Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe running in background, hogging memory


  • This topic is locked This topic is locked
36 replies to this topic

#1 mechjames

mechjames

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 07 November 2011 - 01:42 PM

Hi, a few days ago my system got infected with something called "System Restore", and seems to go under fake names like "System Recovery" and so on. It hides all your files, makes your desktop black, and pretends to do a scan, with fake errors like "Hard drive running 20% slower", etc trying to get you to buy a fake key to unlock the program.

I got it removed with Malwarebytes, AVG, Adaware, Spybot. System is almost clean again. I've noticed it running slow though, and iexplore.exe is running in the process list, sometimes taking up to 200MB of ram in the background. I kill the process and it returns a few days later.

I don't even use IE, (I use Firefox/Aurora) and running a CCleaner scan shows stuff always showing up in internet explorer cache folder.

Malwarebytes, AVG, Spybot, Adaware all show the system is clean.

Thanks for any help you can give. Here is a hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:12 AM, on 11/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Users\James\Downloads\HijackThis.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10108 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 AM

Posted 12 November 2011 - 01:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426754 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 12 November 2011 - 01:54 PM

Will do this tonight when I get home from work.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 14 November 2011 - 11:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The HijackThis tool is not ready for the 64 bit operating system. In your case I need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Also the GMER tool is not compatible with the 64 bit System. Please run this one.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Post the logs for my review.

#5 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 14 November 2011 - 01:31 PM

Here is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by James at 10:11:37 on 2011-11-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.601 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
TCP: Interfaces\{E367EB0D-F806-42FE-A390-CD30D5F8C0F4} : DhcpNameServer = 192.168.1.254 199.185.220.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\0r3lo3ir.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-3-25 223088]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-1 1153368]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-1 17152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-1 366152]
.
=============== Created Last 30 ================
.
2011-11-14 17:57:00 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26070ECD-3B85-4921-A5F0-B85142043A23}\offreg.dll
2011-11-14 17:56:54 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26070ECD-3B85-4921-A5F0-B85142043A23}\mpengine.dll
2011-11-14 08:39:18 -------- d-----w- C:\Users\James\AppData\Local\{DA43D610-5C24-4C83-9679-601FDE979DA5}
2011-11-14 08:39:02 -------- d-----w- C:\Users\James\AppData\Local\{768A819E-6FF6-477D-8889-2F5D17913E9B}
2011-11-13 20:38:05 -------- d-----w- C:\Users\James\AppData\Local\{C49A5A9F-FC95-4C9C-B5C5-E233D67AF56B}
2011-11-13 20:37:03 -------- d-----w- C:\Users\James\AppData\Local\{48360FD6-94D1-4C9C-A23A-C661EFF5A36B}
2011-11-12 17:20:36 -------- d-----w- C:\Users\James\AppData\Local\{92874648-C9E9-4B56-8FA7-B5BFCB133ED6}
2011-11-12 17:20:22 -------- d-----w- C:\Users\James\AppData\Local\{F4E43D54-E0D2-4ED3-87DC-3782E48EBA57}
2011-11-11 21:37:29 -------- d-----w- C:\Users\James\AppData\Local\{9C0D8F0D-DEB1-40C9-96A0-396593036770}
2011-11-11 21:37:18 -------- d-----w- C:\Users\James\AppData\Local\{9E787B04-971A-464F-9D91-50DF841EF8FA}
2011-11-11 01:35:46 -------- d-----w- C:\Users\James\AppData\Local\{9E478AC2-C903-401B-B5F1-C34F9C24559F}
2011-11-11 01:35:19 -------- d-----w- C:\Users\James\AppData\Local\{30DFC266-4C92-43E3-A153-78243115FA7C}
2011-11-10 01:18:17 -------- d-----w- C:\Users\James\AppData\Local\{557C7ED7-587A-4126-B214-A477DCCDDE6A}
2011-11-10 01:18:01 -------- d-----w- C:\Users\James\AppData\Local\{769A0F90-B757-47D3-A39F-7107A9F5681F}
2011-11-09 16:37:51 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 16:37:50 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 16:37:49 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 16:37:47 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 19:21:17 -------- d-----w- C:\Users\James\AppData\Local\{90EC11CB-5469-4219-80B8-01FE6AA624A8}
2011-11-08 19:20:56 -------- d-----w- C:\Users\James\AppData\Local\{30E18BC7-B3EA-42A6-B738-84ACE7C8304A}
2011-11-08 07:20:15 -------- d-----w- C:\Users\James\AppData\Local\{392229C1-BB2D-46D8-9FAE-172AB5D2E0E0}
2011-11-08 07:19:58 -------- d-----w- C:\Users\James\AppData\Local\{C012D8FA-52E0-4F44-9354-E17FB8574717}
2011-11-07 19:19:40 -------- d-----w- C:\Users\James\AppData\Local\{DFA9AA37-14CB-41AF-A594-61FAC691C2D3}
2011-11-07 19:19:26 -------- d-----w- C:\Users\James\AppData\Local\{27995F27-BF34-407B-92E9-42CFC07F441B}
2011-11-07 11:57:39 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-07 07:18:44 -------- d-----w- C:\Users\James\AppData\Local\{A5489258-904B-4AD2-8768-0F225EA87E9B}
2011-11-07 07:18:17 -------- d-----w- C:\Users\James\AppData\Local\{84D6DAAB-D123-4580-94C2-B9A36CA9BB17}
2011-11-06 00:36:46 -------- d-----w- C:\Users\James\AppData\Local\{531D01FE-3E61-4C42-81EC-895F9D6D2429}
2011-11-06 00:36:32 -------- d-----w- C:\Users\James\AppData\Local\{67700310-F67B-44EF-9BF1-0456CA29FA90}
2011-11-04 01:18:20 -------- d-----w- C:\Users\James\AppData\Local\{B385342C-700B-4226-860B-265066A6B9E8}
2011-11-04 01:18:07 -------- d-----w- C:\Users\James\AppData\Local\{BDFD2779-796E-41D4-B172-D6BEBC642B01}
2011-11-02 06:30:25 -------- d-----w- C:\Users\James\AppData\Local\{AEB666F5-BC5A-42D4-8ECE-68D389921F2C}
2011-11-02 06:30:11 -------- d-----w- C:\Users\James\AppData\Local\{254A51D6-E872-4EC5-95E0-44BCA81E9074}
2011-11-02 00:38:29 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-02 00:34:24 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-02 00:34:06 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-01 22:42:59 -------- d--h--w- C:\$AVG
2011-11-01 22:07:53 -------- d-----w- C:\Users\James\AppData\Roaming\AVG2012
2011-11-01 22:06:09 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-11-01 22:05:05 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-11-01 22:05:05 -------- d-----w- C:\ProgramData\AVG2012
2011-11-01 22:04:15 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-01 20:43:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-01 20:43:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-01 20:40:45 -------- d--h--w- C:\ProgramData\Common Files
2011-11-01 20:40:20 -------- d-----w- C:\ProgramData\MFAData
2011-11-01 18:46:28 -------- d-----w- C:\Users\James\AppData\Roaming\Malwarebytes
2011-11-01 18:46:14 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-01 18:46:09 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-01 18:46:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-01 18:29:35 -------- d-----w- C:\Users\James\AppData\Local\{BD399372-D152-46B5-B103-9CE2162EFF5F}
2011-11-01 18:28:56 -------- d-----w- C:\Users\James\AppData\Local\{BA919AB4-E9A5-4525-8C0C-B75CBBB597CE}
2011-10-31 19:47:20 -------- d-----w- C:\Users\James\AppData\Local\{9D8779D6-60E1-4A7C-8678-3250575493C6}
2011-10-31 19:47:07 -------- d-----w- C:\Users\James\AppData\Local\{68675968-2E3B-4E7E-BCE8-FF858A077155}
2011-10-30 20:05:28 -------- d-----w- C:\Users\James\AppData\Local\{AEA07808-A69C-4B63-956F-831DDC6C33C6}
2011-10-30 20:05:15 -------- d-----w- C:\Users\James\AppData\Local\{A66DB4F9-9121-43A2-9482-CE2E38AAE043}
2011-10-30 00:14:29 -------- d-----w- C:\Users\James\AppData\Local\{7FEF0027-F29C-43DC-811D-E1D1AC8A1781}
2011-10-30 00:14:17 -------- d-----w- C:\Users\James\AppData\Local\{512EF9AC-BDCD-4460-B4CB-61ED166D0712}
2011-10-29 00:30:15 -------- d-----w- C:\Users\James\AppData\Local\{C3F878FA-769F-4687-8ECE-53D47EDD6CC5}
2011-10-29 00:30:02 -------- d-----w- C:\Users\James\AppData\Local\{99C89456-F9F5-4E61-AA10-7B80CC811102}
2011-10-28 06:34:36 -------- d-----w- C:\Users\James\AppData\Local\{DF9D58A9-825D-4992-A0F3-26B9A814C5D8}
2011-10-28 06:34:24 -------- d-----w- C:\Users\James\AppData\Local\{022694D0-2AD3-4343-A282-D6E8EA89022B}
2011-10-27 18:34:08 -------- d-----w- C:\Users\James\AppData\Local\{37678BF8-2D7D-4E2A-8ECB-D0347871D477}
2011-10-27 18:33:51 -------- d-----w- C:\Users\James\AppData\Local\{310BC026-3FD4-44D7-BDC0-8767EFFA6A6B}
2011-10-27 01:11:59 -------- d-----w- C:\Users\James\AppData\Local\{051984BA-003D-459D-857E-8E0700CB28B9}
2011-10-27 01:11:41 -------- d-----w- C:\Users\James\AppData\Local\{EF78F2F7-6D22-4AF6-A25C-B4432E181FE4}
2011-10-26 05:55:28 -------- d-----w- C:\Users\James\AppData\Local\{705E6507-B5F9-46B8-96C9-D0DD8A8EA289}
2011-10-26 05:55:16 -------- d-----w- C:\Users\James\AppData\Local\{705566F4-4257-413F-A01C-DD77597BB3B9}
2011-10-25 17:45:02 -------- d-----w- C:\Users\James\AppData\Local\{094474B3-9A85-41A2-9C71-F06D4358B5F6}
2011-10-25 17:44:37 -------- d-----w- C:\Users\James\AppData\Local\{4B63FB26-CEE5-4A6B-8140-B83C369E6EED}
2011-10-24 22:32:19 -------- d-----w- C:\Users\James\AppData\Local\{AF0A638A-1B85-4665-A1F4-FA67A18AA0D4}
2011-10-24 22:32:03 -------- d-----w- C:\Users\James\AppData\Local\{8100E2AC-7325-42DE-9280-E515681E0534}
2011-10-24 05:16:24 -------- d-----w- C:\Users\James\AppData\Local\{350ED8AD-47B8-4A0C-BFB5-5E8546BED7D3}
2011-10-24 05:16:12 -------- d-----w- C:\Users\James\AppData\Local\{94774B2D-DEBF-4A6B-B0EC-D6F3B064502B}
2011-10-23 16:34:04 -------- d-----w- C:\Users\James\AppData\Local\{9422AEC7-8262-4B0A-BE4D-FA0A371CAAF5}
2011-10-23 16:33:48 -------- d-----w- C:\Users\James\AppData\Local\{DF0F8B63-9FA6-44F5-AAF1-127C01BA8B6C}
2011-10-21 05:10:31 -------- d-----w- C:\Users\James\AppData\Local\{84DA82C7-AB67-475F-9CA1-482F49DE4ED9}
2011-10-21 05:10:19 -------- d-----w- C:\Users\James\AppData\Local\{6F15AE96-684B-4362-87C8-59A93D8EA331}
2011-10-20 17:10:03 -------- d-----w- C:\Users\James\AppData\Local\{72EC58B7-EA1C-4500-8561-4D297336B137}
2011-10-20 17:09:50 -------- d-----w- C:\Users\James\AppData\Local\{BD5B12F6-79AF-48DF-BA59-03C7C4ECB62C}
2011-10-20 00:47:46 -------- d-----w- C:\Users\James\AppData\Local\{ED8D920A-B4C3-45BF-9B93-2D5CE0BADA62}
2011-10-20 00:47:34 -------- d-----w- C:\Users\James\AppData\Local\{A024B7BC-45BA-42E3-812D-AAB78F549BD1}
2011-10-19 06:16:00 -------- d-----w- C:\Users\James\AppData\Local\{B62D59CF-1C10-48ED-835F-7D43CDB38997}
2011-10-19 06:15:44 -------- d-----w- C:\Users\James\AppData\Local\{3D39F6F8-2577-4B93-A6FB-2BA10DD9CB21}
2011-10-18 17:44:35 -------- d-----w- C:\Users\James\AppData\Local\{7ACE9B8B-0FF6-4813-AE70-6BCE7C410E15}
2011-10-18 17:44:23 -------- d-----w- C:\Users\James\AppData\Local\{B296D973-5573-4BEB-A7E8-59CB2CC50094}
2011-10-18 01:53:39 -------- d-----w- C:\Users\James\AppData\Local\{E0A4AD8B-DC52-45A0-ABCD-FA75180E5B49}
2011-10-18 01:53:28 -------- d-----w- C:\Users\James\AppData\Local\{8B48A288-76D5-43D9-B8A7-7A0B897D4173}
2011-10-17 03:17:34 -------- d-----w- C:\Users\James\AppData\Local\{73CC54CA-49E1-450E-AB94-7F1C05293E6A}
2011-10-17 03:17:18 -------- d-----w- C:\Users\James\AppData\Local\{8FFC1256-3C23-4BB0-B80E-EA66D79A8B4B}
2011-10-16 02:48:55 -------- d-----w- C:\Users\James\AppData\Local\{AC88F86B-803F-4541-85D7-DE93F23A393B}
2011-10-16 02:48:42 -------- d-----w- C:\Users\James\AppData\Local\{823D6851-6FEC-4DA1-A2FD-3A5DE7D200AB}
.
==================== Find3M ====================
.
2011-10-07 13:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-06 22:16:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 06:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 10:20:45.28 ===============

aswMBR LOG

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-14 10:23:09
-----------------------------
10:23:09.024 OS Version: Windows x64 6.1.7601 Service Pack 1
10:23:09.024 Number of processors: 2 586 0xF06
10:23:09.025 ComputerName: HPMEDIACENTER UserName: James
10:23:11.503 Initialize success
10:24:27.399 AVAST engine defs: 11111400
10:24:59.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:24:59.964 Disk 0 Vendor: SAMSUNG_SP2004C VM100-33 Size: 190781MB BusType: 3
10:25:01.967 Disk 0 MBR read successfully
10:25:01.970 Disk 0 MBR scan
10:25:02.056 Disk 0 Windows 7 default MBR code
10:25:02.059 Disk 0 MBR hidden
10:25:02.063 Service scanning
10:25:02.803 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
10:25:03.519 Modules scanning
10:25:03.524 Disk 0 trace - called modules:
10:25:03.536 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80027da334]<<
10:25:03.541 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027bc060]
10:25:03.545 3 CLASSPNP.SYS[fffff88001b8143f] -> nt!IofCallDriver -> [0xfffffa800231f520]
10:25:03.553 5 ACPI.sys[fffff88000f817a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800231b680]
10:25:03.561 \Driver\atapi[0xfffffa800228a4e0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80027da334
10:25:03.945 AVAST engine scan C:\Windows
10:25:06.217 AVAST engine scan C:\Windows\system32
10:28:59.352 AVAST engine scan C:\Windows\system32\drivers
10:29:13.767 AVAST engine scan C:\Users\James
10:30:06.828 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
10:30:06.834 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"


mbr.dat is attached to this post.

Attached Files

  • Attached File  MBR.zip   569bytes   2 downloads


#6 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 16 November 2011 - 06:20 PM

I should also note that Malwarebytes Antimalware is blocking a lot of outgoing packets to certain ip addresses from iexplore.exe and sometimes I see the occasional popup from internet explorer, even if I'm not using it.

Also, sometimes when browsing the web, lets say if I went here to bleepingcomputer.com for example, it will get hijacked and go somewhere completely different, usually a search page with a lot of advertising.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 17 November 2011 - 08:55 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#8 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 17 November 2011 - 06:49 PM

Hi, I have followed the instructions here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Combofix installs but doesn't auto start with the blue box after installation.

#9 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 17 November 2011 - 06:53 PM

Never mind, i finally got it started. Will post the log when it is done.

#10 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 18 November 2011 - 01:46 AM

combofix.txt

ComboFix 11-11-17.03 - James 11/17/2011 16:00:58.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1183 [GMT -8:00]
Running from: c:\users\James\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 00:47 . 2011-11-18 00:47 -------- d-----w- c:\users\Mcx1-HPMEDIACENTER\AppData\Local\temp
2011-11-18 00:47 . 2011-11-18 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 00:47 . 2011-11-18 00:47 -------- d-----w- c:\users\Carolyn\AppData\Local\temp
2011-11-17 19:48 . 2011-11-18 00:54 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1DFF44F-292D-4B43-A6B8-B88B5F6088DE}\offreg.dll
2011-11-17 19:48 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1DFF44F-292D-4B43-A6B8-B88B5F6088DE}\mpengine.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-17 02:32 . 2011-11-17 02:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-17 02:32 . 2011-11-17 02:32 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-17 02:28 . 2011-11-17 02:28 -------- d-----w- c:\program files\iPod
2011-11-17 02:28 . 2011-11-17 02:29 -------- d-----w- c:\program files\iTunes
2011-11-17 02:28 . 2011-11-17 02:29 -------- d-----w- c:\program files (x86)\iTunes
2011-11-09 16:37 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 16:37 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 16:37 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 16:37 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 11:57 . 2011-11-02 00:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-02 04:50 . 2011-11-02 04:50 -------- d-----w- c:\users\Carolyn\AppData\Roaming\AVG2012
2011-11-02 00:38 . 2011-11-02 00:38 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-02 00:34 . 2011-10-29 02:35 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-02 00:34 . 2011-11-02 00:34 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-02 00:33 . 2011-11-02 00:34 -------- d-----w- c:\programdata\Lavasoft
2011-11-01 22:42 . 2011-11-01 22:42 -------- d-----w- C:\$AVG
2011-11-01 22:07 . 2011-11-01 22:07 -------- d-----w- c:\users\James\AppData\Roaming\AVG2012
2011-11-01 22:06 . 2011-11-01 22:06 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-01 22:05 . 2011-11-17 17:09 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-01 22:05 . 2011-11-01 22:13 -------- d-----w- c:\programdata\AVG2012
2011-11-01 22:04 . 2011-11-01 22:04 -------- d-----w- c:\program files (x86)\AVG
2011-11-01 20:43 . 2011-11-06 01:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-01 20:43 . 2011-11-01 20:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-01 20:40 . 2011-11-01 20:40 -------- d--h--w- c:\programdata\Common Files
2011-11-01 20:40 . 2011-11-17 17:09 -------- d-----w- c:\programdata\MFAData
2011-11-01 18:46 . 2011-11-01 18:46 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2011-11-01 18:46 . 2011-11-01 18:46 -------- d-----w- c:\programdata\Malwarebytes
2011-11-01 18:46 . 2011-11-01 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-01 18:46 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 02:01 . 2011-10-11 02:02 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DA1E362-FDAC-458B-8BD7-5167F842EEE7}\gapaengine.dll
2011-10-07 13:23 . 2011-10-07 13:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-07 04:16 . 2011-09-23 20:25 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-06 22:16 . 2011-05-19 01:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-22 20:41 . 2011-09-22 20:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-22 20:41 . 2011-09-22 20:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-22 20:41 . 2011-09-22 20:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-22 20:41 . 2011-09-22 20:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-09-22 20:41 . 2011-09-22 20:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-09-22 20:41 . 2011-09-22 20:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-09-22 20:41 . 2011-09-22 20:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-09-22 20:41 . 2011-09-22 20:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-22 20:41 . 2011-09-22 20:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-09-22 20:41 . 2011-09-22 20:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-09-22 20:41 . 2011-09-22 20:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-09-22 20:41 . 2011-09-22 20:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-09-22 20:41 . 2011-09-22 20:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-22 20:41 . 2011-09-22 20:41 448512 ----a-w- c:\windows\system32\html.iec
2011-09-22 20:41 . 2011-09-22 20:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-09-22 20:41 . 2011-09-22 20:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-09-22 20:41 . 2011-09-22 20:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-09-22 20:41 . 2011-09-22 20:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-22 20:41 . 2011-09-22 20:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-22 20:41 . 2011-09-22 20:41 222208 ----a-w- c:\windows\system32\msls31.dll
2011-09-22 20:41 . 2011-09-22 20:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-22 20:41 . 2011-09-22 20:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-09-22 20:41 . 2011-09-22 20:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-09-22 20:41 . 2011-09-22 20:41 160256 ----a-w- c:\windows\system32\wextract.exe
2011-09-22 20:41 . 2011-09-22 20:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-09-22 20:41 . 2011-09-22 20:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-09-22 20:41 . 2011-09-22 20:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-22 20:41 . 2011-09-22 20:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-22 20:41 . 2011-09-22 20:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-22 20:41 . 2011-09-22 20:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-22 20:41 . 2011-09-22 20:41 12288 ----a-w- c:\windows\system32\mshta.exe
2011-09-22 20:41 . 2011-09-22 20:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-09-22 20:41 . 2011-09-22 20:41 114176 ----a-w- c:\windows\system32\admparse.dll
2011-09-22 20:41 . 2011-09-22 20:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-22 20:41 . 2011-09-22 20:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-09-22 20:41 . 2011-09-22 20:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-01 05:24 . 2011-10-13 07:25 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 07:26 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 07:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 07:25 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 07:26 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 07:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 06:05 . 2011-08-31 06:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-12 15:41 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 15:41 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 15:41 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 15:41 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-22 00:23 . 2011-08-22 00:23 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-29 2152152]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-03-25 223088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-02 17152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-29 02:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 363544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
TCP: DhcpNameServer = 192.168.1.254 199.185.220.254
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\0r3lo3ir.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7a,d1,be,c9,5f,80,5e,e9,97,2f,a9,ca,d0,cb,72,06,33,4f,2b,d2,8e,
3e,88,7f,21,30,75,44,47,3e,db,13,a8,cd,fa,26,4d,17,ba,ee,0d,89,75,44,70,b0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7a,d1,be,c9,5f,80,5e,e9,97,2f,a9,ca,d0,cb,72,06,33,4f,2b,d2,8e,
3e,88,7f,21,30,75,44,47,3e,db,13,a8,cd,fa,26,4d,17,ba,ee,0d,89,75,44,70,b0,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-11-17 17:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-18 01:50
.
Pre-Run: 52,387,561,472 bytes free
Post-Run: 52,508,274,688 bytes free
.
- - End Of File - - A42B1830882793738C7D1B4E708D3611

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 18 November 2011 - 08:23 AM

Download the latest version of Kaspersky Virus Removal Tool
  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • Then please choose Security level: Recommended and perform the following actions.
    Posted Image
  • Click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Please let me know if the problem persists.

#12 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 20 November 2011 - 06:05 PM

Yes, the problem still persists. Web sites don't go where they should sometimes, iexplore.exe is still running in the background, and restarts after ending the process, and sometimes I still get popups from internet explorer in the background as well.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 21 November 2011 - 10:19 AM

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


#14 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 22 November 2011 - 08:33 PM

No Threats Found. Here's the log:


No Threats found. Here is a copy of the log:


10:51:36.0338 2956 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
10:51:36.0698 2956 ============================================================
10:51:36.0698 2956 Current date / time: 2011/11/21 10:51:36.0698
10:51:36.0698 2956 SystemInfo:
10:51:36.0698 2956
10:51:36.0698 2956 OS Version: 6.1.7601 ServicePack: 1.0
10:51:36.0698 2956 Product type: Workstation
10:51:36.0698 2956 ComputerName: HPMEDIACENTER
10:51:36.0698 2956 UserName: James
10:51:36.0698 2956 Windows directory: C:\Windows
10:51:36.0698 2956 System windows directory: C:\Windows
10:51:36.0698 2956 Running under WOW64
10:51:36.0698 2956 Processor architecture: Intel x64
10:51:36.0698 2956 Number of processors: 2
10:51:36.0698 2956 Page size: 0x1000
10:51:36.0698 2956 Boot type: Normal boot
10:51:36.0698 2956 ============================================================
10:51:38.0964 2956 Initialize success
10:51:51.0528 4304 ============================================================
10:51:51.0528 4304 Scan started
10:51:51.0528 4304 Mode: Manual;
10:51:51.0528 4304 ============================================================
10:51:53.0287 4304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
10:51:53.0294 4304 1394ohci - ok
10:51:53.0353 4304 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
10:51:53.0353 4304 61883 - ok
10:51:53.0400 4304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:51:53.0416 4304 ACPI - ok
10:51:53.0447 4304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:51:53.0447 4304 AcpiPmi - ok
10:51:53.0509 4304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:51:53.0509 4304 adp94xx - ok
10:51:53.0541 4304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:51:53.0541 4304 adpahci - ok
10:51:53.0556 4304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:51:53.0572 4304 adpu320 - ok
10:51:53.0627 4304 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:51:53.0639 4304 AFD - ok
10:51:53.0668 4304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:51:53.0670 4304 agp440 - ok
10:51:53.0695 4304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:51:53.0696 4304 aliide - ok
10:51:53.0731 4304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:51:53.0732 4304 amdide - ok
10:51:53.0763 4304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:51:53.0764 4304 AmdK8 - ok
10:51:54.0396 4304 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
10:51:54.0636 4304 amdkmdag - ok
10:51:54.0777 4304 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
10:51:54.0777 4304 amdkmdap - ok
10:51:54.0808 4304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:51:54.0808 4304 AmdPPM - ok
10:51:54.0855 4304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:51:54.0855 4304 amdsata - ok
10:51:54.0886 4304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:51:54.0886 4304 amdsbs - ok
10:51:54.0902 4304 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:51:54.0902 4304 amdxata - ok
10:51:54.0965 4304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:51:54.0965 4304 AppID - ok
10:51:55.0012 4304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:51:55.0028 4304 arc - ok
10:51:55.0075 4304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:51:55.0090 4304 arcsas - ok
10:51:55.0118 4304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:51:55.0118 4304 AsyncMac - ok
10:51:55.0145 4304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:51:55.0145 4304 atapi - ok
10:51:55.0239 4304 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:51:55.0239 4304 AtiHDAudioService - ok
10:51:55.0286 4304 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
10:51:55.0286 4304 AtiHdmiService - ok
10:51:55.0629 4304 atikmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
10:51:55.0692 4304 atikmdag - ok
10:51:55.0942 4304 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
10:51:55.0942 4304 Avc - ok
10:51:56.0004 4304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:51:56.0020 4304 b06bdrv - ok
10:51:56.0051 4304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:51:56.0051 4304 b57nd60a - ok
10:51:56.0098 4304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:51:56.0098 4304 Beep - ok
10:51:56.0145 4304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:51:56.0145 4304 blbdrive - ok
10:51:56.0192 4304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:51:56.0208 4304 bowser - ok
10:51:56.0223 4304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:51:56.0223 4304 BrFiltLo - ok
10:51:56.0239 4304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:51:56.0239 4304 BrFiltUp - ok
10:51:56.0254 4304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:51:56.0270 4304 Brserid - ok
10:51:56.0286 4304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:51:56.0286 4304 BrSerWdm - ok
10:51:56.0301 4304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:51:56.0301 4304 BrUsbMdm - ok
10:51:56.0317 4304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:51:56.0317 4304 BrUsbSer - ok
10:51:56.0364 4304 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
10:51:56.0379 4304 BTCFilterService - ok
10:51:56.0395 4304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:51:56.0411 4304 BTHMODEM - ok
10:51:56.0458 4304 catchme - ok
10:51:56.0520 4304 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
10:51:56.0520 4304 CAXHWBS2 - ok
10:51:56.0551 4304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:51:56.0551 4304 cdfs - ok
10:51:56.0614 4304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:51:56.0614 4304 cdrom - ok
10:51:56.0645 4304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:51:56.0645 4304 circlass - ok
10:51:56.0676 4304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:51:56.0692 4304 CLFS - ok
10:51:56.0723 4304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:51:56.0739 4304 CmBatt - ok
10:51:56.0754 4304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:51:56.0754 4304 cmdide - ok
10:51:56.0817 4304 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:51:56.0833 4304 CNG - ok
10:51:56.0833 4304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:51:56.0848 4304 Compbatt - ok
10:51:56.0879 4304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:51:56.0879 4304 CompositeBus - ok
10:51:56.0958 4304 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:51:56.0958 4304 cpudrv64 - ok
10:51:56.0973 4304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:51:56.0973 4304 crcdisk - ok
10:51:57.0020 4304 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:51:57.0020 4304 CSC - ok
10:51:57.0083 4304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:51:57.0083 4304 DfsC - ok
10:51:57.0098 4304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:51:57.0114 4304 discache - ok
10:51:57.0145 4304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:51:57.0145 4304 Disk - ok
10:51:57.0192 4304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:51:57.0192 4304 drmkaud - ok
10:51:57.0254 4304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:51:57.0270 4304 DXGKrnl - ok
10:51:57.0317 4304 e1express (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
10:51:57.0317 4304 e1express - ok
10:51:57.0426 4304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:51:57.0458 4304 ebdrv - ok
10:51:57.0504 4304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:51:57.0520 4304 elxstor - ok
10:51:57.0536 4304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:51:57.0551 4304 ErrDev - ok
10:51:57.0598 4304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:51:57.0598 4304 exfat - ok
10:51:57.0614 4304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:51:57.0629 4304 fastfat - ok
10:51:57.0645 4304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:51:57.0661 4304 fdc - ok
10:51:57.0676 4304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:51:57.0676 4304 FileInfo - ok
10:51:57.0692 4304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:51:57.0692 4304 Filetrace - ok
10:51:57.0708 4304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:51:57.0708 4304 flpydisk - ok
10:51:57.0739 4304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:51:57.0754 4304 FltMgr - ok
10:51:57.0770 4304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:51:57.0770 4304 FsDepends - ok
10:51:57.0786 4304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:51:57.0786 4304 Fs_Rec - ok
10:51:57.0833 4304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:51:57.0833 4304 fvevol - ok
10:51:57.0864 4304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:51:57.0864 4304 gagp30kx - ok
10:51:57.0926 4304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:57.0926 4304 GEARAspiWDM - ok
10:51:57.0942 4304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:51:57.0942 4304 hcw85cir - ok
10:51:57.0973 4304 hcwPP2 (af844d328bb8ef0943bcaf10fa1fc263) C:\Windows\system32\DRIVERS\hcwPP2.sys
10:51:57.0973 4304 hcwPP2 - ok
10:51:58.0020 4304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:51:58.0020 4304 HdAudAddService - ok
10:51:58.0051 4304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:51:58.0051 4304 HDAudBus - ok
10:51:58.0083 4304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:51:58.0083 4304 HidBatt - ok
10:51:58.0098 4304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidb

#15 mechjames

mechjames
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 22 November 2011 - 08:34 PM

No threats found. Heres the log below.

I should also note that going to websites through https barely works most of the time now. Usually have to keep refreshing and refreshing, and then it eventually goes through.

No Threats found. Here is a copy of the log:


10:51:36.0338 2956 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
10:51:36.0698 2956 ============================================================
10:51:36.0698 2956 Current date / time: 2011/11/21 10:51:36.0698
10:51:36.0698 2956 SystemInfo:
10:51:36.0698 2956
10:51:36.0698 2956 OS Version: 6.1.7601 ServicePack: 1.0
10:51:36.0698 2956 Product type: Workstation
10:51:36.0698 2956 ComputerName: HPMEDIACENTER
10:51:36.0698 2956 UserName: James
10:51:36.0698 2956 Windows directory: C:\Windows
10:51:36.0698 2956 System windows directory: C:\Windows
10:51:36.0698 2956 Running under WOW64
10:51:36.0698 2956 Processor architecture: Intel x64
10:51:36.0698 2956 Number of processors: 2
10:51:36.0698 2956 Page size: 0x1000
10:51:36.0698 2956 Boot type: Normal boot
10:51:36.0698 2956 ============================================================
10:51:38.0964 2956 Initialize success
10:51:51.0528 4304 ============================================================
10:51:51.0528 4304 Scan started
10:51:51.0528 4304 Mode: Manual;
10:51:51.0528 4304 ============================================================
10:51:53.0287 4304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
10:51:53.0294 4304 1394ohci - ok
10:51:53.0353 4304 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
10:51:53.0353 4304 61883 - ok
10:51:53.0400 4304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:51:53.0416 4304 ACPI - ok
10:51:53.0447 4304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:51:53.0447 4304 AcpiPmi - ok
10:51:53.0509 4304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:51:53.0509 4304 adp94xx - ok
10:51:53.0541 4304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:51:53.0541 4304 adpahci - ok
10:51:53.0556 4304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:51:53.0572 4304 adpu320 - ok
10:51:53.0627 4304 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:51:53.0639 4304 AFD - ok
10:51:53.0668 4304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:51:53.0670 4304 agp440 - ok
10:51:53.0695 4304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:51:53.0696 4304 aliide - ok
10:51:53.0731 4304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:51:53.0732 4304 amdide - ok
10:51:53.0763 4304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:51:53.0764 4304 AmdK8 - ok
10:51:54.0396 4304 amdkmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
10:51:54.0636 4304 amdkmdag - ok
10:51:54.0777 4304 amdkmdap (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys
10:51:54.0777 4304 amdkmdap - ok
10:51:54.0808 4304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:51:54.0808 4304 AmdPPM - ok
10:51:54.0855 4304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:51:54.0855 4304 amdsata - ok
10:51:54.0886 4304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:51:54.0886 4304 amdsbs - ok
10:51:54.0902 4304 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:51:54.0902 4304 amdxata - ok
10:51:54.0965 4304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:51:54.0965 4304 AppID - ok
10:51:55.0012 4304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:51:55.0028 4304 arc - ok
10:51:55.0075 4304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:51:55.0090 4304 arcsas - ok
10:51:55.0118 4304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:51:55.0118 4304 AsyncMac - ok
10:51:55.0145 4304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:51:55.0145 4304 atapi - ok
10:51:55.0239 4304 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:51:55.0239 4304 AtiHDAudioService - ok
10:51:55.0286 4304 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
10:51:55.0286 4304 AtiHdmiService - ok
10:51:55.0629 4304 atikmdag (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys
10:51:55.0692 4304 atikmdag - ok
10:51:55.0942 4304 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
10:51:55.0942 4304 Avc - ok
10:51:56.0004 4304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:51:56.0020 4304 b06bdrv - ok
10:51:56.0051 4304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:51:56.0051 4304 b57nd60a - ok
10:51:56.0098 4304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:51:56.0098 4304 Beep - ok
10:51:56.0145 4304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:51:56.0145 4304 blbdrive - ok
10:51:56.0192 4304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:51:56.0208 4304 bowser - ok
10:51:56.0223 4304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:51:56.0223 4304 BrFiltLo - ok
10:51:56.0239 4304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:51:56.0239 4304 BrFiltUp - ok
10:51:56.0254 4304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:51:56.0270 4304 Brserid - ok
10:51:56.0286 4304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:51:56.0286 4304 BrSerWdm - ok
10:51:56.0301 4304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:51:56.0301 4304 BrUsbMdm - ok
10:51:56.0317 4304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:51:56.0317 4304 BrUsbSer - ok
10:51:56.0364 4304 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
10:51:56.0379 4304 BTCFilterService - ok
10:51:56.0395 4304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:51:56.0411 4304 BTHMODEM - ok
10:51:56.0458 4304 catchme - ok
10:51:56.0520 4304 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
10:51:56.0520 4304 CAXHWBS2 - ok
10:51:56.0551 4304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:51:56.0551 4304 cdfs - ok
10:51:56.0614 4304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:51:56.0614 4304 cdrom - ok
10:51:56.0645 4304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:51:56.0645 4304 circlass - ok
10:51:56.0676 4304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:51:56.0692 4304 CLFS - ok
10:51:56.0723 4304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:51:56.0739 4304 CmBatt - ok
10:51:56.0754 4304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:51:56.0754 4304 cmdide - ok
10:51:56.0817 4304 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:51:56.0833 4304 CNG - ok
10:51:56.0833 4304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:51:56.0848 4304 Compbatt - ok
10:51:56.0879 4304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:51:56.0879 4304 CompositeBus - ok
10:51:56.0958 4304 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
10:51:56.0958 4304 cpudrv64 - ok
10:51:56.0973 4304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:51:56.0973 4304 crcdisk - ok
10:51:57.0020 4304 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:51:57.0020 4304 CSC - ok
10:51:57.0083 4304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:51:57.0083 4304 DfsC - ok
10:51:57.0098 4304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:51:57.0114 4304 discache - ok
10:51:57.0145 4304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:51:57.0145 4304 Disk - ok
10:51:57.0192 4304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:51:57.0192 4304 drmkaud - ok
10:51:57.0254 4304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:51:57.0270 4304 DXGKrnl - ok
10:51:57.0317 4304 e1express (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
10:51:57.0317 4304 e1express - ok
10:51:57.0426 4304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:51:57.0458 4304 ebdrv - ok
10:51:57.0504 4304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:51:57.0520 4304 elxstor - ok
10:51:57.0536 4304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:51:57.0551 4304 ErrDev - ok
10:51:57.0598 4304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:51:57.0598 4304 exfat - ok
10:51:57.0614 4304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:51:57.0629 4304 fastfat - ok
10:51:57.0645 4304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:51:57.0661 4304 fdc - ok
10:51:57.0676 4304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:51:57.0676 4304 FileInfo - ok
10:51:57.0692 4304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:51:57.0692 4304 Filetrace - ok
10:51:57.0708 4304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:51:57.0708 4304 flpydisk - ok
10:51:57.0739 4304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:51:57.0754 4304 FltMgr - ok
10:51:57.0770 4304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:51:57.0770 4304 FsDepends - ok
10:51:57.0786 4304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:51:57.0786 4304 Fs_Rec - ok
10:51:57.0833 4304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:51:57.0833 4304 fvevol - ok
10:51:57.0864 4304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:51:57.0864 4304 gagp30kx - ok
10:51:57.0926 4304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:51:57.0926 4304 GEARAspiWDM - ok
10:51:57.0942 4304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:51:57.0942 4304 hcw85cir - ok
10:51:57.0973 4304 hcwPP2 (af844d328bb8ef0943bcaf10fa1fc263) C:\Windows\system32\DRIVERS\hcwPP2.sys
10:51:57.0973 4304 hcwPP2 - ok
10:51:58.0020 4304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:51:58.0020 4304 HdAudAddService - ok
10:51:58.0051 4304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:51:58.0051 4304 HDAudBus - ok
10:51:58.0083 4304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:51:58.0083 4304 HidBatt - ok
10:51:58.0098 4304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:51:58.0098 4304 HidBth - ok
10:51:58.0114 4304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:51:58.0114 4304 HidIr - ok
10:51:58.0145 4304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:51:58.0145 4304 HidUsb - ok
10:51:58.0192 4304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:51:58.0192 4304 HpSAMD - ok
10:51:58.0270 4304 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys
10:51:58.0286 4304 HSF_DP - ok
10:51:58.0333 4304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:51:58.0348 4304 HTTP - ok
10:51:58.0364 4304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:51:58.0364 4304 hwpolicy - ok
10:51:58.0411 4304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:51:58.0411 4304 i8042prt - ok
10:51:58.0458 4304 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:51:58.0458 4304 iaStorV - ok
10:51:58.0676 4304 igfx (89b99e3e988dfa20abb58ff1930add21) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:51:58.0817 4304 igfx - ok
10:51:58.0926 4304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:51:58.0926 4304 iirsp - ok
10:51:59.0036 4304 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
10:51:59.0067 4304 IntcAzAudAddService - ok
10:51:59.0098 4304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:51:59.0098 4304 intelide - ok
10:51:59.0129 4304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:51:59.0129 4304 intelppm - ok
10:51:59.0176 4304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:51:59.0176 4304 IpFilterDriver - ok
10:51:59.0223 4304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:51:59.0239 4304 IPMIDRV - ok
10:51:59.0254 4304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:51:59.0254 4304 IPNAT - ok
10:51:59.0301 4304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:51:59.0301 4304 IRENUM - ok
10:51:59.0333 4304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:51:59.0348 4304 isapnp - ok
10:51:59.0379 4304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:51:59.0379 4304 iScsiPrt - ok
10:51:59.0411 4304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:51:59.0411 4304 kbdclass - ok
10:51:59.0458 4304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:51:59.0458 4304 kbdhid - ok
10:51:59.0504 4304 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:51:59.0504 4304 KSecDD - ok
10:51:59.0520 4304 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:51:59.0536 4304 KSecPkg - ok
10:51:59.0551 4304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:51:59.0551 4304 ksthunk - ok
10:51:59.0614 4304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:51:59.0614 4304 lltdio - ok
10:51:59.0661 4304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:51:59.0661 4304 LSI_FC - ok
10:51:59.0661 4304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:51:59.0676 4304 LSI_SAS - ok
10:51:59.0692 4304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:51:59.0692 4304 LSI_SAS2 - ok
10:51:59.0723 4304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:51:59.0723 4304 LSI_SCSI - ok
10:51:59.0754 4304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:51:59.0754 4304 luafv - ok
10:51:59.0786 4304 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:51:59.0786 4304 mdmxsdk - ok
10:51:59.0817 4304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:51:59.0817 4304 megasas - ok
10:51:59.0833 4304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:51:59.0848 4304 MegaSR - ok
10:51:59.0879 4304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:51:59.0879 4304 Modem - ok
10:51:59.0895 4304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:51:59.0895 4304 monitor - ok
10:51:59.0942 4304 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
10:51:59.0942 4304 motandroidusb - ok
10:52:00.0004 4304 motccgp (5d1080dbd8ec5f2d6e550e01398e17cf) C:\Windows\system32\DRIVERS\motccgp.sys
10:52:00.0004 4304 motccgp - ok
10:52:00.0036 4304 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
10:52:00.0051 4304 motccgpfl - ok
10:52:00.0083 4304 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
10:52:00.0083 4304 MotDev - ok
10:52:00.0114 4304 motmodem (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motmodem.sys
10:52:00.0114 4304 motmodem - ok
10:52:00.0192 4304 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
10:52:00.0192 4304 MotoSwitchService - ok
10:52:00.0208 4304 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
10:52:00.0208 4304 Motousbnet - ok
10:52:00.0239 4304 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
10:52:00.0239 4304 motusbdevice - ok
10:52:00.0286 4304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:52:00.0286 4304 mouclass - ok
10:52:00.0333 4304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:00.0333 4304 mouhid - ok
10:52:00.0364 4304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:52:00.0364 4304 mountmgr - ok
10:52:00.0411 4304 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
10:52:00.0411 4304 MpFilter - ok
10:52:00.0442 4304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:52:00.0442 4304 mpio - ok
10:52:00.0473 4304 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:52:00.0473 4304 MpNWMon - ok
10:52:00.0489 4304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:52:00.0489 4304 mpsdrv - ok
10:52:00.0536 4304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:52:00.0536 4304 MRxDAV - ok
10:52:00.0567 4304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:00.0567 4304 mrxsmb - ok
10:52:00.0598 4304 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:00.0614 4304 mrxsmb10 - ok
10:52:00.0629 4304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:00.0629 4304 mrxsmb20 - ok
10:52:00.0661 4304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:52:00.0661 4304 msahci - ok
10:52:00.0692 4304 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:52:00.0708 4304 msdsm - ok
10:52:00.0770 4304 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
10:52:00.0770 4304 MSDV - ok
10:52:00.0801 4304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:52:00.0801 4304 Msfs - ok
10:52:00.0833 4304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:00.0833 4304 mshidkmdf - ok
10:52:00.0864 4304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:52:00.0864 4304 msisadrv - ok
10:52:00.0895 4304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:52:00.0911 4304 MSKSSRV - ok
10:52:00.0942 4304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:52:00.0942 4304 MSPCLOCK - ok
10:52:00.0958 4304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:52:00.0973 4304 MSPQM - ok
10:52:01.0004 4304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:52:01.0004 4304 MsRPC - ok
10:52:01.0036 4304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:52:01.0036 4304 mssmbios - ok
10:52:01.0051 4304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:52:01.0051 4304 MSTEE - ok
10:52:01.0083 4304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:52:01.0083 4304 MTConfig - ok
10:52:01.0098 4304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:52:01.0098 4304 Mup - ok
10:52:01.0145 4304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:52:01.0161 4304 NativeWifiP - ok
10:52:01.0208 4304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:52:01.0223 4304 NDIS - ok
10:52:01.0270 4304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:52:01.0286 4304 NdisCap - ok
10:52:01.0317 4304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:52:01.0317 4304 NdisTapi - ok
10:52:01.0348 4304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:52:01.0348 4304 Ndisuio - ok
10:52:01.0395 4304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:52:01.0395 4304 NdisWan - ok
10:52:01.0426 4304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:52:01.0426 4304 NDProxy - ok
10:52:01.0442 4304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:52:01.0442 4304 NetBIOS - ok
10:52:01.0473 4304 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:52:01.0489 4304 NetBT - ok
10:52:01.0536 4304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:52:01.0536 4304 nfrd960 - ok
10:52:01.0567 4304 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:52:01.0567 4304 NisDrv - ok
10:52:01.0583 4304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:52:01.0583 4304 Npfs - ok
10:52:01.0614 4304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:52:01.0614 4304 nsiproxy - ok
10:52:01.0676 4304 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:52:01.0708 4304 Ntfs - ok
10:52:01.0723 4304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:52:01.0723 4304 Null - ok
10:52:01.0770 4304 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:52:01.0770 4304 nvraid - ok
10:52:01.0786 4304 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:52:01.0801 4304 nvstor - ok
10:52:01.0833 4304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:52:01.0833 4304 nv_agp - ok
10:52:01.0864 4304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:52:01.0864 4304 ohci1394 - ok
10:52:01.0895 4304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:52:01.0895 4304 Parport - ok
10:52:01.0926 4304 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:52:01.0926 4304 partmgr - ok
10:52:01.0958 4304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:52:01.0958 4304 pci - ok
10:52:01.0973 4304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:52:01.0973 4304 pciide - ok
10:52:02.0004 4304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:52:02.0004 4304 pcmcia - ok
10:52:02.0020 4304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:52:02.0020 4304 pcw - ok
10:52:02.0051 4304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:52:02.0067 4304 PEAUTH - ok
10:52:02.0145 4304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:52:02.0145 4304 PptpMiniport - ok
10:52:02.0161 4304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:52:02.0161 4304 Processor - ok
10:52:02.0208 4304 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:52:02.0208 4304 Psched - ok
10:52:02.0254 4304 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:52:02.0254 4304 PxHlpa64 - ok
10:52:02.0317 4304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:52:02.0333 4304 ql2300 - ok
10:52:02.0348 4304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:52:02.0364 4304 ql40xx - ok
10:52:02.0379 4304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:52:02.0379 4304 QWAVEdrv - ok
10:52:02.0395 4304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:52:02.0395 4304 RasAcd - ok
10:52:02.0442 4304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:52:02.0442 4304 RasAgileVpn - ok
10:52:02.0473 4304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:52:02.0473 4304 Rasl2tp - ok
10:52:02.0489 4304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:52:02.0489 4304 RasPppoe - ok
10:52:02.0520 4304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:52:02.0520 4304 RasSstp - ok
10:52:02.0551 4304 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:52:02.0567 4304 rdbss - ok
10:52:02.0583 4304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:52:02.0583 4304 rdpbus - ok
10:52:02.0598 4304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:52:02.0598 4304 RDPCDD - ok
10:52:02.0676 4304 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:52:02.0676 4304 RDPDR - ok
10:52:02.0770 4304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:52:02.0786 4304 RDPENCDD - ok
10:52:02.0989 4304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:52:02.0989 4304 RDPREFMP - ok
10:52:03.0145 4304 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:52:03.0145 4304 RdpVideoMiniport - ok
10:52:03.0192 4304 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:52:03.0208 4304 RDPWD - ok
10:52:03.0286 4304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:52:03.0301 4304 rdyboost - ok
10:52:03.0364 4304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:52:03.0364 4304 rspndr - ok
10:52:03.0395 4304 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:52:03.0411 4304 s3cap - ok
10:52:03.0473 4304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:52:03.0473 4304 sbp2port - ok
10:52:03.0567 4304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:52:03.0583 4304 scfilter - ok
10:52:03.0692 4304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:52:03.0692 4304 secdrv - ok
10:52:03.0723 4304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:52:03.0723 4304 Serenum - ok
10:52:03.0770 4304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:52:03.0786 4304 Serial - ok
10:52:03.0817 4304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:52:03.0833 4304 sermouse - ok
10:52:03.0942 4304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:52:03.0958 4304 sffdisk - ok
10:52:03.0973 4304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:52:03.0973 4304 sffp_mmc - ok
10:52:03.0973 4304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:52:03.0973 4304 sffp_sd - ok
10:52:04.0004 4304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:52:04.0004 4304 sfloppy - ok
10:52:04.0051 4304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:52:04.0051 4304 SiSRaid2 - ok
10:52:04.0067 4304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:52:04.0067 4304 SiSRaid4 - ok
10:52:04.0098 4304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:52:04.0129 4304 Smb - ok
10:52:04.0239 4304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:52:04.0239 4304 spldr - ok
10:52:04.0348 4304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:52:04.0379 4304 srv - ok
10:52:04.0520 4304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:52:04.0536 4304 srv2 - ok
10:52:04.0676 4304 SrvHsfPCI (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
10:52:04.0676 4304 SrvHsfPCI - ok
10:52:05.0193 4304 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:52:05.0208 4304 SrvHsfV92 - ok
10:52:05.0787 4304 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:52:05.0818 4304 SrvHsfWinac - ok
10:52:05.0865 4304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:52:05.0880 4304 srvnet - ok
10:52:05.0990 4304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:52:05.0990 4304 stexstor - ok
10:52:06.0099 4304 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:52:06.0099 4304 storflt - ok
10:52:06.0193 4304 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:52:06.0193 4304 storvsc - ok
10:52:06.0224 4304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:52:06.0240 4304 swenum - ok
10:52:06.0396 4304 Synth3dVsc - ok
10:52:06.0755 4304 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:52:06.0787 4304 Tcpip - ok
10:52:06.0880 4304 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:52:06.0896 4304 TCPIP6 - ok
10:52:06.0958 4304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:52:06.0974 4304 tcpipreg - ok
10:52:07.0021 4304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:52:07.0037 4304 TDPIPE - ok
10:52:07.0083 4304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:52:07.0083 4304 TDTCP - ok
10:52:07.0177 4304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:52:07.0208 4304 tdx - ok
10:52:07.0302 4304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:52:07.0318 4304 TermDD - ok
10:52:07.0474 4304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:52:07.0490 4304 tssecsrv - ok
10:52:07.0599 4304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:52:07.0599 4304 TsUsbFlt - ok
10:52:07.0677 4304 tsusbhub - ok
10:52:07.0787 4304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:52:07.0802 4304 tunnel - ok
10:52:07.0849 4304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:52:07.0849 4304 uagp35 - ok
10:52:07.0943 4304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:52:07.0958 4304 udfs - ok
10:52:08.0052 4304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:52:08.0052 4304 uliagpkx - ok
10:52:08.0149 4304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:52:08.0151 4304 umbus - ok
10:52:08.0262 4304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:52:08.0280 4304 UmPass - ok
10:52:08.0378 4304 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:52:08.0380 4304 USBAAPL64 - ok
10:52:08.0448 4304 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:52:08.0450 4304 usbccgp - ok
10:52:08.0494 4304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:52:08.0507 4304 usbcir - ok
10:52:08.0582 4304 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:52:08.0599 4304 usbehci - ok
10:52:08.0670 4304 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:52:08.0690 4304 usbhub - ok
10:52:08.0742 4304 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:52:08.0775 4304 usbohci - ok
10:52:08.0836 4304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:52:08.0852 4304 usbprint - ok
10:52:08.0955 4304 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:52:08.0965 4304 usbscan - ok
10:52:09.0065 4304 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:52:09.0066 4304 USBSTOR - ok
10:52:09.0117 4304 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:52:09.0117 4304 usbuhci - ok
10:52:09.0226 4304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:52:09.0226 4304 vdrvroot - ok
10:52:09.0367 4304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:52:09.0367 4304 vga - ok
10:52:09.0429 4304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:52:09.0445 4304 VgaSave - ok
10:52:09.0492 4304 VGPU - ok
10:52:09.0554 4304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:52:09.0554 4304 vhdmp - ok
10:52:09.0585 4304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:52:09.0585 4304 viaide - ok
10:52:09.0664 4304 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:52:09.0695 4304 vmbus - ok
10:52:09.0726 4304 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:52:09.0726 4304 VMBusHID - ok
10:52:09.0773 4304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:52:09.0789 4304 volmgr - ok
10:52:09.0945 4304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:52:09.0960 4304 volmgrx - ok
10:52:10.0085 4304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:52:10.0101 4304 volsnap - ok
10:52:10.0195 4304 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
10:52:10.0210 4304 vpcbus - ok
10:52:10.0273 4304 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:52:10.0273 4304 vpcnfltr - ok
10:52:10.0367 4304 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
10:52:10.0367 4304 vpcusb - ok
10:52:10.0492 4304 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
10:52:10.0507 4304 vpcvmm - ok
10:52:10.0617 4304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:52:10.0632 4304 vsmraid - ok
10:52:10.0773 4304 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
10:52:10.0789 4304 VST64HWBS2 - ok
10:52:10.0992 4304 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:52:11.0132 4304 VST64_DPV - ok
10:52:11.0179 4304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:52:11.0179 4304 vwifibus - ok
10:52:11.0195 4304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:52:11.0195 4304 WacomPen - ok
10:52:11.0242 4304 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:11.0242 4304 WANARP - ok
10:52:11.0257 4304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:11.0257 4304 Wanarpv6 - ok
10:52:11.0320 4304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:52:11.0320 4304 Wd - ok
10:52:11.0351 4304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:52:11.0367 4304 Wdf01000 - ok
10:52:11.0460 4304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:11.0460 4304 WfpLwf - ok
10:52:11.0507 4304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:52:11.0523 4304 WIMMount - ok
10:52:11.0773 4304 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:52:11.0789 4304 winachsf - ok
10:52:13.0632 4304 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:52:13.0632 4304 WinUsb - ok
10:52:13.0757 4304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:52:13.0757 4304 WmiAcpi - ok
10:52:13.0898 4304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:52:13.0914 4304 ws2ifsl - ok
10:52:13.0976 4304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:52:13.0992 4304 WudfPf - ok
10:52:14.0085 4304 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:14.0085 4304 WUDFRd - ok
10:52:14.0148 4304 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
10:52:14.0148 4304 XAudio - ok
10:52:14.0226 4304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:52:14.0242 4304 \Device\Harddisk0\DR0 - ok
10:52:14.0242 4304 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:52:14.0273 4304 \Device\Harddisk1\DR1 - ok
10:52:14.0742 4304 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
10:52:14.0742 4304 \Device\Harddisk5\DR5 - ok
10:52:14.0757 4304 Boot (0x1200) (37c09f010a8d6d17c3e8530e3ad37682) \Device\Harddisk0\DR0\Partition0
10:52:14.0773 4304 \Device\Harddisk0\DR0\Partition0 - ok
10:52:14.0804 4304 Boot (0x1200) (f66c2614559c440d636ac7f9a52b68d1) \Device\Harddisk0\DR0\Partition1
10:52:14.0804 4304 \Device\Harddisk0\DR0\Partition1 - ok
10:52:14.0804 4304 Boot (0x1200) (2f4e5720b33404bc91deeb1c8880375d) \Device\Harddisk1\DR1\Partition0
10:52:14.0804 4304 \Device\Harddisk1\DR1\Partition0 - ok
10:52:14.0804 4304 Boot (0x1200) (61e58b101a9be959a88c586cc1eef245) \Device\Harddisk5\DR5\Partition0
10:52:14.0804 4304 \Device\Harddisk5\DR5\Partition0 - ok
10:52:14.0820 4304 ============================================================
10:52:14.0820 4304 Scan finished
10:52:14.0820 4304 ============================================================
10:52:14.0835 1956 Detected object count: 0
10:52:14.0835 1956 Actual detected object count: 0

Edited by mechjames, 22 November 2011 - 08:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users