Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS - Google Keeps Redirecting


  • This topic is locked This topic is locked
49 replies to this topic

#1 Dick R

Dick R

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 December 2011 - 10:03 AM

I had and was able to remove System Fix...however, I could never get TDSSKiller to run...it is now apparent that I have a TDSS infection and need to get TDSSKiller to run. Clicking on the results of Google searches takes me to incorrect sites. I have tried many different names for TDSSKiller, including iexplore.com and none work. I get the "do you want to run this program" message and that's it...nothing.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Dick at 9:45:56 on 2011-12-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4290 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Dick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Logitech\SetPoint\KEM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.appstate.edu/
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111217093004.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Dick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [SetPoint] "C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: 3dicc.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D3266328-4B60-4C26-B514-07821FE0FCF3} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111217093004.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [SetPoint] "C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dick\AppData\Roaming\Mozilla\Firefox\Profiles\faqlxk7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.appstate.edu/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13128.dll
FF - plugin: C:\Program Files (x86)\The Venue Network\nptvn.dll
FF - plugin: C:\Program Files (x86)\web.alive\web.alive-2.5.37\System\npwebalive_2_5b_37.dll
FF - plugin: C:\Program Files (x86)\web.alive\web.alive-2.5.38\System\npwebalive_2_5b_38.dll
FF - plugin: C:\Program Files (x86)\web.alive\web.alive-2.5.40\System\npwebalive_2_5b_40.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dick\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Dick\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Dick\AppData\Roaming\Mozilla\plugins\NPOpenQwaq.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/13 17:12:35];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-7-13 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-13 92160]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-17 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-17 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-17 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-17 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-12-21 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-12-21 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 828944]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-12-14 155552]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam C160(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-10-11 102752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys --> C:\Windows\system32\DRIVERS\tap0801.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-22 14:01:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D9646C0-B040-4776-A7FC-2F7928070B9D}\offreg.dll
2011-12-22 14:01:04 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D9646C0-B040-4776-A7FC-2F7928070B9D}\mpengine.dll
2011-12-17 14:30:02 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-12-15 14:32:43 -------- d-----w- C:\Program Files\iTunes
2011-12-15 14:32:43 -------- d-----w- C:\Program Files\iPod
2011-12-15 14:32:43 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-15 13:41:08 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 13:41:07 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 13:41:06 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 13:41:06 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 13:40:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 13:40:59 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-12-05 13:57:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-18 19:32:28 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 9:54:58.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 23 December 2011 - 11:29 AM

Hmmm, got TDSSkiller to run today by doing a fresh download and "not" renaming it. TDSSkiller did not find any problems but I am still getting redirects:

Below is the TDSSkiller log:

11:20:43.0454 4984 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:20:45.0455 4984 ============================================================
11:20:45.0455 4984 Current date / time: 2011/12/23 11:20:45.0455
11:20:45.0455 4984 SystemInfo:
11:20:45.0455 4984
11:20:45.0455 4984 OS Version: 6.1.7601 ServicePack: 1.0
11:20:45.0455 4984 Product type: Workstation
11:20:45.0455 4984 ComputerName: XPS-STUDIO-2009
11:20:45.0456 4984 UserName: Dick
11:20:45.0456 4984 Windows directory: C:\Windows
11:20:45.0456 4984 System windows directory: C:\Windows
11:20:45.0456 4984 Running under WOW64
11:20:45.0456 4984 Processor architecture: Intel x64
11:20:45.0456 4984 Number of processors: 8
11:20:45.0456 4984 Page size: 0x1000
11:20:45.0456 4984 Boot type: Normal boot
11:20:45.0456 4984 ============================================================
11:20:45.0838 4984 Initialize success
11:20:47.0379 4228 ============================================================
11:20:47.0379 4228 Scan started
11:20:47.0379 4228 Mode: Manual;
11:20:47.0379 4228 ============================================================
11:20:47.0975 4228 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:20:47.0977 4228 1394ohci - ok
11:20:48.0022 4228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:20:48.0024 4228 ACPI - ok
11:20:48.0041 4228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:20:48.0042 4228 AcpiPmi - ok
11:20:48.0105 4228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:20:48.0111 4228 adp94xx - ok
11:20:48.0127 4228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:20:48.0131 4228 adpahci - ok
11:20:48.0146 4228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:20:48.0149 4228 adpu320 - ok
11:20:48.0193 4228 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:20:48.0198 4228 AFD - ok
11:20:48.0228 4228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:20:48.0230 4228 agp440 - ok
11:20:48.0249 4228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:20:48.0250 4228 aliide - ok
11:20:48.0258 4228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:20:48.0259 4228 amdide - ok
11:20:48.0273 4228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:20:48.0274 4228 AmdK8 - ok
11:20:48.0296 4228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:20:48.0297 4228 AmdPPM - ok
11:20:48.0332 4228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:20:48.0334 4228 amdsata - ok
11:20:48.0355 4228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:20:48.0358 4228 amdsbs - ok
11:20:48.0376 4228 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:20:48.0377 4228 amdxata - ok
11:20:48.0401 4228 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:20:48.0402 4228 AppID - ok
11:20:48.0449 4228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:20:48.0451 4228 arc - ok
11:20:48.0463 4228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:20:48.0465 4228 arcsas - ok
11:20:48.0493 4228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:48.0494 4228 AsyncMac - ok
11:20:48.0523 4228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:20:48.0524 4228 atapi - ok
11:20:48.0561 4228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:20:48.0567 4228 b06bdrv - ok
11:20:48.0589 4228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:48.0592 4228 b57nd60a - ok
11:20:48.0612 4228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:48.0612 4228 Beep - ok
11:20:48.0645 4228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:48.0646 4228 blbdrive - ok
11:20:48.0696 4228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:48.0698 4228 bowser - ok
11:20:48.0713 4228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:20:48.0714 4228 BrFiltLo - ok
11:20:48.0725 4228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:20:48.0726 4228 BrFiltUp - ok
11:20:48.0752 4228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:48.0756 4228 Brserid - ok
11:20:48.0777 4228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:48.0778 4228 BrSerWdm - ok
11:20:48.0795 4228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:48.0796 4228 BrUsbMdm - ok
11:20:48.0808 4228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:48.0809 4228 BrUsbSer - ok
11:20:48.0876 4228 BstHdDrv (cda9913a7ce9f0e5e4c961aa34b024a2) C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
11:20:48.0878 4228 BstHdDrv - ok
11:20:48.0895 4228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:20:48.0896 4228 BTHMODEM - ok
11:20:48.0932 4228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:48.0933 4228 cdfs - ok
11:20:48.0967 4228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:20:48.0969 4228 cdrom - ok
11:20:48.0999 4228 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
11:20:49.0000 4228 cfwids - ok
11:20:49.0026 4228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:20:49.0027 4228 circlass - ok
11:20:49.0060 4228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:49.0065 4228 CLFS - ok
11:20:49.0112 4228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:20:49.0113 4228 CmBatt - ok
11:20:49.0137 4228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:49.0138 4228 cmdide - ok
11:20:49.0166 4228 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:20:49.0171 4228 CNG - ok
11:20:49.0198 4228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:20:49.0199 4228 Compbatt - ok
11:20:49.0233 4228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:20:49.0234 4228 CompositeBus - ok
11:20:49.0253 4228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:20:49.0254 4228 crcdisk - ok
11:20:49.0306 4228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:49.0308 4228 DfsC - ok
11:20:49.0329 4228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:49.0330 4228 discache - ok
11:20:49.0359 4228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:20:49.0360 4228 Disk - ok
11:20:49.0405 4228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:49.0406 4228 drmkaud - ok
11:20:49.0447 4228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:49.0459 4228 DXGKrnl - ok
11:20:49.0537 4228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:20:49.0597 4228 ebdrv - ok
11:20:49.0630 4228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:20:49.0635 4228 elxstor - ok
11:20:49.0667 4228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:49.0668 4228 ErrDev - ok
11:20:49.0699 4228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:49.0702 4228 exfat - ok
11:20:49.0725 4228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:49.0728 4228 fastfat - ok
11:20:49.0745 4228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:20:49.0746 4228 fdc - ok
11:20:49.0767 4228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:49.0769 4228 FileInfo - ok
11:20:49.0779 4228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:49.0781 4228 Filetrace - ok
11:20:49.0792 4228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:20:49.0793 4228 flpydisk - ok
11:20:49.0822 4228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:49.0826 4228 FltMgr - ok
11:20:49.0847 4228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:49.0849 4228 FsDepends - ok
11:20:49.0872 4228 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:20:49.0873 4228 fssfltr - ok
11:20:49.0895 4228 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:49.0896 4228 Fs_Rec - ok
11:20:49.0923 4228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:49.0926 4228 fvevol - ok
11:20:49.0955 4228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:20:49.0957 4228 gagp30kx - ok
11:20:49.0989 4228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:49.0990 4228 GEARAspiWDM - ok
11:20:50.0006 4228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:50.0008 4228 hcw85cir - ok
11:20:50.0053 4228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:20:50.0057 4228 HdAudAddService - ok
11:20:50.0088 4228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:20:50.0089 4228 HDAudBus - ok
11:20:50.0108 4228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:20:50.0110 4228 HidBatt - ok
11:20:50.0130 4228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:20:50.0132 4228 HidBth - ok
11:20:50.0175 4228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:20:50.0176 4228 HidIr - ok
11:20:50.0201 4228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:20:50.0202 4228 HidUsb - ok
11:20:50.0229 4228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:50.0231 4228 HpSAMD - ok
11:20:50.0271 4228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:50.0280 4228 HTTP - ok
11:20:50.0313 4228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:50.0314 4228 hwpolicy - ok
11:20:50.0340 4228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:20:50.0342 4228 i8042prt - ok
11:20:50.0382 4228 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
11:20:50.0386 4228 iaStor - ok
11:20:50.0416 4228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:50.0421 4228 iaStorV - ok
11:20:50.0461 4228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:20:50.0463 4228 iirsp - ok
11:20:50.0533 4228 IntcAzAudAddService (0a5ccf2a30b7ed158f616728d3268fb1) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:50.0566 4228 IntcAzAudAddService - ok
11:20:50.0588 4228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:50.0589 4228 intelide - ok
11:20:50.0621 4228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:50.0622 4228 intelppm - ok
11:20:50.0664 4228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:50.0665 4228 IpFilterDriver - ok
11:20:50.0691 4228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:50.0693 4228 IPMIDRV - ok
11:20:50.0717 4228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:50.0719 4228 IPNAT - ok
11:20:50.0755 4228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:20:50.0756 4228 IRENUM - ok
11:20:50.0779 4228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:20:50.0780 4228 isapnp - ok
11:20:50.0802 4228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:20:50.0806 4228 iScsiPrt - ok
11:20:50.0841 4228 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
11:20:50.0843 4228 JRAID - ok
11:20:50.0861 4228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:20:50.0862 4228 kbdclass - ok
11:20:50.0892 4228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:20:50.0893 4228 kbdhid - ok
11:20:50.0911 4228 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:20:50.0913 4228 KSecDD - ok
11:20:50.0945 4228 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:20:50.0947 4228 KSecPkg - ok
11:20:50.0981 4228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:20:50.0982 4228 ksthunk - ok
11:20:51.0020 4228 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:20:51.0022 4228 LHidFilt - ok
11:20:51.0064 4228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:20:51.0066 4228 lltdio - ok
11:20:51.0089 4228 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:20:51.0091 4228 LMouFilt - ok
11:20:51.0121 4228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:20:51.0124 4228 LSI_FC - ok
11:20:51.0144 4228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:20:51.0146 4228 LSI_SAS - ok
11:20:51.0159 4228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:20:51.0161 4228 LSI_SAS2 - ok
11:20:51.0180 4228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:20:51.0182 4228 LSI_SCSI - ok
11:20:51.0213 4228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:20:51.0216 4228 luafv - ok
11:20:51.0232 4228 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
11:20:51.0233 4228 LUsbFilt - ok
11:20:51.0270 4228 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:20:51.0271 4228 LVPr2M64 - ok
11:20:51.0275 4228 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:20:51.0275 4228 LVPr2Mon - ok
11:20:51.0310 4228 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
11:20:51.0314 4228 LVRS64 - ok
11:20:51.0398 4228 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:20:51.0474 4228 LVUVC64 - ok
11:20:51.0506 4228 MBAMProtector - ok
11:20:51.0582 4228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:20:51.0583 4228 megasas - ok
11:20:51.0612 4228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:20:51.0616 4228 MegaSR - ok
11:20:51.0639 4228 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
11:20:51.0641 4228 mfeapfk - ok
11:20:51.0665 4228 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
11:20:51.0669 4228 mfeavfk - ok
11:20:51.0679 4228 mfeavfk01 - ok
11:20:51.0716 4228 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
11:20:51.0722 4228 mfefirek - ok
11:20:51.0758 4228 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
11:20:51.0766 4228 mfehidk - ok
11:20:51.0798 4228 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:20:51.0800 4228 mfenlfk - ok
11:20:51.0830 4228 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
11:20:51.0831 4228 mferkdet - ok
11:20:51.0856 4228 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
11:20:51.0860 4228 mfewfpk - ok
11:20:51.0881 4228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:20:51.0883 4228 Modem - ok
11:20:51.0905 4228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:20:51.0906 4228 monitor - ok
11:20:51.0956 4228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:20:51.0957 4228 mouclass - ok
11:20:51.0983 4228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:20:51.0984 4228 mouhid - ok
11:20:52.0020 4228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:20:52.0022 4228 mountmgr - ok
11:20:52.0054 4228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:20:52.0057 4228 mpio - ok
11:20:52.0069 4228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:20:52.0071 4228 mpsdrv - ok
11:20:52.0095 4228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:20:52.0098 4228 MRxDAV - ok
11:20:52.0125 4228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:52.0128 4228 mrxsmb - ok
11:20:52.0155 4228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:52.0159 4228 mrxsmb10 - ok
11:20:52.0175 4228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:52.0178 4228 mrxsmb20 - ok
11:20:52.0193 4228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:20:52.0194 4228 msahci - ok
11:20:52.0213 4228 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:20:52.0216 4228 msdsm - ok
11:20:52.0237 4228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:20:52.0238 4228 Msfs - ok
11:20:52.0263 4228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:20:52.0264 4228 mshidkmdf - ok
11:20:52.0283 4228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:20:52.0284 4228 msisadrv - ok
11:20:52.0315 4228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:20:52.0316 4228 MSKSSRV - ok
11:20:52.0333 4228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:52.0334 4228 MSPCLOCK - ok
11:20:52.0348 4228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:20:52.0349 4228 MSPQM - ok
11:20:52.0381 4228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:20:52.0386 4228 MsRPC - ok
11:20:52.0408 4228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:20:52.0409 4228 mssmbios - ok
11:20:52.0428 4228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:20:52.0429 4228 MSTEE - ok
11:20:52.0447 4228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:20:52.0448 4228 MTConfig - ok
11:20:52.0470 4228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:20:52.0471 4228 Mup - ok
11:20:52.0507 4228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:20:52.0512 4228 NativeWifiP - ok
11:20:52.0557 4228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:20:52.0568 4228 NDIS - ok
11:20:52.0584 4228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:20:52.0585 4228 NdisCap - ok
11:20:52.0608 4228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:52.0609 4228 NdisTapi - ok
11:20:52.0650 4228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:52.0652 4228 Ndisuio - ok
11:20:52.0674 4228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:52.0677 4228 NdisWan - ok
11:20:52.0700 4228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:20:52.0702 4228 NDProxy - ok
11:20:52.0714 4228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:20:52.0715 4228 NetBIOS - ok
11:20:52.0741 4228 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:20:52.0744 4228 NetBT - ok
11:20:52.0780 4228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:20:52.0781 4228 nfrd960 - ok
11:20:52.0807 4228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:20:52.0809 4228 Npfs - ok
11:20:52.0822 4228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:20:52.0823 4228 nsiproxy - ok
11:20:52.0876 4228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:20:52.0907 4228 Ntfs - ok
11:20:52.0929 4228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:20:52.0930 4228 Null - ok
11:20:52.0978 4228 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
11:20:52.0980 4228 NVHDA - ok
11:20:53.0188 4228 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:20:53.0370 4228 nvlddmkm - ok
11:20:53.0444 4228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:20:53.0447 4228 nvraid - ok
11:20:53.0482 4228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:20:53.0485 4228 nvstor - ok
11:20:53.0520 4228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:20:53.0522 4228 nv_agp - ok
11:20:53.0551 4228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:20:53.0553 4228 ohci1394 - ok
11:20:53.0594 4228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:20:53.0596 4228 Parport - ok
11:20:53.0629 4228 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:20:53.0630 4228 partmgr - ok
11:20:53.0661 4228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:20:53.0664 4228 pci - ok
11:20:53.0688 4228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:20:53.0690 4228 pciide - ok
11:20:53.0709 4228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:20:53.0712 4228 pcmcia - ok
11:20:53.0730 4228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:20:53.0731 4228 pcw - ok
11:20:53.0756 4228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:20:53.0763 4228 PEAUTH - ok
11:20:53.0848 4228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:20:53.0850 4228 PptpMiniport - ok
11:20:53.0871 4228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:20:53.0872 4228 Processor - ok
11:20:53.0908 4228 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:20:53.0910 4228 Psched - ok
11:20:53.0947 4228 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
11:20:53.0948 4228 PxHlpa64 - ok
11:20:54.0011 4228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:20:54.0036 4228 ql2300 - ok
11:20:54.0060 4228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:20:54.0062 4228 ql40xx - ok
11:20:54.0077 4228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:20:54.0079 4228 QWAVEdrv - ok
11:20:54.0100 4228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:20:54.0101 4228 RasAcd - ok
11:20:54.0132 4228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:20:54.0133 4228 RasAgileVpn - ok
11:20:54.0165 4228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:54.0167 4228 Rasl2tp - ok
11:20:54.0182 4228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:54.0184 4228 RasPppoe - ok
11:20:54.0194 4228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:20:54.0196 4228 RasSstp - ok
11:20:54.0210 4228 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:20:54.0214 4228 rdbss - ok
11:20:54.0224 4228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:20:54.0226 4228 rdpbus - ok
11:20:54.0245 4228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:54.0247 4228 RDPCDD - ok
11:20:54.0272 4228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:20:54.0273 4228 RDPENCDD - ok
11:20:54.0284 4228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:20:54.0285 4228 RDPREFMP - ok
11:20:54.0321 4228 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:20:54.0324 4228 RDPWD - ok
11:20:54.0357 4228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:20:54.0360 4228 rdyboost - ok
11:20:54.0387 4228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:20:54.0388 4228 rspndr - ok
11:20:54.0424 4228 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:20:54.0427 4228 RTL8167 - ok
11:20:54.0476 4228 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
11:20:54.0479 4228 RTL8169 - ok
11:20:54.0512 4228 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS
11:20:54.0513 4228 RTSTOR - ok
11:20:54.0534 4228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:20:54.0537 4228 sbp2port - ok
11:20:54.0566 4228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:20:54.0567 4228 scfilter - ok
11:20:54.0588 4228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:20:54.0590 4228 secdrv - ok
11:20:54.0624 4228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:20:54.0625 4228 Serenum - ok
11:20:54.0646 4228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:20:54.0648 4228 Serial - ok
11:20:54.0680 4228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:20:54.0681 4228 sermouse - ok
11:20:54.0720 4228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:20:54.0721 4228 sffdisk - ok
11:20:54.0730 4228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:20:54.0731 4228 sffp_mmc - ok
11:20:54.0741 4228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:20:54.0742 4228 sffp_sd - ok
11:20:54.0767 4228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:20:54.0768 4228 sfloppy - ok
11:20:54.0803 4228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:20:54.0804 4228 SiSRaid2 - ok
11:20:54.0823 4228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:20:54.0825 4228 SiSRaid4 - ok
11:20:54.0855 4228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:20:54.0857 4228 Smb - ok
11:20:54.0885 4228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:20:54.0886 4228 spldr - ok
11:20:54.0929 4228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:20:54.0935 4228 srv - ok
11:20:54.0959 4228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:20:54.0964 4228 srv2 - ok
11:20:54.0993 4228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:20:54.0996 4228 srvnet - ok
11:20:55.0025 4228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:20:55.0026 4228 stexstor - ok
11:20:55.0055 4228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:20:55.0056 4228 swenum - ok
11:20:55.0099 4228 tap0801 (8502bfc9c990567e4049358ec063d621) C:\Windows\system32\DRIVERS\tap0801.sys
11:20:55.0100 4228 tap0801 - ok
11:20:55.0160 4228 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:20:55.0187 4228 Tcpip - ok
11:20:55.0236 4228 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:20:55.0247 4228 TCPIP6 - ok
11:20:55.0301 4228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:20:55.0303 4228 tcpipreg - ok
11:20:55.0322 4228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:20:55.0323 4228 TDPIPE - ok
11:20:55.0340 4228 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:20:55.0342 4228 TDTCP - ok
11:20:55.0362 4228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:20:55.0364 4228 tdx - ok
11:20:55.0381 4228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:20:55.0383 4228 TermDD - ok
11:20:55.0423 4228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:20:55.0424 4228 tssecsrv - ok
11:20:55.0457 4228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:20:55.0459 4228 TsUsbFlt - ok
11:20:55.0484 4228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:20:55.0486 4228 tunnel - ok
11:20:55.0539 4228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:20:55.0541 4228 uagp35 - ok
11:20:55.0557 4228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:20:55.0562 4228 udfs - ok
11:20:55.0588 4228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:20:55.0590 4228 uliagpkx - ok
11:20:55.0621 4228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:20:55.0622 4228 umbus - ok
11:20:55.0650 4228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:20:55.0651 4228 UmPass - ok
11:20:55.0677 4228 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:20:55.0678 4228 usbaudio - ok
11:20:55.0690 4228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:20:55.0691 4228 usbccgp - ok
11:20:55.0730 4228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:20:55.0732 4228 usbcir - ok
11:20:55.0746 4228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:20:55.0747 4228 usbehci - ok
11:20:55.0768 4228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:20:55.0773 4228 usbhub - ok
11:20:55.0792 4228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:20:55.0793 4228 usbohci - ok
11:20:55.0811 4228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:20:55.0812 4228 usbprint - ok
11:20:55.0836 4228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:20:55.0838 4228 USBSTOR - ok
11:20:55.0853 4228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:20:55.0854 4228 usbuhci - ok
11:20:55.0873 4228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:20:55.0874 4228 vdrvroot - ok
11:20:55.0906 4228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:55.0907 4228 vga - ok
11:20:55.0922 4228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:20:55.0923 4228 VgaSave - ok
11:20:55.0947 4228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:20:55.0951 4228 vhdmp - ok
11:20:55.0988 4228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:20:55.0990 4228 viaide - ok
11:20:56.0012 4228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:20:56.0014 4228 volmgr - ok
11:20:56.0068 4228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:20:56.0073 4228 volmgrx - ok
11:20:56.0106 4228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:20:56.0111 4228 volsnap - ok
11:20:56.0129 4228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:20:56.0132 4228 vsmraid - ok
11:20:56.0155 4228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:20:56.0156 4228 vwifibus - ok
11:20:56.0180 4228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:20:56.0181 4228 WacomPen - ok
11:20:56.0200 4228 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:56.0202 4228 WANARP - ok
11:20:56.0206 4228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:20:56.0207 4228 Wanarpv6 - ok
11:20:56.0238 4228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:20:56.0240 4228 Wd - ok
11:20:56.0268 4228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:20:56.0275 4228 Wdf01000 - ok
11:20:56.0309 4228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:20:56.0309 4228 WfpLwf - ok
11:20:56.0347 4228 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:20:56.0350 4228 WimFltr - ok
11:20:56.0371 4228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:20:56.0373 4228 WIMMount - ok
11:20:56.0433 4228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:20:56.0433 4228 WmiAcpi - ok
11:20:56.0461 4228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:20:56.0463 4228 ws2ifsl - ok
11:20:56.0494 4228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:20:56.0495 4228 WudfPf - ok
11:20:56.0526 4228 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:20:56.0528 4228 WUDFRd - ok
11:20:56.0618 4228 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
11:20:56.0621 4228 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
11:20:56.0639 4228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:20:56.0697 4228 \Device\Harddisk0\DR0 - ok
11:20:56.0701 4228 Boot (0x1200) (134c0e012363c4c6516d3f27647f52a0) \Device\Harddisk0\DR0\Partition0
11:20:56.0702 4228 \Device\Harddisk0\DR0\Partition0 - ok
11:20:56.0712 4228 Boot (0x1200) (8a49e1400c53c21253d47df7871788fd) \Device\Harddisk0\DR0\Partition1
11:20:56.0713 4228 \Device\Harddisk0\DR0\Partition1 - ok
11:20:56.0714 4228 ============================================================
11:20:56.0714 4228 Scan finished
11:20:56.0714 4228 ============================================================
11:20:56.0722 5864 Detected object count: 0
11:20:56.0722 5864 Actual detected object count: 0
11:20:59.0150 4676 Deinitialize success

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 02:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 11:08 AM

No problems running combofix. Still have the Google redirect issue. No other problems.

ComboFix 11-12-24.10 - Dick 12/25/2011 10:04:02.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4817 [GMT -5:00]
Running from: c:\users\Dick\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Dick\GoToAssistDownloadHelper.exe
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 15:34 . 2011-12-25 15:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-25 15:34 . 2011-12-25 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-23 14:55 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28E63A93-7AA9-40C6-B25C-8CAFA027A0B1}\mpengine.dll
2011-12-17 14:30 . 2011-10-18 19:29 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
2011-12-15 14:32 . 2011-12-15 14:33 -------- d-----w- c:\program files\iTunes
2011-12-15 14:32 . 2011-12-15 14:33 -------- d-----w- c:\program files (x86)\iTunes
2011-12-15 14:32 . 2011-12-15 14:32 -------- d-----w- c:\program files\iPod
2011-12-15 13:41 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 13:41 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 13:41 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 13:41 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 13:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 13:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 13:57 . 2011-05-14 22:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 19:32 . 2010-12-21 16:55 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-15 18:16 . 2010-12-21 17:00 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 18:16 . 2010-12-21 17:00 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 18:16 . 2010-12-21 17:00 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 18:16 . 2010-12-21 17:00 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 18:16 . 2010-12-21 17:00 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 18:16 . 2010-12-21 17:00 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 18:16 . 2010-12-21 17:00 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-15 18:16 . 2010-10-14 03:28 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2010-10-14 03:28 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-29 16:29 . 2011-11-16 18:30 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
<pre>
c:\program files (x86)\iFolder\iFolderApp .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2011-10-11 160096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SetPoint"="c:\program files (x86)\Logitech\SetPoint\KEM.EXE" [2004-05-14 573440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2011-08-03 828944]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenVPN GUI.lnk - c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe [2009-11-20 104696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/07/13 17:12];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-25 00:19 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-10-11 74592]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2011-08-03 828944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-12-14 155552]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020669815-948962320-2056741333-1000Core.job
- c:\users\Dick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:25]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4020669815-948962320-2056741333-1000UA.job
- c:\users\Dick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:25]
.
2011-12-25 c:\windows\Tasks\Web.AliveUpdateTask.job
- c:\program files (x86)\web.alive\web.alive-2.5.40\System\WebAliveUpdater.exe [2011-09-02 08:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-17 16308768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-12-14 998304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.appstate.edu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: 3dicc.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.1.254
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF}
FF - ProfilePath - c:\users\Dick\AppData\Roaming\Mozilla\Firefox\Profiles\faqlxk7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.appstate.edu/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,87,cf,67,a3,86,a6,47,af,3d,33,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,87,cf,67,a3,86,a6,47,af,3d,33,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Logitech\SetPoint\KHALMNPR.EXE
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2011-12-25 11:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 16:00
.
Pre-Run: 663,165,620,224 bytes free
Post-Run: 663,293,751,296 bytes free
.
- - End Of File - - 954CDC849F102406AC723C7ED43CC189

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 02:43 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 04:02 PM

One download of tdsskiller did not run but another did. It did not find any issues on a scan.

My McAfee firewall told me that it was blocking a connection to a potentially risky ip...but my internet connection (DSL router dropped) and I lost that ip. Still have the redirect problem.

Below is the tdsskiller log:

15:46:25.0326 6500 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:46:25.0908 6500 ============================================================
15:46:25.0908 6500 Current date / time: 2011/12/25 15:46:25.0908
15:46:25.0908 6500 SystemInfo:
15:46:25.0908 6500
15:46:25.0908 6500 OS Version: 6.1.7601 ServicePack: 1.0
15:46:25.0908 6500 Product type: Workstation
15:46:25.0908 6500 ComputerName: XPS-STUDIO-2009
15:46:25.0908 6500 UserName: Dick
15:46:25.0908 6500 Windows directory: C:\Windows
15:46:25.0908 6500 System windows directory: C:\Windows
15:46:25.0908 6500 Running under WOW64
15:46:25.0908 6500 Processor architecture: Intel x64
15:46:25.0908 6500 Number of processors: 8
15:46:25.0908 6500 Page size: 0x1000
15:46:25.0908 6500 Boot type: Normal boot
15:46:25.0908 6500 ============================================================
15:46:27.0214 6500 Initialize success
15:46:29.0677 4964 ============================================================
15:46:29.0677 4964 Scan started
15:46:29.0677 4964 Mode: Manual;
15:46:29.0677 4964 ============================================================
15:46:30.0267 4964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:46:30.0269 4964 1394ohci - ok
15:46:30.0455 4964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:46:30.0459 4964 ACPI - ok
15:46:30.0577 4964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:46:30.0578 4964 AcpiPmi - ok
15:46:30.0863 4964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:46:30.0911 4964 adp94xx - ok
15:46:31.0091 4964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:46:31.0096 4964 adpahci - ok
15:46:31.0296 4964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:46:31.0298 4964 adpu320 - ok
15:46:31.0460 4964 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:46:31.0464 4964 AFD - ok
15:46:31.0638 4964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:46:31.0640 4964 agp440 - ok
15:46:31.0828 4964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:46:31.0829 4964 aliide - ok
15:46:32.0000 4964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:46:32.0001 4964 amdide - ok
15:46:32.0176 4964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:46:32.0178 4964 AmdK8 - ok
15:46:32.0321 4964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:46:32.0322 4964 AmdPPM - ok
15:46:32.0481 4964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:46:32.0484 4964 amdsata - ok
15:46:32.0663 4964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:46:32.0684 4964 amdsbs - ok
15:46:32.0884 4964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:46:32.0885 4964 amdxata - ok
15:46:33.0051 4964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:46:33.0053 4964 AppID - ok
15:46:33.0271 4964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:46:33.0273 4964 arc - ok
15:46:33.0454 4964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:46:33.0456 4964 arcsas - ok
15:46:33.0660 4964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:33.0661 4964 AsyncMac - ok
15:46:33.0833 4964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:46:33.0834 4964 atapi - ok
15:46:34.0104 4964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:46:34.0146 4964 b06bdrv - ok
15:46:34.0293 4964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:34.0297 4964 b57nd60a - ok
15:46:34.0545 4964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:46:34.0546 4964 Beep - ok
15:46:34.0779 4964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:34.0780 4964 blbdrive - ok
15:46:35.0013 4964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:46:35.0015 4964 bowser - ok
15:46:35.0173 4964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:46:35.0174 4964 BrFiltLo - ok
15:46:35.0321 4964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:46:35.0322 4964 BrFiltUp - ok
15:46:35.0535 4964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:46:35.0577 4964 Brserid - ok
15:46:35.0731 4964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:35.0753 4964 BrSerWdm - ok
15:46:35.0925 4964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:35.0926 4964 BrUsbMdm - ok
15:46:36.0106 4964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:36.0108 4964 BrUsbSer - ok
15:46:36.0343 4964 BstHdDrv (cda9913a7ce9f0e5e4c961aa34b024a2) C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
15:46:36.0344 4964 BstHdDrv - ok
15:46:36.0483 4964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:46:36.0484 4964 BTHMODEM - ok
15:46:36.0824 4964 catchme - ok
15:46:36.0990 4964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:46:36.0992 4964 cdfs - ok
15:46:37.0134 4964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:46:37.0136 4964 cdrom - ok
15:46:37.0289 4964 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
15:46:37.0290 4964 cfwids - ok
15:46:37.0395 4964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:46:37.0396 4964 circlass - ok
15:46:37.0519 4964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:46:37.0524 4964 CLFS - ok
15:46:37.0668 4964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:37.0669 4964 CmBatt - ok
15:46:37.0769 4964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:46:37.0770 4964 cmdide - ok
15:46:37.0949 4964 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:46:37.0955 4964 CNG - ok
15:46:38.0065 4964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:46:38.0066 4964 Compbatt - ok
15:46:38.0158 4964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:46:38.0159 4964 CompositeBus - ok
15:46:38.0253 4964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:46:38.0255 4964 crcdisk - ok
15:46:38.0364 4964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:46:38.0366 4964 DfsC - ok
15:46:38.0479 4964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:46:38.0480 4964 discache - ok
15:46:38.0642 4964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:46:38.0644 4964 Disk - ok
15:46:38.0889 4964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:46:38.0891 4964 drmkaud - ok
15:46:39.0056 4964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:39.0075 4964 DXGKrnl - ok
15:46:39.0213 4964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:46:39.0263 4964 ebdrv - ok
15:46:39.0406 4964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:46:39.0413 4964 elxstor - ok
15:46:39.0554 4964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:46:39.0555 4964 ErrDev - ok
15:46:39.0657 4964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:46:39.0660 4964 exfat - ok
15:46:39.0776 4964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:46:39.0777 4964 fastfat - ok
15:46:39.0898 4964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:46:39.0899 4964 fdc - ok
15:46:40.0025 4964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:46:40.0027 4964 FileInfo - ok
15:46:40.0138 4964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:46:40.0139 4964 Filetrace - ok
15:46:40.0244 4964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:40.0245 4964 flpydisk - ok
15:46:40.0373 4964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:46:40.0377 4964 FltMgr - ok
15:46:40.0522 4964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:46:40.0524 4964 FsDepends - ok
15:46:40.0630 4964 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:46:40.0631 4964 fssfltr - ok
15:46:40.0820 4964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:40.0821 4964 Fs_Rec - ok
15:46:40.0922 4964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:46:40.0925 4964 fvevol - ok
15:46:41.0025 4964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:41.0026 4964 gagp30kx - ok
15:46:41.0114 4964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:41.0115 4964 GEARAspiWDM - ok
15:46:41.0203 4964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:46:41.0204 4964 hcw85cir - ok
15:46:41.0314 4964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:46:41.0319 4964 HdAudAddService - ok
15:46:41.0422 4964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:46:41.0423 4964 HDAudBus - ok
15:46:41.0508 4964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:41.0509 4964 HidBatt - ok
15:46:41.0592 4964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:46:41.0595 4964 HidBth - ok
15:46:41.0691 4964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:46:41.0693 4964 HidIr - ok
15:46:41.0801 4964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:46:41.0802 4964 HidUsb - ok
15:46:41.0905 4964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:46:41.0907 4964 HpSAMD - ok
15:46:42.0004 4964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:46:42.0013 4964 HTTP - ok
15:46:42.0096 4964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:46:42.0097 4964 hwpolicy - ok
15:46:42.0137 4964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:46:42.0139 4964 i8042prt - ok
15:46:42.0182 4964 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:42.0187 4964 iaStor - ok
15:46:42.0225 4964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:46:42.0231 4964 iaStorV - ok
15:46:42.0266 4964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:46:42.0268 4964 iirsp - ok
15:46:42.0399 4964 IntcAzAudAddService (0a5ccf2a30b7ed158f616728d3268fb1) C:\Windows\system32\drivers\RTKVHD64.sys
15:46:42.0432 4964 IntcAzAudAddService - ok
15:46:42.0479 4964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:46:42.0481 4964 intelide - ok
15:46:42.0505 4964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:42.0506 4964 intelppm - ok
15:46:42.0539 4964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:42.0540 4964 IpFilterDriver - ok
15:46:42.0581 4964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:46:42.0583 4964 IPMIDRV - ok
15:46:42.0626 4964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:46:42.0628 4964 IPNAT - ok
15:46:42.0713 4964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:46:42.0714 4964 IRENUM - ok
15:46:42.0754 4964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:46:42.0755 4964 isapnp - ok
15:46:42.0790 4964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:46:42.0794 4964 iScsiPrt - ok
15:46:42.0832 4964 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
15:46:42.0834 4964 JRAID - ok
15:46:42.0861 4964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:46:42.0862 4964 kbdclass - ok
15:46:42.0892 4964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:46:42.0893 4964 kbdhid - ok
15:46:42.0933 4964 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:46:42.0934 4964 KSecDD - ok
15:46:42.0970 4964 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:46:42.0972 4964 KSecPkg - ok
15:46:43.0006 4964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:46:43.0007 4964 ksthunk - ok
15:46:43.0060 4964 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:46:43.0061 4964 LHidFilt - ok
15:46:43.0095 4964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:43.0097 4964 lltdio - ok
15:46:43.0117 4964 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:46:43.0119 4964 LMouFilt - ok
15:46:43.0163 4964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:43.0165 4964 LSI_FC - ok
15:46:43.0183 4964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:43.0186 4964 LSI_SAS - ok
15:46:43.0198 4964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:43.0199 4964 LSI_SAS2 - ok
15:46:43.0222 4964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:43.0224 4964 LSI_SCSI - ok
15:46:43.0247 4964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:46:43.0248 4964 luafv - ok
15:46:43.0273 4964 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
15:46:43.0274 4964 LUsbFilt - ok
15:46:43.0304 4964 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:46:43.0305 4964 LVPr2M64 - ok
15:46:43.0308 4964 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:46:43.0309 4964 LVPr2Mon - ok
15:46:43.0357 4964 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
15:46:43.0362 4964 LVRS64 - ok
15:46:43.0441 4964 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:46:43.0508 4964 LVUVC64 - ok
15:46:43.0547 4964 MBAMProtector - ok
15:46:43.0618 4964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:46:43.0619 4964 megasas - ok
15:46:43.0657 4964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:43.0661 4964 MegaSR - ok
15:46:43.0689 4964 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
15:46:43.0691 4964 mfeapfk - ok
15:46:43.0715 4964 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
15:46:43.0718 4964 mfeavfk - ok
15:46:43.0727 4964 mfeavfk01 - ok
15:46:43.0758 4964 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
15:46:43.0764 4964 mfefirek - ok
15:46:43.0791 4964 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
15:46:43.0799 4964 mfehidk - ok
15:46:43.0825 4964 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:46:43.0827 4964 mfenlfk - ok
15:46:43.0840 4964 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
15:46:43.0842 4964 mferkdet - ok
15:46:43.0864 4964 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
15:46:43.0868 4964 mfewfpk - ok
15:46:43.0906 4964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:46:43.0907 4964 Modem - ok
15:46:43.0939 4964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:46:43.0939 4964 monitor - ok
15:46:43.0964 4964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:46:43.0965 4964 mouclass - ok
15:46:43.0991 4964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:43.0992 4964 mouhid - ok
15:46:44.0029 4964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:46:44.0031 4964 mountmgr - ok
15:46:44.0062 4964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:46:44.0065 4964 mpio - ok
15:46:44.0086 4964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:46:44.0087 4964 mpsdrv - ok
15:46:44.0112 4964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:46:44.0114 4964 MRxDAV - ok
15:46:44.0142 4964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:44.0145 4964 mrxsmb - ok
15:46:44.0171 4964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:44.0175 4964 mrxsmb10 - ok
15:46:44.0192 4964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:44.0194 4964 mrxsmb20 - ok
15:46:44.0226 4964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:46:44.0228 4964 msahci - ok
15:46:44.0263 4964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:46:44.0266 4964 msdsm - ok
15:46:44.0303 4964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:44.0304 4964 Msfs - ok
15:46:44.0330 4964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:44.0331 4964 mshidkmdf - ok
15:46:44.0349 4964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:46:44.0350 4964 msisadrv - ok
15:46:44.0381 4964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:44.0382 4964 MSKSSRV - ok
15:46:44.0398 4964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:44.0399 4964 MSPCLOCK - ok
15:46:44.0413 4964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:44.0414 4964 MSPQM - ok
15:46:44.0446 4964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:46:44.0451 4964 MsRPC - ok
15:46:44.0482 4964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:46:44.0483 4964 mssmbios - ok
15:46:44.0502 4964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:44.0503 4964 MSTEE - ok
15:46:44.0521 4964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:44.0522 4964 MTConfig - ok
15:46:44.0544 4964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:44.0545 4964 Mup - ok
15:46:44.0581 4964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:44.0586 4964 NativeWifiP - ok
15:46:44.0639 4964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:46:44.0650 4964 NDIS - ok
15:46:44.0725 4964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:44.0726 4964 NdisCap - ok
15:46:44.0757 4964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:44.0758 4964 NdisTapi - ok
15:46:44.0799 4964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:44.0800 4964 Ndisuio - ok
15:46:44.0823 4964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:44.0826 4964 NdisWan - ok
15:46:44.0866 4964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:46:44.0867 4964 NDProxy - ok
15:46:44.0879 4964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:44.0881 4964 NetBIOS - ok
15:46:44.0906 4964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:46:44.0910 4964 NetBT - ok
15:46:44.0954 4964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:44.0955 4964 nfrd960 - ok
15:46:44.0981 4964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:44.0982 4964 Npfs - ok
15:46:45.0004 4964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:45.0005 4964 nsiproxy - ok
15:46:45.0066 4964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:46:45.0087 4964 Ntfs - ok
15:46:45.0103 4964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:45.0104 4964 Null - ok
15:46:45.0152 4964 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
15:46:45.0153 4964 NVHDA - ok
15:46:45.0359 4964 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:46:45.0542 4964 nvlddmkm - ok
15:46:45.0593 4964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:46:45.0596 4964 nvraid - ok
15:46:45.0639 4964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:46:45.0642 4964 nvstor - ok
15:46:45.0685 4964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:46:45.0687 4964 nv_agp - ok
15:46:45.0717 4964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:46:45.0719 4964 ohci1394 - ok
15:46:45.0759 4964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:45.0762 4964 Parport - ok
15:46:45.0794 4964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:46:45.0796 4964 partmgr - ok
15:46:45.0827 4964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:46:45.0830 4964 pci - ok
15:46:45.0846 4964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:46:45.0847 4964 pciide - ok
15:46:45.0866 4964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:45.0870 4964 pcmcia - ok
15:46:45.0887 4964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:45.0889 4964 pcw - ok
15:46:45.0913 4964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:45.0921 4964 PEAUTH - ok
15:46:45.0981 4964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:45.0983 4964 PptpMiniport - ok
15:46:46.0003 4964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:46.0005 4964 Processor - ok
15:46:46.0040 4964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:46:46.0042 4964 Psched - ok
15:46:46.0070 4964 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
15:46:46.0072 4964 PxHlpa64 - ok
15:46:46.0118 4964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:46.0140 4964 ql2300 - ok
15:46:46.0154 4964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:46.0156 4964 ql40xx - ok
15:46:46.0176 4964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:46.0178 4964 QWAVEdrv - ok
15:46:46.0199 4964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:46.0200 4964 RasAcd - ok
15:46:46.0231 4964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:46.0232 4964 RasAgileVpn - ok
15:46:46.0264 4964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:46.0266 4964 Rasl2tp - ok
15:46:46.0281 4964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:46.0283 4964 RasPppoe - ok
15:46:46.0293 4964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:46.0294 4964 RasSstp - ok
15:46:46.0318 4964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:46.0322 4964 rdbss - ok
15:46:46.0331 4964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:46.0332 4964 rdpbus - ok
15:46:46.0344 4964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:46.0345 4964 RDPCDD - ok
15:46:46.0362 4964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:46:46.0363 4964 RDPENCDD - ok
15:46:46.0374 4964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:46:46.0375 4964 RDPREFMP - ok
15:46:46.0411 4964 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:46:46.0414 4964 RDPWD - ok
15:46:46.0447 4964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:46:46.0451 4964 rdyboost - ok
15:46:46.0486 4964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:46.0487 4964 rspndr - ok
15:46:46.0523 4964 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:46:46.0525 4964 RTL8167 - ok
15:46:46.0566 4964 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:46:46.0569 4964 RTL8169 - ok
15:46:46.0602 4964 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS
15:46:46.0604 4964 RTSTOR - ok
15:46:46.0625 4964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:46:46.0627 4964 sbp2port - ok
15:46:46.0656 4964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:46:46.0681 4964 scfilter - ok
15:46:46.0737 4964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:46.0739 4964 secdrv - ok
15:46:46.0765 4964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:46:46.0766 4964 Serenum - ok
15:46:46.0786 4964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:46:46.0788 4964 Serial - ok
15:46:46.0820 4964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:46:46.0822 4964 sermouse - ok
15:46:46.0860 4964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:46:46.0862 4964 sffdisk - ok
15:46:46.0871 4964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:46.0872 4964 sffp_mmc - ok
15:46:46.0881 4964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:46:46.0883 4964 sffp_sd - ok
15:46:46.0899 4964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:46.0901 4964 sfloppy - ok
15:46:46.0944 4964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:46.0945 4964 SiSRaid2 - ok
15:46:46.0964 4964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:46.0965 4964 SiSRaid4 - ok
15:46:46.0995 4964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:46:46.0998 4964 Smb - ok
15:46:47.0025 4964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:46:47.0026 4964 spldr - ok
15:46:47.0070 4964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:46:47.0076 4964 srv - ok
15:46:47.0100 4964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:46:47.0106 4964 srv2 - ok
15:46:47.0126 4964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:47.0128 4964 srvnet - ok
15:46:47.0161 4964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:46:47.0162 4964 stexstor - ok
15:46:47.0187 4964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:46:47.0188 4964 swenum - ok
15:46:47.0231 4964 tap0801 (8502bfc9c990567e4049358ec063d621) C:\Windows\system32\DRIVERS\tap0801.sys
15:46:47.0232 4964 tap0801 - ok
15:46:47.0290 4964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:46:47.0321 4964 Tcpip - ok
15:46:47.0370 4964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:47.0380 4964 TCPIP6 - ok
15:46:47.0408 4964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:46:47.0409 4964 tcpipreg - ok
15:46:47.0429 4964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:46:47.0430 4964 TDPIPE - ok
15:46:47.0448 4964 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:46:47.0449 4964 TDTCP - ok
15:46:47.0469 4964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:46:47.0471 4964 tdx - ok
15:46:47.0489 4964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:46:47.0490 4964 TermDD - ok
15:46:47.0530 4964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:47.0532 4964 tssecsrv - ok
15:46:47.0564 4964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:46:47.0566 4964 TsUsbFlt - ok
15:46:47.0608 4964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:47.0610 4964 tunnel - ok
15:46:47.0638 4964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:46:47.0640 4964 uagp35 - ok
15:46:47.0673 4964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:46:47.0677 4964 udfs - ok
15:46:47.0704 4964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:46:47.0705 4964 uliagpkx - ok
15:46:47.0736 4964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:46:47.0738 4964 umbus - ok
15:46:47.0766 4964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:46:47.0767 4964 UmPass - ok
15:46:47.0796 4964 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:46:47.0798 4964 usbaudio - ok
15:46:47.0814 4964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
15:46:47.0816 4964 usbccgp - ok
15:46:47.0845 4964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:46:47.0847 4964 usbcir - ok
15:46:47.0861 4964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:46:47.0863 4964 usbehci - ok
15:46:47.0892 4964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:47.0897 4964 usbhub - ok
15:46:47.0916 4964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:46:47.0917 4964 usbohci - ok
15:46:47.0935 4964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:47.0936 4964 usbprint - ok
15:46:47.0954 4964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:47.0956 4964 USBSTOR - ok
15:46:47.0968 4964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:46:47.0969 4964 usbuhci - ok
15:46:47.0989 4964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:46:47.0990 4964 vdrvroot - ok
15:46:48.0026 4964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:48.0028 4964 vga - ok
15:46:48.0046 4964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:46:48.0048 4964 VgaSave - ok
15:46:48.0066 4964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:46:48.0069 4964 vhdmp - ok
15:46:48.0102 4964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:46:48.0103 4964 viaide - ok
15:46:48.0123 4964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:46:48.0125 4964 volmgr - ok
15:46:48.0150 4964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:46:48.0155 4964 volmgrx - ok
15:46:48.0189 4964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:46:48.0193 4964 volsnap - ok
15:46:48.0211 4964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:48.0214 4964 vsmraid - ok
15:46:48.0228 4964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:46:48.0230 4964 vwifibus - ok
15:46:48.0263 4964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:46:48.0265 4964 WacomPen - ok
15:46:48.0283 4964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:48.0284 4964 WANARP - ok
15:46:48.0289 4964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:48.0290 4964 Wanarpv6 - ok
15:46:48.0319 4964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:46:48.0320 4964 Wd - ok
15:46:48.0350 4964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:46:48.0357 4964 Wdf01000 - ok
15:46:48.0391 4964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:48.0392 4964 WfpLwf - ok
15:46:48.0435 4964 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:46:48.0438 4964 WimFltr - ok
15:46:48.0454 4964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:46:48.0455 4964 WIMMount - ok
15:46:48.0515 4964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:46:48.0516 4964 WmiAcpi - ok
15:46:48.0552 4964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:48.0554 4964 ws2ifsl - ok
15:46:48.0584 4964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:46:48.0587 4964 WudfPf - ok
15:46:48.0625 4964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:48.0628 4964 WUDFRd - ok
15:46:48.0767 4964 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
15:46:48.0768 4964 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
15:46:48.0787 4964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:46:48.0846 4964 \Device\Harddisk0\DR0 - ok
15:46:48.0849 4964 Boot (0x1200) (134c0e012363c4c6516d3f27647f52a0) \Device\Harddisk0\DR0\Partition0
15:46:48.0851 4964 \Device\Harddisk0\DR0\Partition0 - ok
15:46:48.0861 4964 Boot (0x1200) (8a49e1400c53c21253d47df7871788fd) \Device\Harddisk0\DR0\Partition1
15:46:48.0862 4964 \Device\Harddisk0\DR0\Partition1 - ok
15:46:48.0862 4964 ============================================================
15:46:48.0862 4964 Scan finished
15:46:48.0862 4964 ============================================================
15:46:48.0872 1552 Detected object count: 0
15:46:48.0872 1552 Actual detected object count: 0
15:47:33.0519 4036 ============================================================
15:47:33.0519 4036 Scan started
15:47:33.0519 4036 Mode: Manual; SigCheck; TDLFS;
15:47:33.0519 4036 ============================================================
15:47:33.0774 4036 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:47:33.0888 4036 1394ohci - ok
15:47:33.0912 4036 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:47:33.0924 4036 ACPI - ok
15:47:33.0943 4036 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:47:34.0024 4036 AcpiPmi - ok
15:47:34.0070 4036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:47:34.0095 4036 adp94xx - ok
15:47:34.0115 4036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:47:34.0135 4036 adpahci - ok
15:47:34.0153 4036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:47:34.0164 4036 adpu320 - ok
15:47:34.0200 4036 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:47:34.0277 4036 AFD - ok
15:47:34.0295 4036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:47:34.0310 4036 agp440 - ok
15:47:34.0327 4036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:47:34.0341 4036 aliide - ok
15:47:34.0349 4036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:47:34.0361 4036 amdide - ok
15:47:34.0376 4036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:47:34.0452 4036 AmdK8 - ok
15:47:34.0470 4036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:47:34.0528 4036 AmdPPM - ok
15:47:34.0564 4036 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:47:34.0580 4036 amdsata - ok
15:47:34.0604 4036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:47:34.0621 4036 amdsbs - ok
15:47:34.0641 4036 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:47:34.0655 4036 amdxata - ok
15:47:34.0725 4036 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:47:34.0786 4036 AppID - ok
15:47:34.0812 4036 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:47:34.0822 4036 arc - ok
15:47:34.0835 4036 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:47:34.0846 4036 arcsas - ok
15:47:34.0867 4036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:47:35.0019 4036 AsyncMac - ok
15:47:35.0048 4036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:47:35.0057 4036 atapi - ok
15:47:35.0084 4036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:47:35.0157 4036 b06bdrv - ok
15:47:35.0175 4036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:47:35.0226 4036 b57nd60a - ok
15:47:35.0260 4036 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:47:35.0352 4036 Beep - ok
15:47:35.0385 4036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:47:35.0425 4036 blbdrive - ok
15:47:35.0461 4036 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:47:35.0542 4036 bowser - ok
15:47:35.0563 4036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:47:35.0637 4036 BrFiltLo - ok
15:47:35.0653 4036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:47:35.0672 4036 BrFiltUp - ok
15:47:35.0734 4036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:47:35.0808 4036 Brserid - ok
15:47:35.0821 4036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:47:35.0864 4036 BrSerWdm - ok
15:47:35.0890 4036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:47:35.0927 4036 BrUsbMdm - ok
15:47:35.0955 4036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:47:35.0991 4036 BrUsbSer - ok
15:47:36.0050 4036 BstHdDrv (cda9913a7ce9f0e5e4c961aa34b024a2) C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
15:47:36.0080 4036 BstHdDrv - ok
15:47:36.0098 4036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:47:36.0140 4036 BTHMODEM - ok
15:47:36.0256 4036 catchme - ok
15:47:36.0280 4036 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:47:36.0341 4036 cdfs - ok
15:47:36.0374 4036 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:47:36.0432 4036 cdrom - ok
15:47:36.0471 4036 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
15:47:36.0484 4036 cfwids - ok
15:47:36.0492 4036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:47:36.0535 4036 circlass - ok
15:47:36.0575 4036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:47:36.0598 4036 CLFS - ok
15:47:36.0624 4036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:47:36.0655 4036 CmBatt - ok
15:47:36.0692 4036 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:47:36.0705 4036 cmdide - ok
15:47:36.0731 4036 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:47:36.0763 4036 CNG - ok
15:47:36.0805 4036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:47:36.0818 4036 Compbatt - ok
15:47:36.0840 4036 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:47:36.0860 4036 CompositeBus - ok
15:47:36.0876 4036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:47:36.0890 4036 crcdisk - ok
15:47:36.0929 4036 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:47:36.0996 4036 DfsC - ok
15:47:37.0027 4036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:47:37.0080 4036 discache - ok
15:47:37.0107 4036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:47:37.0116 4036 Disk - ok
15:47:37.0154 4036 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:47:37.0167 4036 drmkaud - ok
15:47:37.0202 4036 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:47:37.0223 4036 DXGKrnl - ok
15:47:37.0293 4036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:47:37.0396 4036 ebdrv - ok
15:47:37.0437 4036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:47:37.0450 4036 elxstor - ok
15:47:37.0477 4036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:47:37.0517 4036 ErrDev - ok
15:47:37.0556 4036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:47:37.0599 4036 exfat - ok
15:47:37.0615 4036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:47:37.0663 4036 fastfat - ok
15:47:37.0705 4036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:47:37.0744 4036 fdc - ok
15:47:37.0774 4036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:47:37.0789 4036 FileInfo - ok
15:47:37.0803 4036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:47:37.0857 4036 Filetrace - ok
15:47:37.0884 4036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:47:37.0895 4036 flpydisk - ok
15:47:37.0920 4036 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:47:37.0932 4036 FltMgr - ok
15:47:37.0946 4036 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:47:37.0955 4036 FsDepends - ok
15:47:37.0987 4036 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:47:38.0001 4036 fssfltr - ok
15:47:38.0019 4036 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:47:38.0032 4036 Fs_Rec - ok
15:47:38.0063 4036 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:47:38.0075 4036 fvevol - ok
15:47:38.0090 4036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:47:38.0099 4036 gagp30kx - ok
15:47:38.0129 4036 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:47:38.0136 4036 GEARAspiWDM - ok
15:47:38.0160 4036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:47:38.0217 4036 hcw85cir - ok
15:47:38.0246 4036 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:47:38.0270 4036 HdAudAddService - ok
15:47:38.0287 4036 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:47:38.0329 4036 HDAudBus - ok
15:47:38.0357 4036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:47:38.0395 4036 HidBatt - ok
15:47:38.0424 4036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:47:38.0480 4036 HidBth - ok
15:47:38.0507 4036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:47:38.0554 4036 HidIr - ok
15:47:38.0583 4036 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:47:38.0623 4036 HidUsb - ok
15:47:38.0670 4036 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:47:38.0685 4036 HpSAMD - ok
15:47:38.0719 4036 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:47:38.0787 4036 HTTP - ok
15:47:38.0828 4036 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:47:38.0842 4036 hwpolicy - ok
15:47:38.0868 4036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:47:38.0885 4036 i8042prt - ok
15:47:38.0922 4036 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
15:47:38.0938 4036 iaStor - ok
15:47:38.0965 4036 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:47:38.0977 4036 iaStorV - ok
15:47:38.0990 4036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:47:38.0999 4036 iirsp - ok
15:47:39.0052 4036 IntcAzAudAddService (0a5ccf2a30b7ed158f616728d3268fb1) C:\Windows\system32\drivers\RTKVHD64.sys
15:47:39.0078 4036 IntcAzAudAddService - ok
15:47:39.0094 4036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:47:39.0103 4036 intelide - ok
15:47:39.0120 4036 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:47:39.0150 4036 intelppm - ok
15:47:39.0196 4036 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:47:39.0257 4036 IpFilterDriver - ok
15:47:39.0296 4036 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:47:39.0335 4036 IPMIDRV - ok
15:47:39.0366 4036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:47:39.0429 4036 IPNAT - ok
15:47:39.0462 4036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:47:39.0543 4036 IRENUM - ok
15:47:39.0561 4036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:47:39.0569 4036 isapnp - ok
15:47:39.0605 4036 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:47:39.0622 4036 iScsiPrt - ok
15:47:39.0656 4036 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
15:47:39.0726 4036 JRAID - ok
15:47:39.0743 4036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:47:39.0758 4036 kbdclass - ok
15:47:39.0782 4036 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:47:39.0818 4036 kbdhid - ok
15:47:39.0856 4036 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:47:39.0871 4036 KSecDD - ok
15:47:39.0902 4036 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:47:39.0917 4036 KSecPkg - ok
15:47:39.0946 4036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:47:40.0008 4036 ksthunk - ok
15:47:40.0058 4036 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:47:40.0065 4036 LHidFilt - ok
15:47:40.0086 4036 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:47:40.0150 4036 lltdio - ok
15:47:40.0161 4036 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:47:40.0168 4036 LMouFilt - ok
15:47:40.0186 4036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:47:40.0196 4036 LSI_FC - ok
15:47:40.0215 4036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:47:40.0224 4036 LSI_SAS - ok
15:47:40.0238 4036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:47:40.0247 4036 LSI_SAS2 - ok
15:47:40.0270 4036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:47:40.0280 4036 LSI_SCSI - ok
15:47:40.0303 4036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:47:40.0367 4036 luafv - ok
15:47:40.0396 4036 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
15:47:40.0404 4036 LUsbFilt - ok
15:47:40.0435 4036 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:47:40.0443 4036 LVPr2M64 - ok
15:47:40.0445 4036 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:47:40.0451 4036 LVPr2Mon - ok
15:47:40.0480 4036 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
15:47:40.0491 4036 LVRS64 - ok
15:47:40.0564 4036 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:47:40.0613 4036 LVUVC64 - ok
15:47:40.0620 4036 MBAMProtector - ok
15:47:40.0650 4036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:47:40.0659 4036 megasas - ok
15:47:40.0685 4036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:47:40.0696 4036 MegaSR - ok
15:47:40.0721 4036 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
15:47:40.0730 4036 mfeapfk - ok
15:47:40.0755 4036 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
15:47:40.0765 4036 mfeavfk - ok
15:47:40.0772 4036 mfeavfk01 - ok
15:47:40.0840 4036 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
15:47:40.0859 4036 mfefirek - ok
15:47:40.0882 4036 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
15:47:40.0902 4036 mfehidk - ok
15:47:40.0915 4036 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
15:47:40.0923 4036 mfenlfk - ok
15:47:40.0939 4036 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
15:47:40.0947 4036 mferkdet - ok
15:47:40.0971 4036 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
15:47:40.0981 4036 mfewfpk - ok
15:47:41.0005 4036 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:47:41.0071 4036 Modem - ok
15:47:41.0104 4036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:47:41.0145 4036 monitor - ok
15:47:41.0179 4036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:47:41.0193 4036 mouclass - ok
15:47:41.0206 4036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:47:41.0249 4036 mouhid - ok
15:47:41.0294 4036 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:47:41.0310 4036 mountmgr - ok
15:47:41.0336 4036 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:47:41.0352 4036 mpio - ok
15:47:41.0367 4036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:47:41.0410 4036 mpsdrv - ok
15:47:41.0435 4036 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:47:41.0522 4036 MRxDAV - ok
15:47:41.0549 4036 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:47:41.0612 4036 mrxsmb - ok
15:47:41.0645 4036 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:47:41.0679 4036 mrxsmb10 - ok
15:47:41.0707 4036 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:47:41.0720 4036 mrxsmb20 - ok
15:47:41.0800 4036 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:47:41.0814 4036 msahci - ok
15:47:41.0828 4036 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:47:41.0844 4036 msdsm - ok
15:47:41.0869 4036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:47:41.0896 4036 Msfs - ok
15:47:41.0912 4036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:47:41.0961 4036 mshidkmdf - ok
15:47:41.0989 4036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:47:41.0998 4036 msisadrv - ok
15:47:42.0021 4036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:47:42.0073 4036 MSKSSRV - ok
15:47:42.0105 4036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:47:42.0163 4036 MSPCLOCK - ok
15:47:42.0187 4036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:47:42.0254 4036 MSPQM - ok
15:47:42.0294 4036 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:47:42.0308 4036 MsRPC - ok
15:47:42.0331 4036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:47:42.0341 4036 mssmbios - ok
15:47:42.0358 4036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:47:42.0417 4036 MSTEE - ok
15:47:42.0445 4036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:47:42.0496 4036 MTConfig - ok
15:47:42.0526 4036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:47:42.0541 4036 Mup - ok
15:47:42.0563 4036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:47:42.0613 4036 NativeWifiP - ok
15:47:42.0663 4036 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:47:42.0692 4036 NDIS - ok
15:47:42.0740 4036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:47:42.0785 4036 NdisCap - ok
15:47:42.0805 4036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:47:42.0859 4036 NdisTapi - ok
15:47:42.0897 4036 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:47:42.0923 4036 Ndisuio - ok
15:47:42.0947 4036 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:47:43.0007 4036 NdisWan - ok
15:47:43.0039 4036 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:47:43.0088 4036 NDProxy - ok
15:47:43.0119 4036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:47:43.0158 4036 NetBIOS - ok
15:47:43.0179 4036 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:47:43.0243 4036 NetBT - ok
15:47:43.0278 4036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:47:43.0287 4036 nfrd960 - ok
15:47:43.0306 4036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:47:43.0366 4036 Npfs - ok
15:47:43.0395 4036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:47:43.0422 4036 nsiproxy - ok
15:47:43.0470 4036 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:47:43.0495 4036 Ntfs - ok
15:47:43.0511 4036 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:47:43.0538 4036 Null - ok
15:47:43.0576 4036 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
15:47:43.0589 4036 NVHDA - ok
15:47:43.0775 4036 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:47:43.0898 4036 nvlddmkm - ok
15:47:43.0934 4036 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:47:43.0945 4036 nvraid - ok
15:47:43.0980 4036 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:47:43.0991 4036 nvstor - ok
15:47:44.0026 4036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:47:44.0037 4036 nv_agp - ok
15:47:44.0066 4036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:47:44.0079 4036 ohci1394 - ok
15:47:44.0109 4036 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:47:44.0122 4036 Parport - ok
15:47:44.0152 4036 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:47:44.0162 4036 partmgr - ok
15:47:44.0192 4036 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:47:44.0207 4036 pci - ok
15:47:44.0229 4036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:47:44.0242 4036 pciide - ok
15:47:44.0265 4036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:47:44.0277 4036 pcmcia - ok
15:47:44.0295 4036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:47:44.0305 4036 pcw - ok
15:47:44.0328 4036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:47:44.0384 4036 PEAUTH - ok
15:47:44.0438 4036 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:47:44.0503 4036 PptpMiniport - ok
15:47:44.0527 4036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:47:44.0566 4036 Processor - ok
15:47:44.0606 4036 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:47:44.0672 4036 Psched - ok
15:47:44.0703 4036 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
15:47:44.0713 4036 PxHlpa64 - ok
15:47:44.0759 4036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:47:44.0797 4036 ql2300 - ok
15:47:44.0828 4036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:47:44.0845 4036 ql40xx - ok
15:47:44.0876 4036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:47:44.0920 4036 QWAVEdrv - ok
15:47:44.0948 4036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:47:44.0987 4036 RasAcd - ok
15:47:45.0013 4036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:47:45.0042 4036 RasAgileVpn - ok
15:47:45.0071 4036 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:47:45.0135 4036 Rasl2tp - ok
15:47:45.0172 4036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:45.0228 4036 RasPppoe - ok
15:47:45.0258 4036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:45.0287 4036 RasSstp - ok
15:47:45.0300 4036 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:45.0368 4036 rdbss - ok
15:47:45.0376 4036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:47:45.0389 4036 rdpbus - ok
15:47:45.0419 4036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:45.0446 4036 RDPCDD - ok
15:47:45.0462 4036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:47:45.0524 4036 RDPENCDD - ok
15:47:45.0533 4036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:47:45.0559 4036 RDPREFMP - ok
15:47:45.0602 4036 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:47:45.0628 4036 RDPWD - ok
15:47:45.0663 4036 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:47:45.0678 4036 rdyboost - ok
15:47:45.0703 4036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:45.0731 4036 rspndr - ok
15:47:45.0764 4036 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:47:45.0794 4036 RTL8167 - ok
15:47:45.0824 4036 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:47:45.0890 4036 RTL8169 - ok
15:47:45.0919 4036 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS
15:47:45.0976 4036 RTSTOR - ok
15:47:45.0999 4036 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:47:46.0015 4036 sbp2port - ok
15:47:46.0047 4036 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:47:46.0100 4036 scfilter - ok
15:47:46.0137 4036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:47:46.0193 4036 secdrv - ok
15:47:46.0222 4036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:47:46.0234 4036 Serenum - ok
15:47:46.0252 4036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:47:46.0265 4036 Serial - ok
15:47:46.0295 4036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:47:46.0332 4036 sermouse - ok
15:47:46.0376 4036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:47:46.0432 4036 sffdisk - ok
15:47:46.0441 4036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:47:46.0476 4036 sffp_mmc - ok
15:47:46.0484 4036 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:47:46.0509 4036 sffp_sd - ok
15:47:46.0540 4036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:47:46.0558 4036 sfloppy - ok
15:47:46.0576 4036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:47:46.0590 4036 SiSRaid2 - ok
15:47:46.0613 4036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:47:46.0627 4036 SiSRaid4 - ok
15:47:46.0645 4036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:47:46.0701 4036 Smb - ok
15:47:46.0750 4036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:47:46.0764 4036 spldr - ok
15:47:46.0802 4036 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:47:46.0834 4036 srv - ok
15:47:46.0858 4036 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:47:46.0903 4036 srv2 - ok
15:47:46.0933 4036 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:47:46.0985 4036 srvnet - ok
15:47:47.0018 4036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:47:47.0032 4036 stexstor - ok
15:47:47.0061 4036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:47:47.0075 4036 swenum - ok
15:47:47.0114 4036 tap0801 (8502bfc9c990567e4049358ec063d621) C:\Windows\system32\DRIVERS\tap0801.sys
15:47:47.0138 4036 tap0801 ( UnsignedFile.Multi.Generic ) - warning
15:47:47.0138 4036 tap0801 - detected UnsignedFile.Multi.Generic (1)
15:47:47.0216 4036 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:47:47.0248 4036 Tcpip - ok
15:47:47.0286 4036 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:47:47.0327 4036 TCPIP6 - ok
15:47:47.0349 4036 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:47:47.0375 4036 tcpipreg - ok
15:47:47.0395 4036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:47:47.0460 4036 TDPIPE - ok
15:47:47.0489 4036 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:47:47.0516 4036 TDTCP - ok
15:47:47.0535 4036 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:47:47.0561 4036 tdx - ok
15:47:47.0571 4036 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:47:47.0580 4036 TermDD - ok
15:47:47.0613 4036 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:47.0665 4036 tssecsrv - ok
15:47:47.0722 4036 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:47:47.0755 4036 TsUsbFlt - ok
15:47:47.0791 4036 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:47:47.0855 4036 tunnel - ok
15:47:47.0887 4036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:47:47.0902 4036 uagp35 - ok
15:47:47.0922 4036 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:47:47.0985 4036 udfs - ok
15:47:48.0019 4036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:47:48.0029 4036 uliagpkx - ok
15:47:48.0061 4036 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:47:48.0097 4036 umbus - ok
15:47:48.0132 4036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:47:48.0169 4036 UmPass - ok
15:47:48.0196 4036 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:47:48.0239 4036 usbaudio - ok
15:47:48.0272 4036 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
15:47:48.0300 4036 usbccgp - ok
15:47:48.0328 4036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:47:48.0368 4036 usbcir - ok
15:47:48.0402 4036 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:47:48.0438 4036 usbehci - ok
15:47:48.0475 4036 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:47:48.0518 4036 usbhub - ok
15:47:48.0548 4036 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:47:48.0565 4036 usbohci - ok
15:47:48.0584 4036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:47:48.0605 4036 usbprint - ok
15:47:48.0620 4036 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:48.0671 4036 USBSTOR - ok
15:47:48.0692 4036 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:47:48.0730 4036 usbuhci - ok
15:47:48.0763 4036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:47:48.0776 4036 vdrvroot - ok
15:47:48.0826 4036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:48.0846 4036 vga - ok
15:47:48.0862 4036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:47:48.0918 4036 VgaSave - ok
15:47:48.0956 4036 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:47:48.0967 4036 vhdmp - ok
15:47:48.0984 4036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:47:48.0993 4036 viaide - ok
15:47:49.0009 4036 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:47:49.0019 4036 volmgr - ok
15:47:49.0049 4036 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:47:49.0062 4036 volmgrx - ok
15:47:49.0097 4036 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:47:49.0116 4036 volsnap - ok
15:47:49.0135 4036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:47:49.0145 4036 vsmraid - ok
15:47:49.0161 4036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:47:49.0200 4036 vwifibus - ok
15:47:49.0237 4036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:47:49.0275 4036 WacomPen - ok
15:47:49.0307 4036 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:49.0368 4036 WANARP - ok
15:47:49.0371 4036 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:49.0397 4036 Wanarpv6 - ok
15:47:49.0435 4036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:47:49.0444 4036 Wd - ok
15:47:49.0464 4036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:47:49.0479 4036 Wdf01000 - ok
15:47:49.0498 4036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:47:49.0525 4036 WfpLwf - ok
15:47:49.0551 4036 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:47:49.0560 4036 WimFltr - ok
15:47:49.0569 4036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:47:49.0578 4036 WIMMount - ok
15:47:49.0614 4036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:47:49.0653 4036 WmiAcpi - ok
15:47:49.0751 4036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:47:49.0815 4036 ws2ifsl - ok
15:47:49.0858 4036 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:47:49.0923 4036 WudfPf - ok
15:47:49.0949 4036 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:49.0990 4036 WUDFRd - ok
15:47:50.0041 4036 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
15:47:50.0051 4036 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
15:47:50.0062 4036 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:47:50.0194 4036 \Device\Harddisk0\DR0 - ok
15:47:50.0198 4036 Boot (0x1200) (134c0e012363c4c6516d3f27647f52a0) \Device\Harddisk0\DR0\Partition0
15:47:50.0199 4036 \Device\Harddisk0\DR0\Partition0 - ok
15:47:50.0235 4036 Boot (0x1200) (8a49e1400c53c21253d47df7871788fd) \Device\Harddisk0\DR0\Partition1
15:47:50.0236 4036 \Device\Harddisk0\DR0\Partition1 - ok
15:47:50.0237 4036 ============================================================
15:47:50.0237 4036 Scan finished
15:47:50.0237 4036 ============================================================
15:47:50.0244 0628 Detected object count: 1
15:47:50.0244 0628 Actual detected object count: 1
15:48:00.0842 0628 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
15:48:00.0842 0628 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:48:11.0915 6412 Deinitialize success

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 06:09 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 06:41 PM

The computer will not boot now!!! Not even in safe mode!!!

In between posts I began to get more of the type of messages that came with system fix. I also got a McAfee warning that the computer was trying to connect to a risky site and it was being blocked...the site was 68.67.159.202.

I ran a virus scan to see if I could get rid of it...ran McAfee: Malwarebytes would not start.

MaAfee found one issue it could not remove and requested a reboot. Since then the computer won't reboot. I've tried repair and safe mode and it just hangs no matter what option I choose. I don't even get safe mode now, just startup repair. Just says Windows loading files.

Naver got to the last direction you gave me...this happened just before I received it.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 08:06 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 08:56 PM

Good directions:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-25 20:54:44
Running from J:\
Windows ™ Code Name "Longhorn" Preinstallation Environment (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell] cmd.exe /k start cmd.exe [x x] ()
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======

3 sacsvr; C:\Windows\System32\sacsvr.dll [14848 2008-01-19] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 FBWF; C:\Windows\System32\DRIVERS\fbwf.sys [97792 2008-01-18] (Microsoft Corporation)
0 Ramdisk; C:\Windows\System32\DRIVERS\ramdisk.sys [27648 2008-01-18] (Microsoft Corporation)
0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [103992 2008-01-19] (Microsoft Corporation)
0 WimFsf; C:\Windows\System32\Drivers\WimFsf.sys [61952 2008-01-18] (Microsoft Corporation)
3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: sacsvr

============ One Month Created Files and Folders ==============



============ 3 Months Modified Files and Folders =============

2011-12-25 20:54 - 2011-12-25 20:54 - 0000000 ____D C:\FRST

========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\COMDLG32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\IERTUTIL.dll is missing
C:\Windows\SysWOW64\IMAGEHLP.dll is missing
C:\Windows\SysWOW64\IMM32.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\LPK.dll is missing
C:\Windows\SysWOW64\MSCTF.dll is missing
C:\Windows\SysWOW64\MSVCRT.dll is missing
C:\Windows\SysWOW64\NORMALIZ.dll is missing
C:\Windows\SysWOW64\NSI.dll is missing
C:\Windows\SysWOW64\OLEAUT32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\Setupapi.dll is missing
C:\Windows\SysWOW64\SHELL32.dll is missing
C:\Windows\SysWOW64\SHLWAPI.dll is missing
C:\Windows\SysWOW64\URLMON.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\USP10.dll is missing
C:\Windows\SysWOW64\WININET.dll is missing
C:\Windows\SysWOW64\WLDAP32.dll is missing
C:\Windows\SysWOW64\WS2_32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\clbcatq.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2008-01-18 22:18] - [2008-01-19 00:00] - 0406016 ____A (Microsoft Corporation) 856491FCED98093D824B9EB2892F564A

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6134.99 MB
Available physical RAM: 5504 MB
Total Pagefile: 6133.14 MB
Available Pagefile: 5489.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.74 GB) NTFS ==>[Drive with boot components]
2 Drive d: (OS) (Fixed) (Total:683.95 GB) (Free:617.36 GB) NTFS
3 Drive e: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
8 Drive j: (ATTACHE 2.0) (Removable) (Total:0.11 GB) (Free:0.1 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 117 MB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 683 GB 14 GB
Partition 4 Primary 1016 KB 698 GB

Disk: 0
Partition 4
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==========================================================

Last Boot: 2010-12-03 17:01

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 09:06 PM

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

winlogon.exe;explorer.exe

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: winlogon.exe;explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 09:12 PM

Farbars Recovery Scan Tool 2.0.3
Ran by SYSTEM at 2011-12-25 21:11:02
Running from J:\

================== Search: winlogon.exe;explorer.exe ===================

C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008-01-19 03:10] - [2008-01-19 03:10] - 0406016 ____A (Microsoft Corporation) 856491FCED98093D824B9EB2892F564A

C:\Windows\System32\winlogon.exe
[2008-01-18 22:18] - [2008-01-19 00:00] - 0406016 ____A (Microsoft Corporation) 856491FCED98093D824B9EB2892F564A

====== End Of Search ======

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 09:21 PM

Hello


do you have access to another windows 7 computer?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Dick R

Dick R
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 December 2011 - 09:24 PM

Yes.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:20 PM

Posted 25 December 2011 - 09:37 PM

Hello

I want you to try and boot with this

what I want to do we can't with the other tool

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users