Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with iexplore.exe, conhost.exe, smdt.exe, and sdiagnhost.exe malware


  • Please log in to reply
18 replies to this topic

#1 keywestr

keywestr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 04:33 PM

i have the same exact problem as this article:

http://www.bleepingcomputer.com/forums/topic432263.html

nothing i have tried has removed the infection. can anyone help me?

CB

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 05:13 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 08:50 PM

18:41:38.0722 11800 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:41:39.0705 11800 ============================================================
18:41:39.0705 11800 Current date / time: 2012/08/28 18:41:39.0705
18:41:39.0705 11800 SystemInfo:
18:41:39.0705 11800
18:41:39.0705 11800 OS Version: 6.1.7601 ServicePack: 1.0
18:41:39.0705 11800 Product type: Workstation
18:41:39.0705 11800 ComputerName: CHESTER-PC
18:41:39.0705 11800 UserName: CHESTER
18:41:39.0705 11800 Windows directory: C:\Windows
18:41:39.0705 11800 System windows directory: C:\Windows
18:41:39.0705 11800 Running under WOW64
18:41:39.0705 11800 Processor architecture: Intel x64
18:41:39.0705 11800 Number of processors: 2
18:41:39.0705 11800 Page size: 0x1000
18:41:39.0705 11800 Boot type: Normal boot
18:41:39.0705 11800 ============================================================
18:41:44.0744 11800 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:44.0884 11800 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:45.0243 11800 ============================================================
18:41:45.0243 11800 \Device\Harddisk0\DR0:
18:41:45.0243 11800 MBR partitions:
18:41:45.0243 11800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1C815909
18:41:45.0243 11800 \Device\Harddisk1\DR1:
18:41:45.0243 11800 MBR partitions:
18:41:45.0243 11800 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
18:41:45.0243 11800 ============================================================
18:41:45.0274 11800 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:45.0305 11800 J: <-> \Device\Harddisk1\DR1\Partition1
18:41:45.0305 11800 ============================================================
18:41:45.0305 11800 Initialize success
18:41:45.0305 11800 ============================================================
18:42:18.0535 10848 ============================================================
18:42:18.0535 10848 Scan started
18:42:18.0535 10848 Mode: Manual; TDLFS;
18:42:18.0535 10848 ============================================================
18:42:19.0471 10848 ================ Scan system memory ========================
18:42:19.0471 10848 System memory - ok
18:42:19.0471 10848 ================ Scan services =============================
18:42:19.0705 10848 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:42:19.0705 10848 1394ohci - ok
18:42:19.0736 10848 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:42:19.0751 10848 ACPI - ok
18:42:19.0783 10848 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:42:19.0783 10848 AcpiPmi - ok
18:42:19.0907 10848 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:42:19.0907 10848 AdobeFlashPlayerUpdateSvc - ok
18:42:19.0954 10848 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:42:19.0970 10848 adp94xx - ok
18:42:20.0001 10848 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:42:20.0001 10848 adpahci - ok
18:42:20.0032 10848 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:42:20.0032 10848 adpu320 - ok
18:42:20.0079 10848 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:42:20.0079 10848 AeLookupSvc - ok
18:42:20.0141 10848 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:42:20.0173 10848 AFD - ok
18:42:20.0204 10848 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:42:20.0204 10848 agp440 - ok
18:42:20.0235 10848 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:42:20.0235 10848 ALG - ok
18:42:20.0251 10848 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:42:20.0251 10848 aliide - ok
18:42:20.0282 10848 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:42:20.0282 10848 amdide - ok
18:42:20.0313 10848 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:42:20.0313 10848 AmdK8 - ok
18:42:20.0329 10848 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:42:20.0329 10848 AmdPPM - ok
18:42:20.0360 10848 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:42:20.0375 10848 amdsata - ok
18:42:20.0391 10848 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:42:20.0422 10848 amdsbs - ok
18:42:20.0438 10848 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:42:20.0438 10848 amdxata - ok
18:42:20.0500 10848 [ 5D10231FD068986CD29705ADDBD6200A ] Angel C:\Windows\system32\DRIVERS\Angel.sys
18:42:20.0516 10848 Angel - ok
18:42:20.0547 10848 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:42:20.0563 10848 AppID - ok
18:42:20.0594 10848 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:42:20.0594 10848 AppIDSvc - ok
18:42:20.0609 10848 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:42:20.0609 10848 Appinfo - ok
18:42:20.0719 10848 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:42:20.0719 10848 Apple Mobile Device - ok
18:42:20.0765 10848 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:42:20.0765 10848 AppMgmt - ok
18:42:20.0828 10848 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:42:20.0828 10848 arc - ok
18:42:20.0843 10848 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:42:20.0843 10848 arcsas - ok
18:42:20.0875 10848 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:20.0875 10848 AsyncMac - ok
18:42:20.0890 10848 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:42:20.0890 10848 atapi - ok
18:42:20.0937 10848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:42:20.0968 10848 AudioEndpointBuilder - ok
18:42:20.0999 10848 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:42:20.0999 10848 AudioSrv - ok
18:42:21.0062 10848 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:42:21.0062 10848 AxInstSV - ok
18:42:21.0077 10848 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:42:21.0109 10848 b06bdrv - ok
18:42:21.0140 10848 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:21.0140 10848 b57nd60a - ok
18:42:21.0171 10848 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:42:21.0171 10848 BDESVC - ok
18:42:21.0202 10848 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:42:21.0202 10848 Beep - ok
18:42:21.0249 10848 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:42:21.0280 10848 BFE - ok
18:42:21.0374 10848 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:42:21.0389 10848 BITS - ok
18:42:21.0421 10848 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:21.0421 10848 blbdrive - ok
18:42:21.0530 10848 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:42:21.0530 10848 Bonjour Service - ok
18:42:21.0577 10848 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:42:21.0577 10848 bowser - ok
18:42:21.0608 10848 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:42:21.0608 10848 BrFiltLo - ok
18:42:21.0639 10848 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:42:21.0639 10848 BrFiltUp - ok
18:42:21.0670 10848 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:42:21.0670 10848 BridgeMP - ok
18:42:21.0701 10848 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:42:21.0701 10848 Browser - ok
18:42:21.0779 10848 [ E895280B396456393540C90EFAE0BDE4 ] Browser Defender Update Service C:\Program Files (x86)\Browser Defender\BDTUpdateService.exe
18:42:21.0779 10848 Browser Defender Update Service - ok
18:42:21.0811 10848 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:42:21.0826 10848 Brserid - ok
18:42:21.0842 10848 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:21.0842 10848 BrSerWdm - ok
18:42:21.0873 10848 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:21.0873 10848 BrUsbMdm - ok
18:42:21.0889 10848 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:21.0889 10848 BrUsbSer - ok
18:42:21.0904 10848 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:42:21.0904 10848 BTHMODEM - ok
18:42:21.0951 10848 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:42:21.0951 10848 bthserv - ok
18:42:21.0982 10848 catchme - ok
18:42:21.0998 10848 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:42:21.0998 10848 cdfs - ok
18:42:22.0060 10848 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:42:22.0060 10848 cdrom - ok
18:42:22.0107 10848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:42:22.0123 10848 CertPropSvc - ok
18:42:22.0185 10848 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:42:22.0185 10848 circlass - ok
18:42:22.0247 10848 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:42:22.0263 10848 CLFS - ok
18:42:22.0357 10848 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:22.0357 10848 clr_optimization_v2.0.50727_32 - ok
18:42:22.0435 10848 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:22.0435 10848 clr_optimization_v2.0.50727_64 - ok
18:42:22.0528 10848 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:22.0528 10848 clr_optimization_v4.0.30319_32 - ok
18:42:22.0575 10848 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:22.0575 10848 clr_optimization_v4.0.30319_64 - ok
18:42:22.0606 10848 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:42:22.0606 10848 CmBatt - ok
18:42:22.0622 10848 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:42:22.0637 10848 cmdide - ok
18:42:22.0669 10848 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:42:22.0684 10848 CNG - ok
18:42:22.0747 10848 [ 9F878666F63D35A30386B8BB7267B355 ] COMMONFX.DLL C:\Windows\System32\COMMONFX.DLL
18:42:22.0747 10848 COMMONFX.DLL - ok
18:42:22.0762 10848 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:42:22.0762 10848 Compbatt - ok
18:42:22.0793 10848 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:42:22.0793 10848 CompositeBus - ok
18:42:22.0809 10848 COMSysApp - ok
18:42:22.0856 10848 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
18:42:22.0887 10848 cpudrv64 - ok
18:42:22.0918 10848 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:42:22.0918 10848 crcdisk - ok
18:42:22.0981 10848 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:42:22.0981 10848 CryptSvc - ok
18:42:22.0996 10848 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:42:23.0012 10848 CSC - ok
18:42:23.0074 10848 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:42:23.0105 10848 CscService - ok
18:42:23.0137 10848 [ 676E6EC97D991CB70B007F7C83520973 ] CT20XUT.DLL C:\Windows\System32\CT20XUT.DLL
18:42:23.0152 10848 CT20XUT.DLL - ok
18:42:23.0199 10848 [ 5B51AEAA15519CD66DBC3D84CF8F4404 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
18:42:23.0215 10848 ctac32k - ok
18:42:23.0261 10848 [ DB0B6371D5E4D318EBF6FA932E4EA66C ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
18:42:23.0277 10848 ctaud2k - ok
18:42:23.0324 10848 [ 6560664034D27768D43CC54CCE4DEF9B ] CTAUDFX.DLL C:\Windows\System32\CTAUDFX.DLL
18:42:23.0339 10848 CTAUDFX.DLL - ok
18:42:23.0371 10848 [ B2237627B2143573055DE99861D24A09 ] CTEAPSFX.DLL C:\Windows\System32\CTEAPSFX.DLL
18:42:23.0371 10848 CTEAPSFX.DLL - ok
18:42:23.0417 10848 [ 51C5FE8D21FD833E706C45236CF1D3FE ] CTEXFIFX.DLL C:\Windows\System32\CTEXFIFX.DLL
18:42:23.0464 10848 CTEXFIFX.DLL - ok
18:42:23.0480 10848 [ 54C4BD625FA64D504A66CBE2E511DE26 ] CTHWIUT.DLL C:\Windows\System32\CTHWIUT.DLL
18:42:23.0480 10848 CTHWIUT.DLL - ok
18:42:23.0511 10848 [ E62B810C5E3AC571504B3FCD0D1A5B9F ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
18:42:23.0511 10848 ctprxy2k - ok
18:42:23.0542 10848 [ B14784B640FE018FF9E17AC7EC7766E1 ] CTSBLFX.DLL C:\Windows\System32\CTSBLFX.DLL
18:42:23.0558 10848 CTSBLFX.DLL - ok
18:42:23.0589 10848 [ D075F4EB063BA3B305F92E2EA993EC9D ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
18:42:23.0605 10848 ctsfm2k - ok
18:42:23.0636 10848 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:42:23.0636 10848 dc3d - ok
18:42:23.0714 10848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:42:23.0729 10848 DcomLaunch - ok
18:42:23.0776 10848 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:42:23.0792 10848 defragsvc - ok
18:42:23.0823 10848 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:42:23.0823 10848 DfsC - ok
18:42:23.0870 10848 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:42:23.0885 10848 Dhcp - ok
18:42:23.0917 10848 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:42:23.0917 10848 discache - ok
18:42:23.0963 10848 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:42:23.0963 10848 Disk - ok
18:42:24.0010 10848 dlcc_device - ok
18:42:24.0041 10848 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:42:24.0041 10848 dmvsc - ok
18:42:24.0088 10848 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:42:24.0088 10848 Dnscache - ok
18:42:24.0135 10848 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:42:24.0135 10848 dot3svc - ok
18:42:24.0166 10848 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:42:24.0166 10848 DPS - ok
18:42:24.0182 10848 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:42:24.0197 10848 drmkaud - ok
18:42:24.0229 10848 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:42:24.0260 10848 DXGKrnl - ok
18:42:24.0291 10848 [ 099E01A94167CA8BDA2CF72037AD0E28 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
18:42:24.0307 10848 e1express - ok
18:42:24.0353 10848 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:42:24.0353 10848 EapHost - ok
18:42:24.0447 10848 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:42:24.0541 10848 ebdrv - ok
18:42:24.0572 10848 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:42:24.0572 10848 EFS - ok
18:42:24.0665 10848 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:42:24.0665 10848 ehRecvr - ok
18:42:24.0681 10848 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:42:24.0681 10848 ehSched - ok
18:42:24.0759 10848 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:42:24.0775 10848 elxstor - ok
18:42:24.0790 10848 [ 141ED8594232CF853F2EF480C47060BB ] emupia C:\Windows\system32\drivers\emupia2k.sys
18:42:24.0806 10848 emupia - ok
18:42:24.0821 10848 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:42:24.0821 10848 ErrDev - ok
18:42:24.0868 10848 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:42:24.0884 10848 EventSystem - ok
18:42:24.0915 10848 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:42:24.0931 10848 exfat - ok
18:42:24.0946 10848 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:42:24.0946 10848 fastfat - ok
18:42:25.0009 10848 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:42:25.0040 10848 Fax - ok
18:42:25.0055 10848 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:42:25.0055 10848 fdc - ok
18:42:25.0102 10848 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:42:25.0102 10848 fdPHost - ok
18:42:25.0133 10848 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:42:25.0149 10848 FDResPub - ok
18:42:25.0180 10848 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:42:25.0180 10848 FileInfo - ok
18:42:25.0211 10848 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:42:25.0211 10848 Filetrace - ok
18:42:25.0243 10848 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:42:25.0243 10848 flpydisk - ok
18:42:25.0289 10848 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:42:25.0289 10848 FltMgr - ok
18:42:25.0305 10848 FNETTBOH - ok
18:42:25.0321 10848 FNETURPX - ok
18:42:25.0383 10848 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:42:25.0414 10848 FontCache - ok
18:42:25.0492 10848 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:25.0492 10848 FontCache3.0.0.0 - ok
18:42:25.0508 10848 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:42:25.0508 10848 FsDepends - ok
18:42:25.0539 10848 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:42:25.0539 10848 Fs_Rec - ok
18:42:25.0601 10848 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:42:25.0601 10848 fvevol - ok
18:42:25.0633 10848 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:42:25.0633 10848 gagp30kx - ok
18:42:25.0664 10848 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:25.0664 10848 GEARAspiWDM - ok
18:42:25.0695 10848 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:42:25.0726 10848 gpsvc - ok
18:42:25.0867 10848 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:25.0867 10848 gupdate - ok
18:42:25.0898 10848 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:42:25.0898 10848 gupdatem - ok
18:42:25.0945 10848 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:42:25.0960 10848 gusvc - ok
18:42:26.0054 10848 [ FD4B59A124B55D234500E8B3C8F04DAD ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
18:42:26.0101 10848 ha20x2k - ok
18:42:26.0132 10848 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:42:26.0132 10848 hcw85cir - ok
18:42:26.0194 10848 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:42:26.0210 10848 HdAudAddService - ok
18:42:26.0241 10848 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:26.0241 10848 HDAudBus - ok
18:42:26.0288 10848 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:42:26.0288 10848 HidBatt - ok
18:42:26.0303 10848 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:42:26.0319 10848 HidBth - ok
18:42:26.0335 10848 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:42:26.0335 10848 HidIr - ok
18:42:26.0381 10848 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:42:26.0381 10848 hidserv - ok
18:42:26.0428 10848 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:42:26.0428 10848 HidUsb - ok
18:42:26.0475 10848 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:42:26.0475 10848 hkmsvc - ok
18:42:26.0506 10848 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:42:26.0506 10848 HomeGroupListener - ok
18:42:26.0553 10848 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:42:26.0553 10848 HomeGroupProvider - ok
18:42:26.0584 10848 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:42:26.0584 10848 HpSAMD - ok
18:42:26.0631 10848 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:42:26.0662 10848 HTTP - ok
18:42:26.0662 10848 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:42:26.0678 10848 hwpolicy - ok
18:42:26.0709 10848 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:42:26.0709 10848 i8042prt - ok
18:42:26.0740 10848 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:42:26.0771 10848 iaStorV - ok
18:42:26.0834 10848 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:26.0865 10848 idsvc - ok
18:42:26.0881 10848 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:42:26.0881 10848 iirsp - ok
18:42:26.0943 10848 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:42:26.0974 10848 IKEEXT - ok
18:42:27.0005 10848 [ 4A9EB8AC8959C580ADCADDBDBBEBE033 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
18:42:27.0021 10848 Intel® PROSet Monitoring Service - ok
18:42:27.0021 10848 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:42:27.0021 10848 intelide - ok
18:42:27.0083 10848 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:42:27.0083 10848 intelppm - ok
18:42:27.0115 10848 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:42:27.0115 10848 IPBusEnum - ok
18:42:27.0146 10848 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:27.0146 10848 IpFilterDriver - ok
18:42:27.0193 10848 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:42:27.0208 10848 iphlpsvc - ok
18:42:27.0224 10848 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:42:27.0239 10848 IPMIDRV - ok
18:42:27.0255 10848 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:42:27.0255 10848 IPNAT - ok
18:42:27.0317 10848 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:42:27.0333 10848 iPod Service - ok
18:42:27.0364 10848 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:42:27.0364 10848 IRENUM - ok
18:42:27.0380 10848 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:42:27.0380 10848 isapnp - ok
18:42:27.0427 10848 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:42:27.0427 10848 iScsiPrt - ok
18:42:27.0458 10848 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:27.0473 10848 kbdclass - ok
18:42:27.0505 10848 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:27.0505 10848 kbdhid - ok
18:42:27.0520 10848 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:42:27.0520 10848 KeyIso - ok
18:42:27.0551 10848 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:42:27.0551 10848 KSecDD - ok
18:42:27.0583 10848 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:42:27.0583 10848 KSecPkg - ok
18:42:27.0629 10848 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:42:27.0629 10848 ksthunk - ok
18:42:27.0676 10848 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:42:27.0692 10848 KtmRm - ok
18:42:27.0754 10848 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:42:27.0770 10848 LanmanServer - ok
18:42:27.0817 10848 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:42:27.0817 10848 LanmanWorkstation - ok
18:42:27.0863 10848 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:42:27.0863 10848 lltdio - ok
18:42:27.0926 10848 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:42:27.0941 10848 lltdsvc - ok
18:42:27.0957 10848 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:42:27.0957 10848 lmhosts - ok
18:42:27.0988 10848 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:42:27.0988 10848 LSI_FC - ok
18:42:28.0004 10848 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:42:28.0004 10848 LSI_SAS - ok
18:42:28.0019 10848 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:42:28.0019 10848 LSI_SAS2 - ok
18:42:28.0051 10848 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:42:28.0051 10848 LSI_SCSI - ok
18:42:28.0066 10848 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:42:28.0082 10848 luafv - ok
18:42:28.0129 10848 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
18:42:28.0144 10848 LVRS64 - ok
18:42:28.0300 10848 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:42:28.0425 10848 LVUVC64 - ok
18:42:28.0472 10848 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:42:28.0472 10848 MBAMProtector - ok
18:42:28.0534 10848 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:42:28.0550 10848 MBAMService - ok
18:42:28.0565 10848 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:42:28.0565 10848 Mcx2Svc - ok
18:42:28.0597 10848 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:42:28.0597 10848 megasas - ok
18:42:28.0643 10848 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:42:28.0643 10848 MegaSR - ok
18:42:28.0721 10848 Microsoft SharePoint Workspace Audit Service - ok
18:42:28.0768 10848 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:42:28.0768 10848 MMCSS - ok
18:42:28.0799 10848 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:42:28.0799 10848 Modem - ok
18:42:28.0831 10848 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:42:28.0831 10848 monitor - ok
18:42:28.0862 10848 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:42:28.0862 10848 mouclass - ok
18:42:28.0893 10848 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:42:28.0893 10848 mouhid - ok
18:42:28.0909 10848 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:42:28.0909 10848 mountmgr - ok
18:42:28.0940 10848 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:42:28.0940 10848 MpFilter - ok
18:42:28.0971 10848 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:42:28.0971 10848 mpio - ok
18:42:29.0002 10848 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:42:29.0002 10848 mpsdrv - ok
18:42:29.0033 10848 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:42:29.0049 10848 MpsSvc - ok
18:42:29.0080 10848 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:42:29.0080 10848 MRxDAV - ok
18:42:29.0143 10848 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:29.0143 10848 mrxsmb - ok
18:42:29.0174 10848 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:29.0174 10848 mrxsmb10 - ok
18:42:29.0221 10848 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:29.0221 10848 mrxsmb20 - ok
18:42:29.0267 10848 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:42:29.0267 10848 msahci - ok
18:42:29.0314 10848 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:42:29.0330 10848 msdsm - ok
18:42:29.0361 10848 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:42:29.0361 10848 MSDTC - ok
18:42:29.0392 10848 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:42:29.0392 10848 Msfs - ok
18:42:29.0423 10848 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:42:29.0423 10848 mshidkmdf - ok
18:42:29.0439 10848 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:42:29.0439 10848 msisadrv - ok
18:42:29.0501 10848 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:42:29.0501 10848 MSiSCSI - ok
18:42:29.0501 10848 msiserver - ok
18:42:29.0533 10848 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:42:29.0533 10848 MSKSSRV - ok
18:42:29.0626 10848 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:42:29.0626 10848 MsMpSvc - ok
18:42:29.0657 10848 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:29.0657 10848 MSPCLOCK - ok
18:42:29.0673 10848 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:42:29.0673 10848 MSPQM - ok
18:42:29.0704 10848 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:42:29.0720 10848 MsRPC - ok
18:42:29.0751 10848 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:29.0751 10848 mssmbios - ok
18:42:29.0767 10848 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:42:29.0767 10848 MSTEE - ok
18:42:29.0782 10848 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:42:29.0782 10848 MTConfig - ok
18:42:29.0813 10848 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:42:29.0813 10848 Mup - ok
18:42:29.0860 10848 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:42:29.0876 10848 napagent - ok
18:42:29.0938 10848 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:42:29.0954 10848 NativeWifiP - ok
18:42:30.0001 10848 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:42:30.0032 10848 NDIS - ok
18:42:30.0047 10848 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:30.0047 10848 NdisCap - ok
18:42:30.0094 10848 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:30.0094 10848 NdisTapi - ok
18:42:30.0110 10848 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:30.0110 10848 Ndisuio - ok
18:42:30.0125 10848 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:30.0141 10848 NdisWan - ok
18:42:30.0141 10848 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:42:30.0141 10848 NDProxy - ok
18:42:30.0172 10848 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:42:30.0172 10848 NetBIOS - ok
18:42:30.0235 10848 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:42:30.0235 10848 NetBT - ok
18:42:30.0250 10848 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:42:30.0250 10848 Netlogon - ok
18:42:30.0313 10848 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:42:30.0328 10848 Netman - ok
18:42:30.0359 10848 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:42:30.0375 10848 netprofm - ok
18:42:30.0422 10848 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:30.0422 10848 NetTcpPortSharing - ok
18:42:30.0453 10848 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:42:30.0453 10848 nfrd960 - ok
18:42:30.0484 10848 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:42:30.0500 10848 NisDrv - ok
18:42:30.0531 10848 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:42:30.0531 10848 NisSrv - ok
18:42:30.0562 10848 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:42:30.0578 10848 NlaSvc - ok
18:42:30.0593 10848 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:42:30.0593 10848 Npfs - ok
18:42:30.0640 10848 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:42:30.0656 10848 nsi - ok
18:42:30.0656 10848 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:42:30.0656 10848 nsiproxy - ok
18:42:30.0734 10848 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:42:30.0782 10848 Ntfs - ok
18:42:30.0813 10848 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
18:42:30.0828 10848 NuidFltr - ok
18:42:30.0860 10848 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:42:30.0860 10848 Null - ok
18:42:31.0234 10848 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:42:31.0593 10848 nvlddmkm - ok
18:42:31.0624 10848 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:42:31.0624 10848 nvraid - ok
18:42:31.0655 10848 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:42:31.0655 10848 nvstor - ok
18:42:31.0718 10848 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:42:31.0749 10848 nvsvc - ok
18:42:31.0843 10848 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:42:31.0843 10848 nvUpdatusService - ok
18:42:31.0875 10848 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:42:31.0875 10848 nv_agp - ok
18:42:31.0890 10848 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:42:31.0906 10848 ohci1394 - ok
18:42:31.0968 10848 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:31.0968 10848 ose64 - ok
18:42:32.0187 10848 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:32.0218 10848 osppsvc - ok
18:42:32.0249 10848 [ 1BE9C3A9423FEA69491E04221F292FD2 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
18:42:32.0249 10848 ossrv - ok
18:42:32.0296 10848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:42:32.0311 10848 p2pimsvc - ok
18:42:32.0358 10848 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:42:32.0389 10848 p2psvc - ok
18:42:32.0421 10848 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:42:32.0436 10848 Parport - ok
18:42:32.0467 10848 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:42:32.0467 10848 partmgr - ok
18:42:32.0483 10848 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:42:32.0499 10848 PcaSvc - ok
18:42:32.0499 10848 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:42:32.0514 10848 pci - ok
18:42:32.0530 10848 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:42:32.0530 10848 pciide - ok
18:42:32.0561 10848 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:42:32.0561 10848 pcmcia - ok
18:42:32.0577 10848 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:42:32.0577 10848 pcw - ok
18:42:32.0623 10848 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:42:32.0639 10848 PEAUTH - ok
18:42:32.0686 10848 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:42:32.0717 10848 PeerDistSvc - ok
18:42:32.0827 10848 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:42:32.0827 10848 PerfHost - ok
18:42:32.0921 10848 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:42:32.0968 10848 pla - ok
18:42:33.0014 10848 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:42:33.0030 10848 PlugPlay - ok
18:42:33.0046 10848 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:42:33.0061 10848 PNRPAutoReg - ok
18:42:33.0077 10848 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:42:33.0077 10848 PNRPsvc - ok
18:42:33.0124 10848 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:42:33.0124 10848 Point64 - ok
18:42:33.0186 10848 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:42:33.0202 10848 PolicyAgent - ok
18:42:33.0280 10848 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:42:33.0295 10848 Power - ok
18:42:33.0342 10848 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:42:33.0342 10848 PptpMiniport - ok
18:42:33.0358 10848 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:42:33.0358 10848 Processor - ok
18:42:33.0404 10848 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:42:33.0420 10848 ProfSvc - ok
18:42:33.0436 10848 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:42:33.0436 10848 ProtectedStorage - ok
18:42:33.0467 10848 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:42:33.0467 10848 Psched - ok
18:42:33.0545 10848 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:42:33.0592 10848 ql2300 - ok
18:42:33.0623 10848 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:42:33.0623 10848 ql40xx - ok
18:42:33.0670 10848 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:42:33.0685 10848 QWAVE - ok
18:42:33.0701 10848 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:42:33.0701 10848 QWAVEdrv - ok
18:42:33.0716 10848 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:42:33.0716 10848 RasAcd - ok
18:42:33.0763 10848 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:42:33.0763 10848 RasAgileVpn - ok
18:42:33.0779 10848 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:42:33.0779 10848 RasAuto - ok
18:42:33.0794 10848 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:33.0811 10848 Rasl2tp - ok
18:42:33.0827 10848 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:42:33.0842 10848 RasMan - ok
18:42:33.0873 10848 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:33.0873 10848 RasPppoe - ok
18:42:33.0889 10848 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:42:33.0889 10848 RasSstp - ok
18:42:33.0905 10848 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:42:33.0920 10848 rdbss - ok
18:42:33.0967 10848 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:42:33.0967 10848 rdpbus - ok
18:42:33.0983 10848 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:33.0983 10848 RDPCDD - ok
18:42:33.0998 10848 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:42:34.0014 10848 RDPDR - ok
18:42:34.0029 10848 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:42:34.0029 10848 RDPENCDD - ok
18:42:34.0045 10848 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:42:34.0045 10848 RDPREFMP - ok
18:42:34.0076 10848 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:42:34.0076 10848 RDPWD - ok
18:42:34.0107 10848 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:42:34.0107 10848 rdyboost - ok
18:42:34.0170 10848 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:42:34.0170 10848 RemoteAccess - ok
18:42:34.0185 10848 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:42:34.0185 10848 RemoteRegistry - ok
18:42:34.0248 10848 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:42:34.0263 10848 RpcEptMapper - ok
18:42:34.0295 10848 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:42:34.0295 10848 RpcLocator - ok
18:42:34.0326 10848 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:42:34.0341 10848 RpcSs - ok
18:42:34.0373 10848 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:42:34.0373 10848 rspndr - ok
18:42:34.0404 10848 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:42:34.0404 10848 s3cap - ok
18:42:34.0435 10848 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:42:34.0435 10848 SamSs - ok
18:42:34.0466 10848 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:42:34.0466 10848 sbp2port - ok
18:42:34.0560 10848 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:42:34.0560 10848 SBSDWSCService - ok
18:42:34.0575 10848 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:42:34.0591 10848 SCardSvr - ok
18:42:34.0607 10848 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:42:34.0607 10848 scfilter - ok
18:42:34.0669 10848 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:42:34.0716 10848 Schedule - ok
18:42:34.0747 10848 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:42:34.0763 10848 SCPolicySvc - ok
18:42:34.0778 10848 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:42:34.0778 10848 SDRSVC - ok
18:42:34.0842 10848 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:42:34.0842 10848 secdrv - ok
18:42:34.0842 10848 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:42:34.0857 10848 seclogon - ok
18:42:34.0857 10848 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:42:34.0857 10848 SENS - ok
18:42:34.0873 10848 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:42:34.0873 10848 SensrSvc - ok
18:42:34.0904 10848 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:42:34.0904 10848 Serenum - ok
18:42:34.0920 10848 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:42:34.0920 10848 Serial - ok
18:42:34.0935 10848 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:42:34.0935 10848 sermouse - ok
18:42:34.0966 10848 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:42:34.0982 10848 SessionEnv - ok
18:42:34.0998 10848 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:42:34.0998 10848 sffdisk - ok
18:42:35.0013 10848 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:42:35.0013 10848 sffp_mmc - ok
18:42:35.0044 10848 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:42:35.0044 10848 sffp_sd - ok
18:42:35.0060 10848 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:42:35.0060 10848 sfloppy - ok
18:42:35.0091 10848 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:42:35.0107 10848 SharedAccess - ok
18:42:35.0169 10848 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:42:35.0200 10848 ShellHWDetection - ok
18:42:35.0232 10848 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:42:35.0232 10848 SiSRaid2 - ok
18:42:35.0263 10848 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:42:35.0263 10848 SiSRaid4 - ok
18:42:35.0294 10848 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:42:35.0294 10848 Smb - ok
18:42:35.0341 10848 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:42:35.0341 10848 SNMPTRAP - ok
18:42:35.0356 10848 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:42:35.0356 10848 spldr - ok
18:42:35.0388 10848 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:42:35.0434 10848 Spooler - ok
18:42:35.0544 10848 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:42:35.0622 10848 sppsvc - ok
18:42:35.0653 10848 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:42:35.0668 10848 sppuinotify - ok
18:42:35.0731 10848 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:42:35.0746 10848 srv - ok
18:42:35.0778 10848 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:42:35.0793 10848 srv2 - ok
18:42:35.0840 10848 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:42:35.0856 10848 srvnet - ok
18:42:35.0887 10848 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:42:35.0887 10848 SSDPSRV - ok
18:42:35.0934 10848 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:42:35.0934 10848 SstpSvc - ok
18:42:35.0980 10848 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:42:35.0980 10848 stexstor - ok
18:42:36.0058 10848 [ FA15F1B6947B91724ADB379ECBA9CDBE ] STHDA C:\Windows\system32\drivers\stwrt64.sys
18:42:36.0090 10848 STHDA - ok
18:42:36.0152 10848 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:42:36.0183 10848 stisvc - ok
18:42:36.0230 10848 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:42:36.0230 10848 storflt - ok
18:42:36.0246 10848 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:42:36.0246 10848 StorSvc - ok
18:42:36.0261 10848 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:42:36.0261 10848 storvsc - ok
18:42:36.0277 10848 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:42:36.0277 10848 swenum - ok
18:42:36.0308 10848 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:42:36.0339 10848 swprv - ok
18:42:36.0402 10848 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:42:36.0464 10848 SysMain - ok
18:42:36.0526 10848 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:42:36.0526 10848 TabletInputService - ok
18:42:36.0542 10848 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:42:36.0573 10848 TapiSrv - ok
18:42:36.0573 10848 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:42:36.0589 10848 TBS - ok
18:42:36.0667 10848 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:42:36.0714 10848 Tcpip - ok
18:42:36.0776 10848 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:42:36.0792 10848 TCPIP6 - ok
18:42:36.0854 10848 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:42:36.0854 10848 tcpipreg - ok
18:42:36.0870 10848 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:42:36.0870 10848 TDPIPE - ok
18:42:36.0901 10848 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:42:36.0901 10848 TDTCP - ok
18:42:36.0932 10848 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:42:36.0932 10848 tdx - ok
18:42:36.0948 10848 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:42:36.0948 10848 TermDD - ok
18:42:36.0979 10848 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:42:37.0010 10848 TermService - ok
18:42:37.0072 10848 [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
18:42:37.0072 10848 TfFsMon - ok
18:42:37.0119 10848 [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
18:42:37.0119 10848 TfNetMon - ok
18:42:37.0166 10848 [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys
18:42:37.0166 10848 TfSysMon - ok
18:42:37.0213 10848 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:42:37.0213 10848 Themes - ok
18:42:37.0228 10848 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:42:37.0228 10848 THREADORDER - ok
18:42:37.0306 10848 ThreatFire - ok
18:42:37.0322 10848 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:42:37.0338 10848 TrkWks - ok
18:42:37.0416 10848 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:42:37.0431 10848 TrustedInstaller - ok
18:42:37.0447 10848 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:37.0447 10848 tssecsrv - ok
18:42:37.0509 10848 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:42:37.0509 10848 TsUsbFlt - ok
18:42:37.0525 10848 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:42:37.0525 10848 TsUsbGD - ok
18:42:37.0556 10848 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:42:37.0556 10848 tunnel - ok
18:42:37.0572 10848 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:42:37.0587 10848 uagp35 - ok
18:42:37.0603 10848 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:42:37.0618 10848 udfs - ok
18:42:37.0665 10848 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:42:37.0665 10848 UI0Detect - ok
18:42:37.0712 10848 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:42:37.0712 10848 uliagpkx - ok
18:42:37.0743 10848 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:42:37.0743 10848 umbus - ok
18:42:37.0774 10848 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:42:37.0774 10848 UmPass - ok
18:42:37.0790 10848 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:42:37.0806 10848 UmRdpService - ok
18:42:37.0899 10848 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:42:37.0899 10848 UMVPFSrv - ok
18:42:37.0930 10848 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:42:37.0946 10848 upnphost - ok
18:42:37.0993 10848 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:42:37.0993 10848 USBAAPL64 - ok
18:42:38.0055 10848 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:42:38.0055 10848 usbaudio - ok
18:42:38.0071 10848 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:38.0086 10848 usbccgp - ok
18:42:38.0133 10848 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:42:38.0149 10848 usbcir - ok
18:42:38.0180 10848 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:42:38.0180 10848 usbehci - ok
18:42:38.0227 10848 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:42:38.0242 10848 usbhub - ok
18:42:38.0274 10848 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:42:38.0274 10848 usbohci - ok
18:42:38.0305 10848 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:42:38.0305 10848 usbprint - ok
18:42:38.0352 10848 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:42:38.0352 10848 usbscan - ok
18:42:38.0367 10848 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:38.0367 10848 USBSTOR - ok
18:42:38.0367 10848 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:38.0383 10848 usbuhci - ok
18:42:38.0414 10848 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:42:38.0414 10848 usbvideo - ok
18:42:38.0461 10848 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:42:38.0461 10848 UxSms - ok
18:42:38.0476 10848 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:42:38.0476 10848 VaultSvc - ok
18:42:38.0508 10848 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:42:38.0508 10848 vdrvroot - ok
18:42:38.0539 10848 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:42:38.0554 10848 vds - ok
18:42:38.0570 10848 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:38.0570 10848 vga - ok
18:42:38.0586 10848 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:42:38.0586 10848 VgaSave - ok
18:42:38.0617 10848 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:42:38.0617 10848 vhdmp - ok
18:42:38.0648 10848 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:42:38.0648 10848 viaide - ok
18:42:38.0664 10848 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:42:38.0679 10848 vmbus - ok
18:42:38.0695 10848 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:42:38.0695 10848 VMBusHID - ok
18:42:38.0742 10848 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:42:38.0757 10848 volmgr - ok
18:42:38.0773 10848 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:42:38.0788 10848 volmgrx - ok
18:42:38.0835 10848 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:42:38.0851 10848 volsnap - ok
18:42:38.0882 10848 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:42:38.0882 10848 vsmraid - ok
18:42:38.0960 10848 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:42:39.0007 10848 VSS - ok
18:42:39.0007 10848 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:42:39.0022 10848 vwifibus - ok
18:42:39.0038 10848 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:42:39.0054 10848 W32Time - ok
18:42:39.0085 10848 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:42:39.0085 10848 WacomPen - ok
18:42:39.0132 10848 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:42:39.0132 10848 WANARP - ok
18:42:39.0147 10848 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:42:39.0147 10848 Wanarpv6 - ok
18:42:39.0256 10848 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:42:39.0303 10848 WatAdminSvc - ok
18:42:39.0350 10848 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:42:39.0397 10848 wbengine - ok
18:42:39.0428 10848 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:42:39.0428 10848 WbioSrvc - ok
18:42:39.0459 10848 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:42:39.0475 10848 wcncsvc - ok
18:42:39.0490 10848 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:42:39.0490 10848 WcsPlugInService - ok
18:42:39.0522 10848 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:42:39.0537 10848 Wd - ok
18:42:39.0568 10848 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:42:39.0600 10848 Wdf01000 - ok
18:42:39.0631 10848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:42:39.0646 10848 WdiServiceHost - ok
18:42:39.0646 10848 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:42:39.0646 10848 WdiSystemHost - ok
18:42:39.0678 10848 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:42:39.0693 10848 WebClient - ok
18:42:39.0709 10848 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:42:39.0724 10848 Wecsvc - ok
18:42:39.0740 10848 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:42:39.0740 10848 wercplsupport - ok
18:42:39.0787 10848 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:42:39.0787 10848 WerSvc - ok
18:42:39.0834 10848 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:42:39.0849 10848 WfpLwf - ok
18:42:39.0865 10848 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:42:39.0880 10848 WIMMount - ok
18:42:39.0896 10848 WinDefend - ok
18:42:39.0912 10848 WinHttpAutoProxySvc - ok
18:42:39.0990 10848 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:42:39.0990 10848 Winmgmt - ok
18:42:40.0068 10848 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:42:40.0130 10848 WinRM - ok
18:42:40.0177 10848 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:42:40.0192 10848 WinUsb - ok
18:42:40.0239 10848 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:42:40.0270 10848 Wlansvc - ok
18:42:40.0317 10848 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:42:40.0317 10848 WmiAcpi - ok
18:42:40.0364 10848 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:42:40.0364 10848 wmiApSrv - ok
18:42:40.0395 10848 WMPNetworkSvc - ok
18:42:40.0411 10848 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:42:40.0411 10848 WPCSvc - ok
18:42:40.0442 10848 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:42:40.0442 10848 WPDBusEnum - ok
18:42:40.0458 10848 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:42:40.0458 10848 ws2ifsl - ok
18:42:40.0473 10848 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:42:40.0489 10848 wscsvc - ok
18:42:40.0489 10848 WSearch - ok
18:42:40.0598 10848 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:42:40.0660 10848 wuauserv - ok
18:42:40.0676 10848 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:42:40.0676 10848 WudfPf - ok
18:42:40.0723 10848 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:40.0723 10848 WUDFRd - ok
18:42:40.0770 10848 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:42:40.0770 10848 wudfsvc - ok
18:42:40.0801 10848 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:42:40.0816 10848 WwanSvc - ok
18:42:40.0879 10848 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:42:40.0879 10848 YahooAUService - ok
18:42:40.0894 10848 ================ Scan global ===============================
18:42:40.0941 10848 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:42:40.0988 10848 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:42:41.0004 10848 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:42:41.0050 10848 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:42:41.0113 10848 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:42:41.0113 10848 [Global] - ok
18:42:41.0113 10848 ================ Scan MBR ==================================
18:42:41.0144 10848 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:42:41.0472 10848 \Device\Harddisk0\DR0 - ok
18:42:41.0550 10848 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:42:41.0690 10848 \Device\Harddisk1\DR1 - ok
18:42:41.0706 10848 ================ Scan VBR ==================================
18:42:41.0706 10848 [ 65D0D8CC24FF780CE97F9A7C112351E1 ] \Device\Harddisk0\DR0\Partition1
18:42:41.0706 10848 \Device\Harddisk0\DR0\Partition1 - ok
18:42:41.0721 10848 [ E644AEBB4CAD5E79D16BAACD815C712E ] \Device\Harddisk1\DR1\Partition1
18:42:41.0721 10848 \Device\Harddisk1\DR1\Partition1 - ok
18:42:41.0721 10848 ============================================================
18:42:41.0721 10848 Scan finished
18:42:41.0721 10848 ============================================================
18:42:41.0737 11160 Detected object count: 0
18:42:41.0737 11160 Actual detected object count: 0
18:43:34.0848 9228 Deinitialize success

***************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 18:44:02
-----------------------------
18:44:02.259 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:02.259 Number of processors: 2 586 0x404
18:44:02.259 ComputerName: CHESTER-PC UserName: CHESTER
18:44:03.617 Initialize success
19:37:32.743 AVAST engine defs: 12082803
19:37:41.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:37:41.557 Disk 0 Vendor: WDC_WD2500JS-75NCB1 10.02E01 Size: 238418MB BusType: 11
19:37:41.573 Disk 0 MBR read successfully
19:37:41.588 Disk 0 MBR scan
19:37:41.588 Disk 0 Windows 7 default MBR code
19:37:41.604 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 233515 MB offset 80325
19:37:41.744 Disk 0 scanning C:\Windows\system32\drivers
19:38:02.020 Service scanning
19:38:54.133 Modules scanning
19:38:54.133 Disk 0 trace - called modules:
19:38:54.149 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:38:54.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003422060]
19:38:54.164 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8002e9c1f0]
19:38:55.631 AVAST engine scan C:\Windows
19:39:08.033 AVAST engine scan C:\Windows\system32
19:45:29.470 AVAST engine scan C:\Windows\system32\drivers
19:45:59.176 AVAST engine scan C:\Users\CHESTER
19:54:44.190 AVAST engine scan C:\ProgramData
19:57:25.446 Scan finished successfully
19:58:40.125 Disk 0 MBR has been saved successfully to "C:\Users\CHESTER\Desktop\MBR.dat"
19:58:40.234 The log file has been saved successfully to "C:\Users\CHESTER\Desktop\aswMBR.txt"


*************

ESET scanner had no option for LIST of found threats, scan result indicated no threats found

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 08:51 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 10:07 PM

malware bytes shows no objects

******************

MiniToolBox by Farbar Version: 23-07-2012
Ran by CHESTER (administrator) on 28-08-2012 at 22:58:57
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/1000 PL Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CHESTER-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection
Physical Address. . . . . . . . . : 00-13-72-0F-83-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd88:d407:e693:7e14%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 27, 2012 7:40:19 PM
Lease Expires . . . . . . . . . . : Wednesday, August 29, 2012 7:40:19 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234886002
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E0-EE-52-00-13-72-0F-83-8F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:30b0:29:3f57:febe(Preferred)
Link-local IPv6 Address . . . . . : fe80::30b0:29:3f57:febe%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4004:803::1002
74.125.228.100
74.125.228.101
74.125.228.102
74.125.228.103
74.125.228.104
74.125.228.105
74.125.228.110
74.125.228.96
74.125.228.97
74.125.228.98
74.125.228.99


Pinging google.com [74.125.228.101] with 32 bytes of data:
Reply from 74.125.228.101: bytes=32 time=38ms TTL=51
Reply from 74.125.228.101: bytes=32 time=37ms TTL=51

Ping statistics for 74.125.228.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 38ms, Average = 37ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=379ms TTL=44
Reply from 72.30.38.140: bytes=32 time=269ms TTL=44

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 269ms, Maximum = 379ms, Average = 324ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=14ms TTL=128
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 14ms, Average = 9ms
===========================================================================
Interface List
11...00 13 72 0f 83 8f ......Intel® PRO/1000 PL Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 276
192.168.1.65 255.255.255.255 On-link 192.168.1.65 276
192.168.1.255 255.255.255.255 On-link 192.168.1.65 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:30b0:29:3f57:febe/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::30b0:29:3f57:febe/128
On-link
11 276 fe80::cd88:d407:e693:7e14/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2012 10:06:04 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e00

Start Time: 01cd858a3bdf004c

Termination Time: 78

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 0f2a146b-f17e-11e1-828c-0013720f838f

Error: (08/28/2012 10:01:32 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d24

Start Time: 01cd8589e226964b

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 7176d84f-f17d-11e1-828c-0013720f838f

Error: (08/28/2012 09:59:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: jscript.dll, version: 5.8.7601.17866, time stamp: 0x4fdc0975
Exception code: 0xc0000005
Fault offset: 0x00026b6b
Faulting process id: 0x25d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2012 09:08:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 09:08:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 07:59:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 07:59:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 06:40:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/28/2012 06:32:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: ws2_32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba68
Exception code: 0xc0000005
Fault offset: 0x00007716
Faulting process id: 0x224c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/28/2012 05:38:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: ws2_32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba68
Exception code: 0xc0000005
Fault offset: 0x00007716
Faulting process id: 0x2b6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (08/27/2012 07:43:18 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/27/2012 07:43:18 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/27/2012 07:41:00 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNETURPX

Error: (08/27/2012 07:40:19 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:37:11 PM on ?8/?27/?2012 was unexpected.

Error: (08/27/2012 06:49:53 PM) (Source: Service Control Manager) (User: )
Description: The ThreatFire service terminated unexpectedly. It has done this 1 time(s).

Error: (08/27/2012 06:19:33 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/27/2012 06:19:33 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/27/2012 06:17:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FNETURPX

Error: (08/27/2012 06:15:14 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (08/27/2012 06:14:15 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/28/2012 10:06:04 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.175142e0001cd858a3bdf004c78C:\Program Files (x86)\Internet Explorer\iexplore.exe0f2a146b-f17e-11e1-828c-0013720f838f

Error: (08/28/2012 10:01:32 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.175141d2401cd8589e226964b94C:\Program Files (x86)\Internet Explorer\iexplore.exe7176d84f-f17d-11e1-828c-0013720f838f

Error: (08/28/2012 09:59:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912jscript.dll5.8.7601.178664fdc0975c000000500026b6b25d001cd8589e2e765c1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript.dll28454de1-f17d-11e1-828c-0013720f838f

Error: (08/28/2012 09:08:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CHESTER\Desktop\esetsmartinstaller_enu.exe

Error: (08/28/2012 09:08:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CHESTER\Desktop\esetsmartinstaller_enu.exe

Error: (08/28/2012 07:59:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CHESTER\Desktop\esetsmartinstaller_enu.exe

Error: (08/28/2012 07:59:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CHESTER\Desktop\esetsmartinstaller_enu.exe

Error: (08/28/2012 06:40:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\CHESTER\Desktop\esetsmartinstaller_enu.exe

Error: (08/28/2012 06:32:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912ws2_32.dll6.1.7601.175144ce7ba68c000000500007716224c01cd856d06b7e6e5C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\ws2_32.dll466d0b78-f160-11e1-828c-0013720f838f

Error: (08/28/2012 05:38:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912ws2_32.dll6.1.7601.175144ce7ba68c0000005000077162b6c01cd85658793e5d7C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\ws2_32.dllc63f23f5-f158-11e1-828c-0013720f838f


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ACDSee 32
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Belarc Advisor 8.2 (Version: 8.2.7.5)
Bonjour (Version: 3.0.0.10)
Browser Defender 3.0 (Version: 3.0.0.312)
CCleaner (Version: 3.22)
ConnectWise Internet Client (Version: 8.1)
Creative MediaSource 5 (Version: 5.26)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Photo AIO Printer 924
Digital Line Detect (Version: 1.10)
DivX Setup (Version: 2.6.1.8)
ESET Online Scanner v3
Freecorder 5 (Version: 5.02)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Talk (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
Intel® Network Connections 16.8.46.0 (Version: 16.8.46.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Macro Express 3 (Version: 3.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.72.80.56)
SigmaTel Audio (Version: 5.10.5102.0)
SnowFox DVD & Video to iPad Converter 2.9.0.0
Spybot - Search & Destroy (Version: 1.6.2)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.5.3.0)
ThreatExpert Memory Scanner 1.0 (Version: 1.0.1.0)
ThreatFire
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR archiver
Yahoo! Detect
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3070.16 MB
Available physical RAM: 1344.43 MB
Total Pagefile: 6138.52 MB
Available Pagefile: 4336.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.72 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:228.04 GB) (Free:149.49 GB) NTFS
8 Drive j: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2640.41 GB) NTFS

========================= Users: ========================================

User accounts for \\CHESTER-PC

Administrator CHESTER Guest
UpdatusUser


**** End of log ****

*********************

Farbar Service Scanner Version: 06-08-2012
Ran by CHESTER (administrator) on 28-08-2012 at 23:00:14
Running from "C:\Users\CHESTER\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

*****************

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 23:01:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : CHESTER - CHESTER-PC
# Boot Mode : Normal
# Running from : C:\Users\CHESTER\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Ask&Record

***** [Registre - GUID] *****

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [690 octets] - [28/08/2012 23:01:12]

########## EOF - C:\AdwCleaner[S1].txt - [817 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 10:15 PM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

What are your current issues?

#7 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 10:32 PM

The issue I am having is multiple instances of iexplore.exe, sdiagnhost.exe and conhost.exe. Strange this is that even though I close IE, it still shows running and then after some time, i hear some commericals even though IE is closed. i have to use taskmgr to shut down IE to stop the commericals. also when i use search engines, i constantly am redirected. all scans i run show my pc clean but the issue has been on-going for days. while performing your steps, my pc seems to be slowing down slightly




Rkill 2.3.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2012 11:23:50 PM in x64 mode.
Windows Version: Windows 7 Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\sttray64.exe (PID: 1388) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/28/2012 11:24:09 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 10:38 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#9 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 10:56 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AsioThk32Reg" "Creative ASIO Driver" "Creative Technology Ltd" "c:\windows\syswow64\ctasio.dll"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft device center\ipoint.exe"
+ "IntelliType Pro" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft device center\itype.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "SigmatelSysTrayApp" "Sigmatel Audio system tray application" "SigmaTel, Inc." "c:\windows\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ThreatFire" "PC Tools ThreatFire Tray App" "PC Tools" "c:\program files (x86)\threatfire\tftray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "MtdAcqu" "Metadata monitor" "Creative Technology Ltd" "c:\program files (x86)\creative\mediasource5\mtdacqu.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn2\yt.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "PC Tools Browser Guard BHO" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\browser defender\pctbrowserdefender.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files (x86)\yahoo!\companion\installs\cpn0\ytsingleinstance.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files (x86)\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "PC Tools Browser Guard" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files (x86)\browser defender\pctbrowserdefender.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn2\yt.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
X "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
X "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
X "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_devicecenter_exe" "Microsoft Mouse and Keyboard Center" "Microsoft" "c:\program files\microsoft device center\devicecenter.exe"
+ "\Microsoft_Hardware_Launch_ipoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft device center\ipoint.exe"
+ "\Microsoft_Hardware_Launch_itype_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft device center\itype.exe"
X "\{37D9078D-A497-403B-B5EF-6D41ECE7F87A}" "" "" "File not found: K:\fscommand\turboUSB.exe"
X "\{3F64D0A1-77C5-4AB6-A97B-7CED130D7F51}" "" "" "File not found: C:\Users\CHESTER\Desktop\R148157.exe"
X "\{49582BB8-3079-4481-8A2E-F96B3BBC2BDE}" "" "" "File not found: K:\fscommand\turboUSB.exe"
+ "\{673F5E59-C699-467B-82E4-99CCAC8EBB8C}" "ThreatExpert Memory Scanner" "ThreatExpert Ltd." "c:\program files\threatexpert memory scanner\tememoryscanner.exe"
+ "\{98D4E12B-6732-48C6-88B1-162A8C9803B7}" "ThreatExpert Memory Scanner" "ThreatExpert Ltd." "c:\program files\threatexpert memory scanner\tememoryscanner.exe"
X "\{F22C4304-94A2-47B0-A0E3-6447C2BDE8DF}" "" "" "File not found: K:\fscommand\turboUSB.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser Defender Update Service" "Browser Defender Update Service" "Threat Expert Ltd." "c:\program files (x86)\browser defender\bdtupdateservice.exe"
+ "dlcc_device" "Printer Communication System" " " "c:\windows\system32\dlcccoms.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "Intel® PROSet Monitoring Service" "The Intel® PROSet Monitoring Service actively monitors changes to the system and updates affected network devices to keep them running in optimal condition. Stopping this service may negatively affect the performance of the network devices on the system." "Intel Corporation" "c:\windows\system32\iprosetmonitor.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "ose64" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files (x86)\spybot - search & destroy\sdwinsec.exe"
+ "ThreatFire" "The ThreatFire engine responsible for monitoring your system for viruses, spyware, and other malware. Turning this service off makes your machine vulnerable to such attacks." "PC Tools" "c:\program files (x86)\threatfire\tfservice.exe"
+ "UMVPFSrv" "UMVPF is a user mode Logitech driver" "Logitech Inc." "c:\program files (x86)\common files\logishrd\lvmvfm\umvpfsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "Angel" "Lumanate, Inc. Angel WDM Driver" "Lumanate, Inc." "c:\windows\system32\drivers\angel.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "COMMONFX.DLL" "Creative Common FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\commonfx.dll"
+ "cpudrv64" "" "" "c:\program files (x86)\systemrequirementslab\cpudrv64.sys"
+ "CT20XUT.DLL" "Creative 20X Utility Effects" "Creative Technology Ltd." "c:\windows\system32\ct20xut.dll"
+ "ctac32k" "Creative AC3 SW Decoder Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctac32k.sys"
+ "ctaud2k" "Creative WDM Audio Device Driver" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaud2k.sys"
+ "CTAUDFX.DLL" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\ctaudfx.dll"
+ "CTEAPSFX.DLL" "APS FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\cteapsfx.dll"
+ "CTEXFIFX.DLL" "Creative XFi Effects" "Creative Technology Ltd." "c:\windows\system32\ctexfifx.dll"
+ "CTHWIUT.DLL" "Creative Utility Effects" "Creative Technology Ltd." "c:\windows\system32\cthwiut.dll"
+ "ctprxy2k" "Creative Proxy Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctprxy2k.sys"
+ "CTSBLFX.DLL" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\ctsblfx.dll"
+ "ctsfm2k" "SoundFont® Manager (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsfm2k.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6232e.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "emupia" "E-mu Plug-in Architecture Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\emupia2k.sys"
+ "FNETTBOH" "" "" "File not found: System32\drivers\FNETTBOH.SYS"
+ "FNETURPX" "" "" "File not found: System32\drivers\FNETURPX.SYS"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "ha20x2k" "Creative 20X HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ha20x2k.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVRS64" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs64.sys"
+ "LVUVC64" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc64.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 301.42 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ossrv" "Creative OS Services Driver (WDM)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctoss2k.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "TfFsMon" "ThreatFire Filesystem Monitor" "PC Tools" "c:\windows\system32\drivers\tffsmon.sys"
+ "TfNetMon" "ThreatFire Network Monitor" "PC Tools" "c:\windows\system32\drivers\tfnetmon.sys"
+ "TfSysMon" "ThreatFire System Monitor" "PC Tools" "c:\windows\system32\drivers\tfsysmon.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcod64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\syswow64\lvcodec2.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metabpmu.ax"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\ac3srcu.ax"
+ "Creative Audio Gain Filter" "Audio Gain Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\audgain.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cdda.ax"
+ "Creative File Reader Filter" "Creative File Reader Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\filreadu.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\flacsrcu.ax"
+ "Creative Internet Source Filter" "Creative Internet Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\inetsrcu.ax"
+ "Creative LiveRecording Filter_SxS" "Live Recording Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\liverecu.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\mlpsrcu.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\nvfsrcu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\oggsrcu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\rawwritu.ax"
+ "Creative Wave Writer" "Wave Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wavwrite.ax"
+ "Creative WMA Source Filter" "Creative WMA Source Filter" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmasrc.ax"
+ "Creative WMA Writer" "WMA Writer" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\wmawrite.ax"
+ "CT CMSS3 filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\cmss3.ax"
+ "CT HPVirtualizer filter" "Creative Headphone Virtualizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\virtual.ax"
+ "CT Karaoke filter" "Creative Karaoke Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\karaoke.ax"
+ "CT PDP filter" "Creative Crystalizer Filter" "Creative Technology, Ltd." "c:\program files (x86)\creative\shared files\pdp.ax"
+ "CT SmartVolumeManagement filter" "Creative Compressor Plugin" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\dscompr.ax"
+ "CT Time-Scaling filter" "Sample" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\timescal.ax"
+ "CT Upsampler filter" "Sample" "Creative Technology Ltd" "c:\program files (x86)\creative\shared files\upsample.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "Noise Reduction" "Creative Noise Reduction Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\noisredu.ax"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\metasvmu.ax"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Dell 924 Port" "Printer Communication System" " " "c:\windows\system32\dlcclmpm.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 11:07 PM

Launch autoruns and uncheck these entries
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AsioThk32Reg" "Creative ASIO Driver" "Creative Technology Ltd" "c:\windows\syswow64\ctasio.dll"

"Task Scheduler" "" "" ""
X "\{37D9078D-A497-403B-B5EF-6D41ECE7F87A}" "" "" "File not found: K:\fscommand\turboUSB.exe"
X "\{3F64D0A1-77C5-4AB6-A97B-7CED130D7F51}" "" "" "File not found: C:\Users\CHESTER\Desktop\R148157.exe"
X "\{49582BB8-3079-4481-8A2E-F96B3BBC2BDE}" "" "" "File not found: K:\fscommand\turboUSB.exe"
X "\{F22C4304-94A2-47B0-A0E3-6447C2BDE8DF}" "" "" "File not found: K:\fscommand\turboUSB.exe"

restart the PC and see if you still have redirects

#11 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 11:23 PM

yes still being redirected when searching...also notice that pc is sluggish now...

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 11:25 PM

Press windows+R key and type

%appdata% and click ok

Do you notice any DLL files in the folder?

Which browser gets redirected?

#13 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 11:26 PM

also seeing webpage security message...when i did a search, this is where i was redirected to:

http://63.209.69.107/search/web/william/C10/ecn/44561-20351/v5

#14 keywestr

keywestr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 August 2012 - 11:28 PM

appdata shows 17 folders in appdata/roaming directory, no dll files in root dir. I use IE 8

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 28 August 2012 - 11:29 PM

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok

Can you see DLL files now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users