2b1ca437fcbd7b19a4dea2452013-11-27 20:59 . 2013-12-01 22:37 -------- d-----w- c:\users\user\AppData\Local\LzduPack2013-11-18 01:28 . 2013-11-18 01:28 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia2013-11-14 03:57 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-14 03:57 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-14 03:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-14 03:57 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-14 03:57 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-14 03:57 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-14 03:57 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-13 20:54 . 2013-11-13 20:54 -------- d-----w- c:\programdata\McAfee2013-11-07 20:08 . 2013-11-08 19:58 -------- d-----w- c:\users\user\AppData\Roaming\rpvoip2013-11-07 20:08 . 2013-11-07 20:08 -------- d-----w- c:\users\user\AppData\Roaming\Reservationless-Plus VoIP2013-11-07 17:50 . 2013-11-07 17:50 -------- d-----w- c:\users\user\AppData\Roaming\GMATPrep...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-19 11:33 . 2010-10-26 07:35 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-14 11:04 . 2010-12-29 00:07 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-04 02:00 . 2011-07-09 01:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-04 00:31 . 2013-11-04 00:31 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin2013-09-08 02:30 . 2013-11-04 00:14 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-11-04 00:14 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-11-04 00:14 231424 ----a-w- c:\windows\SysWow64\mswsock.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-24 1597864]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-22 296096]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-27 07:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 02:00].2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000Core.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29].2013-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000UA.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: pps.tvTrusted Zone: ppstream.comTrusted Zone: webscache.comTCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgsf5sw1.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - ExtSQL: !HIDDEN! 2010-01-17 05:54; vmoncfsezb@vmoncfsezb.org; c:\users\user\Application Data\Mozilla\Firefox\Profiles\jgsf5sw1.default\extensions\vmoncfsezb@vmoncfsezb.org.xpi.- - - - ORPHANS REMOVED - - - -.WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-05 09:12:05ComboFix-quarantined-files.txt 2013-12-05 17:12.Pre-Run: 267,292,602,368 bytes freePost-Run: 267,235,028,992 bytes free.- - End Of File - - 95F513184519E3099CB13F284B1FEB2CA36C5E4F47E84449FF07ED3517B43A31 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.12.05.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428user :: USER-PC [administrator] Protection: Enabled 12/5/2013 9:13:37 AMmbam-log-2013-12-05 (09-13-37).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 449718Time elapsed: 34 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted December 6, 2013 ID:761182 Share Posted December 6, 2013 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
kalikidd05 Posted December 6, 2013 Author ID:761380 Share Posted December 6, 2013 Hi Psychotic, I ran the online scan as requested. I had to download the plug in as I'm running Chome. Also had to download from a different computer as my infected PC won't let me save the file. I ran the program and it found two malwares. Here is the log saved as text file: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Users\hcgicmmpefibiinglgigjliojmiodcdi\cs.js Win32/TrojanDownloader.Tracur.V trojanC:\Users\user\Documents\Shortcuts\u1210.exe Win32/UltraReach application Link to post Share on other sites More sharing options...
Psychotic Posted December 8, 2013 ID:762068 Share Posted December 8, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Scan with Farbar´s Service ScannerPlease download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.CFScript.txt Link to post Share on other sites More sharing options...
kalikidd05 Posted December 8, 2013 Author ID:762128 Share Posted December 8, 2013 I did as requested. Here are the two log files ComboFix 13-12-04.04 - user 12/08/2013 10:16:44.3.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10156 [GMT -8:00]Running from: c:\users\user\Desktop\ComboFix.exeCommand switches used :: c:\users\user\Downloads\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\users\user\Documents\Shortcuts\u1210.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Users\hcgicmmpefibiinglgigjliojmiodcdic:\users\user\AppData\Local\Google\Chrome\User Data\Default\Users\hcgicmmpefibiinglgigjliojmiodcdi\background.jsc:\users\user\AppData\Local\Google\Chrome\User Data\Default\Users\hcgicmmpefibiinglgigjliojmiodcdi\cs.jsc:\users\user\AppData\Local\Google\Chrome\User Data\Default\Users\hcgicmmpefibiinglgigjliojmiodcdi\manifest.jsonc:\users\user\Documents\Shortcuts\u1210.exe..((((((((((((((((((((((((( Files Created from 2013-11-08 to 2013-12-08 )))))))))))))))))))))))))))))))..2013-12-08 18:25 . 2013-12-08 18:25 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-12-08 18:25 . 2013-12-08 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-06 17:23 . 2013-12-06 17:23 -------- d-----w- c:\program files (x86)\ESET2013-12-06 05:46 . 2013-11-18 09:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{56B637B3-74D2-408A-836F-3FF51B9FA773}\mpengine.dll2013-12-03 11:09 . 2013-10-15 02:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE2013-12-01 22:31 . 2013-12-01 22:31 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\programdata\Malwarebytes2013-12-01 22:30 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-01 22:30 . 2013-12-01 22:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-12-01 22:30 . 2013-12-01 22:30 -------- d-----w- c:\users\user\AppData\Local\Programs2013-11-28 19:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-28 19:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-28 19:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-28 19:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-28 19:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-28 19:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-28 19:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-28 17:56 . 2013-11-28 17:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com2013-11-28 00:34 . 2013-11-28 00:34 -------- d-----w- C:\4c2b1ca437fcbd7b19a4dea2452013-11-27 20:59 . 2013-12-01 22:37 -------- d-----w- c:\users\user\AppData\Local\LzduPack2013-11-18 01:28 . 2013-11-18 01:28 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia2013-11-14 03:57 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-14 03:57 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-14 03:57 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-14 03:57 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-14 03:57 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-14 03:57 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-14 03:57 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-14 03:57 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-13 20:54 . 2013-11-13 20:54 -------- d-----w- c:\programdata\McAfee...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-19 11:33 . 2010-10-26 07:35 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-14 11:04 . 2010-12-29 00:07 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-04 02:00 . 2011-07-09 01:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-04 00:31 . 2013-11-04 00:31 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-24 1597864]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-22 296096]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 20:23 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 02:00].2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 13:42].2013-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000Core.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29].2013-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2777047530-1545888719-2141319319-1000UA.job- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-01 15:29]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-22 7833120]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: pps.tvTrusted Zone: ppstream.comTrusted Zone: webscache.comTCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\jgsf5sw1.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - ExtSQL: !HIDDEN! 2010-01-17 05:54; vmoncfsezb@vmoncfsezb.org; c:\users\user\Application Data\Mozilla\Firefox\Profiles\jgsf5sw1.default\extensions\vmoncfsezb@vmoncfsezb.org.xpi.- - - - ORPHANS REMOVED - - - -.WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-12-08 10:27:06ComboFix-quarantined-files.txt 2013-12-08 18:27ComboFix2.txt 2013-12-05 17:12.Pre-Run: 259,224,121,344 bytes freePost-Run: 258,787,201,024 bytes free.- - End Of File - - 7F63DA273D4A43F403A874E46515A55FA36C5E4F47E84449FF07ED3517B43A31 Farbar Service Scanner Version: 05-12-2013Ran by user (administrator) on 08-12-2013 at 10:35:14Running from "C:\Users\user\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ================== System Restore:============ System Restore Disabled Policy: ======================== Action Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Windows Defender:============== Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\ipnathlp.dll => MD5 is legitC:\Windows\System32\iphlpsvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Link to post Share on other sites More sharing options...
Psychotic Posted December 8, 2013 ID:762130 Share Posted December 8, 2013 Are you able to download files now? Link to post Share on other sites More sharing options...
kalikidd05 Posted December 9, 2013 Author ID:762212 Share Posted December 9, 2013 still cannot download anti-virus programs, but seems like the google redirect problem is gone... Link to post Share on other sites More sharing options...
Psychotic Posted December 9, 2013 ID:762367 Share Posted December 9, 2013 System File CheckFor Windows XP: Press the Windows- and the R-key simultanously. Within the text box that jus opened, write cmd and hit Enter.For Windows Vista/7: Press the Windows key to open the start menu. Don´t highlight anything, just write cmd. The start menu will offer you an entry named cmd. Right click it and select "run as administrator"Within the opening window, write the following:sfc /scannow(See the blank within). Hit enter. Your system will be checked for damaged system files. Tell me the result of that scan in here (as the tool produces no log). Link to post Share on other sites More sharing options...
kalikidd05 Posted December 10, 2013 Author ID:762750 Share Posted December 10, 2013 I ran sfc /scannow and it said "windows resource protection found corrupt files but was unable to fix some of them. details are included in the cbs.log windir\logs\cbs\cbs.log I attached the file as the log file is too bigCBS.log Link to post Share on other sites More sharing options...
Psychotic Posted December 10, 2013 ID:762811 Share Posted December 10, 2013 Are you able to download now? Link to post Share on other sites More sharing options...
kalikidd05 Posted December 10, 2013 Author ID:762959 Share Posted December 10, 2013 no still says "failed - blocked" when I tried to download mbam Link to post Share on other sites More sharing options...
Psychotic Posted December 10, 2013 ID:762961 Share Posted December 10, 2013 Scan with RogueKillerDownload & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bitQuit all programs that you may have started. Please disconnect any external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start" For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply. You´ll find the log as RKreport[1].txt on your desktop also. Exit/Close RogueKiller. Link to post Share on other sites More sharing options...
kalikidd05 Posted December 11, 2013 Author ID:763091 Share Posted December 11, 2013 Thanks. Here is the log RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : user [Admin rights]Mode : Scan -- Date : 12/10/2013 16:25:12| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST32000542AS ATA Device +++++--- User ---[MBR] 54950af8ca618c37bf720ebfd268b3b0[bSP] 04659efb2bd3da08b236a33ded6af852 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 99 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 949900 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1945602048 | Size: 957726 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_12102013_162512.txt >> Link to post Share on other sites More sharing options...
kalikidd05 Posted December 11, 2013 Author ID:763093 Share Posted December 11, 2013 I also quit RogueKiller without fixing any of the files identified... Link to post Share on other sites More sharing options...
Psychotic Posted December 11, 2013 ID:763255 Share Posted December 11, 2013 on which browser did this happen? Did you try another one already? Link to post Share on other sites More sharing options...
kalikidd05 Posted December 12, 2013 Author ID:763550 Share Posted December 12, 2013 I used google chrome and internet explorer, both could not download Link to post Share on other sites More sharing options...
Psychotic Posted December 12, 2013 ID:763758 Share Posted December 12, 2013 Scan with Malwarebytes Anti-RootkitPlease download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'. Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply. Link to post Share on other sites More sharing options...
Recommended Posts