Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Browser redirect virus


  • Please log in to reply
8 replies to this topic

#1 Domlaz

Domlaz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 September 2012 - 11:35 AM

hey

My internet explorer seems to be infected since yesterday. When i search something on google my browser make me visit around 10 websites and stop on a blank page.
And my internet is very slow since this incident. The first thing that happened was my desktop wallpaper changing for a black page and the theme also. I made a system recovery but still infected with IE. I tried around 6 anti-spyware, anti-malware, anti-virus and nothing was found. I also checked my host files and nothing was in there. I tried to run the software TDSSKiller but each times i tried to open it, nothing was happening, i downloaded the UNDETECTABLE version and it found nothing... i tried to run the tdss fix from norton and i cant open it... same thing happend as the tdsskiller software, something make it close each time i try to run it. What should i do before formating?

ps: i also try the rs killer registry thing

thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 07 September 2012 - 11:44 AM

Hello ,lets try this way.


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Now try TDSS...
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Domlaz

Domlaz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 September 2012 - 09:14 AM

10:01:23.0347 1768 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
10:01:24.0501 1768 ============================================================
10:01:24.0501 1768 Current date / time: 2012/09/08 10:01:24.0501
10:01:24.0501 1768 SystemInfo:
10:01:24.0501 1768
10:01:24.0501 1768 OS Version: 6.1.7601 ServicePack: 1.0
10:01:24.0501 1768 Product type: Workstation
10:01:24.0501 1768 ComputerName: DOM-PC
10:01:24.0501 1768 UserName: Dom
10:01:24.0501 1768 Windows directory: C:\Windows
10:01:24.0501 1768 System windows directory: C:\Windows
10:01:24.0501 1768 Running under WOW64
10:01:24.0501 1768 Processor architecture: Intel x64
10:01:24.0501 1768 Number of processors: 4
10:01:24.0501 1768 Page size: 0x1000
10:01:24.0501 1768 Boot type: Safe boot with network
10:01:24.0501 1768 ============================================================
10:01:25.0234 1768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000020
10:01:25.0234 1768 ============================================================
10:01:25.0234 1768 \Device\Harddisk0\DR0:
10:01:25.0234 1768 MBR partitions:
10:01:25.0234 1768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:01:25.0234 1768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A34C030
10:01:25.0234 1768 ============================================================
10:01:25.0250 1768 C: <-> \Device\Harddisk0\DR0\Partition1
10:01:25.0250 1768 ============================================================
10:01:25.0250 1768 Initialize success
10:01:25.0250 1768 ============================================================
10:01:32.0426 0596 ============================================================
10:01:32.0426 0596 Scan started
10:01:32.0426 0596 Mode: Manual; SigCheck; TDLFS;
10:01:32.0426 0596 ============================================================
10:01:33.0346 0596 !SASCORE (581d88b25c4d4121824fed2ca38e562f) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:01:33.0378 0596 !SASCORE - ok
10:01:33.0456 0596 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:01:33.0487 0596 1394ohci - ok
10:01:33.0518 0596 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:01:33.0534 0596 ACPI - ok
10:01:33.0549 0596 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:01:33.0612 0596 AcpiPmi - ok
10:01:33.0705 0596 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
10:01:33.0705 0596 AdobeActiveFileMonitor10.0 - ok
10:01:33.0752 0596 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:01:33.0768 0596 AdobeARMservice - ok
10:01:33.0861 0596 AdobeFlashPlayerUpdateSvc (b2b64af436faccfa854dd397027c5360) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:01:33.0861 0596 AdobeFlashPlayerUpdateSvc - ok
10:01:33.0908 0596 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:01:33.0924 0596 adp94xx - ok
10:01:33.0939 0596 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:01:33.0955 0596 adpahci - ok
10:01:33.0955 0596 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:01:33.0970 0596 adpu320 - ok
10:01:34.0002 0596 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:01:34.0064 0596 AeLookupSvc - ok
10:01:34.0111 0596 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:01:34.0142 0596 AFD - ok
10:01:34.0173 0596 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:01:34.0189 0596 agp440 - ok
10:01:34.0204 0596 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:01:34.0236 0596 ALG - ok
10:01:34.0251 0596 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:01:34.0267 0596 aliide - ok
10:01:34.0267 0596 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:01:34.0267 0596 amdide - ok
10:01:34.0298 0596 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:01:34.0329 0596 AmdK8 - ok
10:01:34.0360 0596 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:01:34.0360 0596 AmdPPM - ok
10:01:34.0392 0596 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:01:34.0392 0596 amdsata - ok
10:01:34.0407 0596 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:01:34.0423 0596 amdsbs - ok
10:01:34.0423 0596 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:01:34.0438 0596 amdxata - ok
10:01:34.0501 0596 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:01:34.0501 0596 AntiVirSchedulerService - ok
10:01:34.0532 0596 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:01:34.0548 0596 AntiVirService - ok
10:01:34.0563 0596 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:01:34.0610 0596 AppID - ok
10:01:34.0641 0596 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:01:34.0688 0596 AppIDSvc - ok
10:01:34.0719 0596 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:01:34.0750 0596 Appinfo - ok
10:01:34.0828 0596 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:01:34.0844 0596 Apple Mobile Device - ok
10:01:34.0860 0596 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:01:34.0860 0596 arc - ok
10:01:34.0875 0596 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:01:34.0875 0596 arcsas - ok
10:01:34.0906 0596 Arctosa (2b0e02250a4ff9ef8c68020a7315d27b) C:\Windows\system32\drivers\Arctosa.sys
10:01:34.0953 0596 Arctosa - ok
10:01:34.0969 0596 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:01:35.0000 0596 AsyncMac - ok
10:01:35.0031 0596 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:01:35.0047 0596 atapi - ok
10:01:35.0062 0596 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:01:35.0078 0596 AtiPcie - ok
10:01:35.0109 0596 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:01:35.0172 0596 AudioEndpointBuilder - ok
10:01:35.0172 0596 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:01:35.0203 0596 AudioSrv - ok
10:01:35.0218 0596 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
10:01:35.0234 0596 avgntflt - ok
10:01:35.0250 0596 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
10:01:35.0250 0596 avipbb - ok
10:01:35.0281 0596 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:01:35.0281 0596 avkmgr - ok
10:01:35.0312 0596 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:01:35.0374 0596 AxInstSV - ok
10:01:35.0406 0596 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:01:35.0452 0596 b06bdrv - ok
10:01:35.0484 0596 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:01:35.0515 0596 b57nd60a - ok
10:01:35.0546 0596 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:01:35.0608 0596 BDESVC - ok
10:01:35.0608 0596 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:01:35.0655 0596 Beep - ok
10:01:35.0686 0596 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:01:35.0733 0596 BFE - ok
10:01:35.0780 0596 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:01:35.0889 0596 BITS - ok
10:01:35.0920 0596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:35.0952 0596 blbdrive - ok
10:01:36.0014 0596 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:01:36.0030 0596 Bonjour Service - ok
10:01:36.0061 0596 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:01:36.0076 0596 bowser - ok
10:01:36.0092 0596 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:36.0108 0596 BrFiltLo - ok
10:01:36.0123 0596 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:36.0139 0596 BrFiltUp - ok
10:01:36.0154 0596 Browser (05f5a0d14a2ee1d8255c2aa0e9e8e694) C:\Windows\System32\browser.dll
10:01:36.0201 0596 Browser - ok
10:01:36.0217 0596 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:01:36.0264 0596 Brserid - ok
10:01:36.0264 0596 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:36.0295 0596 BrSerWdm - ok
10:01:36.0310 0596 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:36.0326 0596 BrUsbMdm - ok
10:01:36.0326 0596 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:36.0326 0596 BrUsbSer - ok
10:01:36.0342 0596 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:36.0373 0596 BTHMODEM - ok
10:01:36.0420 0596 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:01:36.0451 0596 bthserv - ok
10:01:36.0482 0596 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:01:36.0513 0596 cdfs - ok
10:01:36.0544 0596 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:01:36.0576 0596 cdrom - ok
10:01:36.0607 0596 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:01:36.0654 0596 CertPropSvc - ok
10:01:36.0700 0596 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:01:36.0716 0596 circlass - ok
10:01:36.0747 0596 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:01:36.0763 0596 CLFS - ok
10:01:36.0810 0596 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:36.0810 0596 clr_optimization_v2.0.50727_32 - ok
10:01:36.0841 0596 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:01:36.0841 0596 clr_optimization_v2.0.50727_64 - ok
10:01:36.0888 0596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:36.0903 0596 clr_optimization_v4.0.30319_32 - ok
10:01:36.0919 0596 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:01:36.0934 0596 clr_optimization_v4.0.30319_64 - ok
10:01:37.0012 0596 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:37.0059 0596 CmBatt - ok
10:01:37.0106 0596 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:01:37.0106 0596 cmdide - ok
10:01:37.0153 0596 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:01:37.0168 0596 CNG - ok
10:01:37.0168 0596 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:01:37.0184 0596 Compbatt - ok
10:01:37.0200 0596 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:01:37.0231 0596 CompositeBus - ok
10:01:37.0246 0596 COMSysApp - ok
10:01:37.0262 0596 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:37.0262 0596 crcdisk - ok
10:01:37.0293 0596 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:01:37.0340 0596 CryptSvc - ok
10:01:37.0371 0596 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:01:37.0418 0596 DcomLaunch - ok
10:01:37.0449 0596 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:01:37.0496 0596 defragsvc - ok
10:01:37.0527 0596 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:01:37.0574 0596 DfsC - ok
10:01:37.0621 0596 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:01:37.0668 0596 Dhcp - ok
10:01:37.0699 0596 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:01:37.0730 0596 discache - ok
10:01:37.0761 0596 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:01:37.0761 0596 Disk - ok
10:01:37.0777 0596 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:01:37.0824 0596 Dnscache - ok
10:01:37.0839 0596 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:01:37.0886 0596 dot3svc - ok
10:01:37.0917 0596 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:01:37.0964 0596 DPS - ok
10:01:37.0995 0596 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:01:37.0995 0596 drmkaud - ok
10:01:38.0026 0596 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:01:38.0042 0596 dtsoftbus01 - ok
10:01:38.0073 0596 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:01:38.0089 0596 DXGKrnl - ok
10:01:38.0104 0596 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:01:38.0151 0596 EapHost - ok
10:01:38.0245 0596 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:01:38.0292 0596 ebdrv - ok
10:01:38.0354 0596 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:01:38.0370 0596 EFS - ok
10:01:38.0416 0596 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:01:38.0479 0596 ehRecvr - ok
10:01:38.0494 0596 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:01:38.0510 0596 ehSched - ok
10:01:38.0557 0596 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:01:38.0572 0596 elxstor - ok
10:01:38.0588 0596 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:01:38.0619 0596 ErrDev - ok
10:01:38.0650 0596 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:01:38.0682 0596 EventSystem - ok
10:01:38.0697 0596 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:01:38.0728 0596 exfat - ok
10:01:38.0728 0596 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:01:38.0775 0596 fastfat - ok
10:01:38.0822 0596 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:01:38.0869 0596 Fax - ok
10:01:38.0884 0596 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:01:38.0900 0596 fdc - ok
10:01:38.0931 0596 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:01:38.0947 0596 fdPHost - ok
10:01:38.0962 0596 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:01:38.0994 0596 FDResPub - ok
10:01:39.0009 0596 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:01:39.0025 0596 FileInfo - ok
10:01:39.0025 0596 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:01:39.0072 0596 Filetrace - ok
10:01:39.0087 0596 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:39.0087 0596 flpydisk - ok
10:01:39.0134 0596 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:01:39.0150 0596 FltMgr - ok
10:01:39.0181 0596 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:01:39.0243 0596 FontCache - ok
10:01:39.0290 0596 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:01:39.0306 0596 FontCache3.0.0.0 - ok
10:01:39.0337 0596 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:01:39.0337 0596 FsDepends - ok
10:01:39.0352 0596 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:01:39.0352 0596 Fs_Rec - ok
10:01:39.0384 0596 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:01:39.0384 0596 fvevol - ok
10:01:39.0399 0596 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:39.0415 0596 gagp30kx - ok
10:01:39.0430 0596 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:39.0430 0596 GEARAspiWDM - ok
10:01:39.0477 0596 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:01:39.0508 0596 gpsvc - ok
10:01:39.0571 0596 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:01:39.0586 0596 gupdate - ok
10:01:39.0586 0596 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:01:39.0602 0596 gupdatem - ok
10:01:39.0633 0596 gusvc (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:01:39.0633 0596 gusvc - ok
10:01:39.0649 0596 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:01:39.0696 0596 hcw85cir - ok
10:01:39.0727 0596 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:01:39.0758 0596 HdAudAddService - ok
10:01:39.0774 0596 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:01:39.0805 0596 HDAudBus - ok
10:01:39.0820 0596 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:01:39.0852 0596 HidBatt - ok
10:01:39.0867 0596 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:01:39.0898 0596 HidBth - ok
10:01:39.0914 0596 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:01:39.0914 0596 HidIr - ok
10:01:39.0930 0596 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:01:39.0976 0596 hidserv - ok
10:01:40.0023 0596 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:01:40.0023 0596 HidUsb - ok
10:01:40.0039 0596 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:01:40.0086 0596 hkmsvc - ok
10:01:40.0117 0596 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:01:40.0164 0596 HomeGroupListener - ok
10:01:40.0179 0596 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:01:40.0195 0596 HomeGroupProvider - ok
10:01:40.0242 0596 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:01:40.0242 0596 HpSAMD - ok
10:01:40.0273 0596 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:01:40.0320 0596 HTTP - ok
10:01:40.0351 0596 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:01:40.0351 0596 hwpolicy - ok
10:01:40.0366 0596 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:01:40.0366 0596 i8042prt - ok
10:01:40.0382 0596 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:01:40.0398 0596 iaStorV - ok
10:01:40.0507 0596 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:01:40.0522 0596 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:01:40.0522 0596 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:01:40.0600 0596 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:01:40.0616 0596 idsvc - ok
10:01:40.0663 0596 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:01:40.0663 0596 iirsp - ok
10:01:40.0710 0596 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:01:40.0741 0596 IKEEXT - ok
10:01:40.0850 0596 IntcAzAudAddService (0b21b66574e5478fa10cca2d36694c2d) C:\Windows\system32\drivers\RTKVHD64.sys
10:01:40.0912 0596 IntcAzAudAddService - ok
10:01:40.0975 0596 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:01:40.0975 0596 intelide - ok
10:01:41.0006 0596 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:01:41.0037 0596 intelppm - ok
10:01:41.0068 0596 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:01:41.0084 0596 IPBusEnum - ok
10:01:41.0115 0596 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:41.0146 0596 IpFilterDriver - ok
10:01:41.0178 0596 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:01:41.0224 0596 iphlpsvc - ok
10:01:41.0256 0596 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:01:41.0271 0596 IPMIDRV - ok
10:01:41.0302 0596 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:01:41.0334 0596 IPNAT - ok
10:01:41.0412 0596 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:01:41.0427 0596 iPod Service - ok
10:01:41.0443 0596 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:01:41.0458 0596 IRENUM - ok
10:01:41.0490 0596 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:01:41.0505 0596 isapnp - ok
10:01:41.0521 0596 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:01:41.0536 0596 iScsiPrt - ok
10:01:41.0552 0596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:01:41.0568 0596 kbdclass - ok
10:01:41.0583 0596 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:01:41.0614 0596 kbdhid - ok
10:01:41.0630 0596 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:41.0646 0596 KeyIso - ok
10:01:41.0661 0596 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:01:41.0661 0596 KSecDD - ok
10:01:41.0692 0596 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:01:41.0692 0596 KSecPkg - ok
10:01:41.0724 0596 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:01:41.0755 0596 ksthunk - ok
10:01:41.0786 0596 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:01:41.0833 0596 KtmRm - ok
10:01:41.0864 0596 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:01:41.0895 0596 LanmanServer - ok
10:01:41.0942 0596 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:01:41.0973 0596 LanmanWorkstation - ok
10:01:42.0098 0596 Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
10:01:42.0114 0596 Lavasoft Ad-Aware Service - ok
10:01:42.0145 0596 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
10:01:42.0160 0596 Lavasoft Kernexplorer - ok
10:01:42.0223 0596 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
10:01:42.0223 0596 Lbd - ok
10:01:42.0254 0596 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:01:42.0285 0596 lltdio - ok
10:01:42.0316 0596 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:01:42.0363 0596 lltdsvc - ok
10:01:42.0379 0596 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:01:42.0394 0596 lmhosts - ok
10:01:42.0426 0596 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:01:42.0426 0596 LSI_FC - ok
10:01:42.0441 0596 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:01:42.0441 0596 LSI_SAS - ok
10:01:42.0457 0596 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:01:42.0457 0596 LSI_SAS2 - ok
10:01:42.0488 0596 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:01:42.0488 0596 LSI_SCSI - ok
10:01:42.0504 0596 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:01:42.0535 0596 luafv - ok
10:01:42.0566 0596 MBAMProtector - ok
10:01:42.0613 0596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:01:42.0628 0596 MBAMService - ok
10:01:42.0644 0596 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:01:42.0675 0596 Mcx2Svc - ok
10:01:42.0691 0596 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:01:42.0706 0596 megasas - ok
10:01:42.0722 0596 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:01:42.0738 0596 MegaSR - ok
10:01:42.0784 0596 Microsoft SharePoint Workspace Audit Service - ok
10:01:42.0816 0596 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:01:42.0847 0596 MMCSS - ok
10:01:42.0862 0596 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:01:42.0909 0596 Modem - ok
10:01:42.0940 0596 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:01:42.0956 0596 monitor - ok
10:01:43.0003 0596 MotioninJoyXFilter (65ed1932bcfe5003389d65f6c3ef51c8) C:\Windows\system32\DRIVERS\MijXfilt.sys
10:01:43.0003 0596 MotioninJoyXFilter - ok
10:01:43.0034 0596 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:01:43.0034 0596 mouclass - ok
10:01:43.0050 0596 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:01:43.0081 0596 mouhid - ok
10:01:43.0112 0596 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:01:43.0112 0596 mountmgr - ok
10:01:43.0143 0596 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:01:43.0159 0596 MpFilter - ok
10:01:43.0174 0596 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:01:43.0174 0596 mpio - ok
10:01:43.0190 0596 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:01:43.0221 0596 mpsdrv - ok
10:01:43.0252 0596 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:01:43.0299 0596 MpsSvc - ok
10:01:43.0330 0596 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:01:43.0362 0596 MRxDAV - ok
10:01:43.0393 0596 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:43.0424 0596 mrxsmb - ok
10:01:43.0440 0596 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:43.0455 0596 mrxsmb10 - ok
10:01:43.0471 0596 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:43.0486 0596 mrxsmb20 - ok
10:01:43.0502 0596 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:01:43.0502 0596 msahci - ok
10:01:43.0518 0596 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:01:43.0518 0596 msdsm - ok
10:01:43.0533 0596 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:01:43.0564 0596 MSDTC - ok
10:01:43.0596 0596 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:01:43.0611 0596 Msfs - ok
10:01:43.0627 0596 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:01:43.0642 0596 mshidkmdf - ok
10:01:43.0658 0596 MSICDSetup - ok
10:01:43.0658 0596 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:01:43.0658 0596 msisadrv - ok
10:01:43.0689 0596 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:01:43.0720 0596 MSiSCSI - ok
10:01:43.0736 0596 msiserver - ok
10:01:43.0767 0596 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:01:43.0798 0596 MSKSSRV - ok
10:01:43.0845 0596 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:01:43.0861 0596 MsMpSvc - ok
10:01:43.0861 0596 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:43.0892 0596 MSPCLOCK - ok
10:01:43.0908 0596 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:01:43.0954 0596 MSPQM - ok
10:01:43.0986 0596 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:01:44.0001 0596 MsRPC - ok
10:01:44.0017 0596 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:01:44.0017 0596 mssmbios - ok
10:01:44.0032 0596 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:01:44.0079 0596 MSTEE - ok
10:01:44.0095 0596 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:01:44.0095 0596 MTConfig - ok
10:01:44.0110 0596 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:01:44.0126 0596 Mup - ok
10:01:44.0142 0596 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:01:44.0188 0596 napagent - ok
10:01:44.0220 0596 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:01:44.0235 0596 NativeWifiP - ok
10:01:44.0282 0596 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:01:44.0298 0596 NDIS - ok
10:01:44.0313 0596 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:01:44.0329 0596 NdisCap - ok
10:01:44.0344 0596 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:44.0391 0596 NdisTapi - ok
10:01:44.0407 0596 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:44.0454 0596 Ndisuio - ok
10:01:44.0485 0596 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:44.0516 0596 NdisWan - ok
10:01:44.0547 0596 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:01:44.0563 0596 NDProxy - ok
10:01:44.0594 0596 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:01:44.0625 0596 NetBIOS - ok
10:01:44.0656 0596 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:01:44.0703 0596 NetBT - ok
10:01:44.0734 0596 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:44.0750 0596 Netlogon - ok
10:01:44.0781 0596 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:01:44.0812 0596 Netman - ok
10:01:44.0844 0596 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:01:44.0875 0596 netprofm - ok
10:01:44.0937 0596 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:44.0937 0596 NetTcpPortSharing - ok
10:01:44.0968 0596 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:01:44.0984 0596 nfrd960 - ok
10:01:45.0015 0596 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:01:45.0015 0596 NisDrv - ok
10:01:45.0062 0596 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:01:45.0062 0596 NisSrv - ok
10:01:45.0109 0596 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:01:45.0140 0596 NlaSvc - ok
10:01:45.0171 0596 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:01:45.0187 0596 Npfs - ok
10:01:45.0202 0596 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:01:45.0249 0596 nsi - ok
10:01:45.0280 0596 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:01:45.0312 0596 nsiproxy - ok
10:01:45.0374 0596 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:01:45.0405 0596 Ntfs - ok
10:01:45.0452 0596 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:01:45.0483 0596 Null - ok
10:01:45.0499 0596 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:01:45.0499 0596 nusb3hub - ok
10:01:45.0514 0596 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:01:45.0561 0596 nusb3xhc - ok
10:01:45.0592 0596 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
10:01:45.0608 0596 NVHDA - ok
10:01:45.0920 0596 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:01:46.0170 0596 nvlddmkm - ok
10:01:46.0232 0596 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:01:46.0248 0596 nvraid - ok
10:01:46.0248 0596 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:01:46.0263 0596 nvstor - ok
10:01:46.0294 0596 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
10:01:46.0310 0596 nvsvc - ok
10:01:46.0419 0596 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:01:46.0466 0596 nvUpdatusService - ok
10:01:46.0528 0596 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:01:46.0544 0596 nv_agp - ok
10:01:46.0544 0596 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:01:46.0560 0596 ohci1394 - ok
10:01:46.0606 0596 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:46.0622 0596 ose64 - ok
10:01:46.0747 0596 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:01:46.0872 0596 osppsvc - ok
10:01:46.0918 0596 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:01:46.0965 0596 p2pimsvc - ok
10:01:46.0981 0596 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:01:46.0981 0596 p2psvc - ok
10:01:47.0012 0596 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:01:47.0012 0596 Parport - ok
10:01:47.0043 0596 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:01:47.0043 0596 partmgr - ok
10:01:47.0059 0596 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:01:47.0090 0596 PcaSvc - ok
10:01:47.0121 0596 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:01:47.0121 0596 pci - ok
10:01:47.0137 0596 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:01:47.0137 0596 pciide - ok
10:01:47.0152 0596 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:01:47.0168 0596 pcmcia - ok
10:01:47.0184 0596 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:01:47.0184 0596 pcw - ok
10:01:47.0199 0596 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:01:47.0246 0596 PEAUTH - ok
10:01:47.0308 0596 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:01:47.0355 0596 PerfHost - ok
10:01:47.0449 0596 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:01:47.0480 0596 pla - ok
10:01:47.0511 0596 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:01:47.0558 0596 PlugPlay - ok
10:01:47.0589 0596 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:01:47.0605 0596 PNRPAutoReg - ok
10:01:47.0636 0596 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:01:47.0636 0596 PNRPsvc - ok
10:01:47.0683 0596 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:01:47.0730 0596 PolicyAgent - ok
10:01:47.0745 0596 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:01:47.0792 0596 Power - ok
10:01:47.0839 0596 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:01:47.0870 0596 PptpMiniport - ok
10:01:47.0901 0596 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:01:47.0932 0596 Processor - ok
10:01:47.0964 0596 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:01:48.0010 0596 ProfSvc - ok
10:01:48.0026 0596 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:48.0026 0596 ProtectedStorage - ok
10:01:48.0057 0596 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:01:48.0104 0596 Psched - ok
10:01:48.0151 0596 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
10:01:48.0151 0596 PxHlpa64 - ok
10:01:48.0198 0596 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:01:48.0244 0596 ql2300 - ok
10:01:48.0307 0596 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:01:48.0307 0596 ql40xx - ok
10:01:48.0322 0596 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:01:48.0338 0596 QWAVE - ok
10:01:48.0354 0596 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:01:48.0354 0596 QWAVEdrv - ok
10:01:48.0369 0596 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:01:48.0400 0596 RasAcd - ok
10:01:48.0432 0596 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:01:48.0463 0596 RasAgileVpn - ok
10:01:48.0494 0596 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:01:48.0525 0596 RasAuto - ok
10:01:48.0556 0596 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:48.0588 0596 Rasl2tp - ok
10:01:48.0619 0596 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:01:48.0650 0596 RasMan - ok
10:01:48.0650 0596 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:48.0681 0596 RasPppoe - ok
10:01:48.0712 0596 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:01:48.0744 0596 RasSstp - ok
10:01:48.0775 0596 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:01:48.0806 0596 rdbss - ok
10:01:48.0822 0596 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:01:48.0822 0596 rdpbus - ok
10:01:48.0837 0596 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:48.0853 0596 RDPCDD - ok
10:01:48.0868 0596 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:01:48.0900 0596 RDPENCDD - ok
10:01:48.0931 0596 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:01:48.0946 0596 RDPREFMP - ok
10:01:48.0962 0596 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:01:48.0978 0596 RDPWD - ok
10:01:49.0009 0596 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:01:49.0009 0596 rdyboost - ok
10:01:49.0024 0596 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:01:49.0056 0596 RemoteAccess - ok
10:01:49.0071 0596 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:01:49.0102 0596 RemoteRegistry - ok
10:01:49.0118 0596 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:01:49.0165 0596 RpcEptMapper - ok
10:01:49.0180 0596 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:01:49.0212 0596 RpcLocator - ok
10:01:49.0243 0596 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:01:49.0274 0596 RpcSs - ok
10:01:49.0290 0596 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:01:49.0305 0596 rspndr - ok
10:01:49.0352 0596 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:01:49.0368 0596 RTL8167 - ok
10:01:49.0368 0596 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:49.0383 0596 SamSs - ok
10:01:49.0414 0596 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:01:49.0414 0596 SASDIFSV - ok
10:01:49.0430 0596 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:01:49.0446 0596 SASKUTIL - ok
10:01:49.0461 0596 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:01:49.0461 0596 sbp2port - ok
10:01:49.0492 0596 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:01:49.0524 0596 SCardSvr - ok
10:01:49.0539 0596 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:01:49.0570 0596 scfilter - ok
10:01:49.0617 0596 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:01:49.0664 0596 Schedule - ok
10:01:49.0695 0596 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:01:49.0711 0596 SCPolicySvc - ok
10:01:49.0726 0596 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:01:49.0773 0596 SDRSVC - ok
10:01:49.0804 0596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:01:49.0836 0596 secdrv - ok
10:01:49.0851 0596 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:01:49.0882 0596 seclogon - ok
10:01:49.0914 0596 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:01:49.0945 0596 SENS - ok
10:01:49.0960 0596 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:01:49.0976 0596 SensrSvc - ok
10:01:50.0007 0596 Ser2pl (3dc3ec72952bd60c438e397781ff0572) C:\Windows\system32\DRIVERS\ser2pl64.sys
10:01:50.0023 0596 Ser2pl - ok
10:01:50.0038 0596 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:01:50.0070 0596 Serenum - ok
10:01:50.0101 0596 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:01:50.0116 0596 Serial - ok
10:01:50.0132 0596 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:01:50.0163 0596 sermouse - ok
10:01:50.0194 0596 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:01:50.0226 0596 SessionEnv - ok
10:01:50.0241 0596 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:01:50.0257 0596 sffdisk - ok
10:01:50.0257 0596 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:01:50.0272 0596 sffp_mmc - ok
10:01:50.0272 0596 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:01:50.0304 0596 sffp_sd - ok
10:01:50.0319 0596 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:01:50.0350 0596 sfloppy - ok
10:01:50.0382 0596 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:01:50.0413 0596 SharedAccess - ok
10:01:50.0444 0596 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:01:50.0491 0596 ShellHWDetection - ok
10:01:50.0522 0596 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:01:50.0522 0596 SiSRaid2 - ok
10:01:50.0538 0596 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:01:50.0538 0596 SiSRaid4 - ok
10:01:50.0569 0596 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
10:01:50.0584 0596 SmartDefragDriver - ok
10:01:50.0600 0596 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:01:50.0616 0596 Smb - ok
10:01:50.0647 0596 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:01:50.0662 0596 SNMPTRAP - ok
10:01:50.0694 0596 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:01:50.0694 0596 spldr - ok
10:01:50.0725 0596 Spooler (85daa09a98c9286d4ea2ba8d0e644377) C:\Windows\System32\spoolsv.exe
10:01:50.0772 0596 Spooler - ok
10:01:50.0865 0596 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:01:50.0943 0596 sppsvc - ok
10:01:51.0006 0596 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:01:51.0037 0596 sppuinotify - ok
10:01:51.0084 0596 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:01:51.0130 0596 srv - ok
10:01:51.0146 0596 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:01:51.0177 0596 srv2 - ok
10:01:51.0193 0596 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:01:51.0193 0596 srvnet - ok
10:01:51.0224 0596 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:01:51.0271 0596 SSDPSRV - ok
10:01:51.0286 0596 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:01:51.0318 0596 SstpSvc - ok
10:01:51.0349 0596 Steam Client Service - ok
10:01:51.0411 0596 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:01:51.0411 0596 Stereo Service - ok
10:01:51.0427 0596 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:01:51.0442 0596 stexstor - ok
10:01:51.0489 0596 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:01:51.0520 0596 stisvc - ok
10:01:51.0536 0596 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:01:51.0536 0596 swenum - ok
10:01:51.0583 0596 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:01:51.0630 0596 swprv - ok
10:01:51.0692 0596 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:01:51.0739 0596 SysMain - ok
10:01:51.0801 0596 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:01:51.0832 0596 TabletInputService - ok
10:01:51.0864 0596 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:01:51.0895 0596 TapiSrv - ok
10:01:51.0910 0596 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:01:51.0926 0596 TBS - ok
10:01:52.0004 0596 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:01:52.0051 0596 Tcpip - ok
10:01:52.0160 0596 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:01:52.0176 0596 TCPIP6 - ok
10:01:52.0222 0596 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:01:52.0269 0596 tcpipreg - ok
10:01:52.0300 0596 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:01:52.0316 0596 TDPIPE - ok
10:01:52.0332 0596 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:01:52.0347 0596 TDTCP - ok
10:01:52.0394 0596 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:01:52.0410 0596 tdx - ok
10:01:52.0425 0596 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:01:52.0441 0596 TermDD - ok
10:01:52.0456 0596 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:01:52.0488 0596 TermService - ok
10:01:52.0503 0596 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:01:52.0534 0596 Themes - ok
10:01:52.0581 0596 Thermnaltake MS1 Filter (ba88982a6644dd907ab87fef4171699b) C:\Windows\system32\Drivers\MS1Filter.sys
10:01:52.0581 0596 Thermnaltake MS1 Filter - ok
10:01:52.0612 0596 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:01:52.0628 0596 THREADORDER - ok
10:01:52.0644 0596 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:01:52.0659 0596 TrkWks - ok
10:01:52.0706 0596 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:01:52.0737 0596 TrustedInstaller - ok
10:01:52.0753 0596 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:52.0800 0596 tssecsrv - ok
10:01:52.0831 0596 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:01:52.0878 0596 TsUsbFlt - ok
10:01:52.0909 0596 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:01:52.0940 0596 tunnel - ok
10:01:52.0971 0596 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:01:52.0987 0596 uagp35 - ok
10:01:53.0002 0596 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:01:53.0049 0596 udfs - ok
10:01:53.0065 0596 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:01:53.0096 0596 UI0Detect - ok
10:01:53.0127 0596 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:01:53.0143 0596 uliagpkx - ok
10:01:53.0158 0596 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:01:53.0174 0596 umbus - ok
10:01:53.0221 0596 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:01:53.0236 0596 UmPass - ok
10:01:53.0268 0596 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:01:53.0299 0596 upnphost - ok
10:01:53.0330 0596 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:01:53.0361 0596 USBAAPL64 - ok
10:01:53.0392 0596 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:01:53.0392 0596 usbaudio - ok
10:01:53.0424 0596 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:53.0424 0596 usbccgp - ok
10:01:53.0439 0596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:01:53.0455 0596 usbcir - ok
10:01:53.0470 0596 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:01:53.0502 0596 usbehci - ok
10:01:53.0517 0596 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:01:53.0533 0596 usbfilter - ok
10:01:53.0548 0596 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:01:53.0564 0596 usbhub - ok
10:01:53.0595 0596 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:01:53.0611 0596 usbohci - ok
10:01:53.0642 0596 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:01:53.0673 0596 usbprint - ok
10:01:53.0689 0596 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:01:53.0704 0596 USBSTOR - ok
10:01:53.0720 0596 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:01:53.0736 0596 usbuhci - ok
10:01:53.0767 0596 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:01:53.0814 0596 UxSms - ok
10:01:53.0845 0596 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:01:53.0845 0596 VaultSvc - ok
10:01:53.0860 0596 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:01:53.0876 0596 vdrvroot - ok
10:01:53.0907 0596 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:01:53.0938 0596 vds - ok
10:01:53.0970 0596 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:53.0970 0596 vga - ok
10:01:53.0985 0596 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:01:54.0016 0596 VgaSave - ok
10:01:54.0032 0596 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:01:54.0048 0596 vhdmp - ok
10:01:54.0079 0596 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:01:54.0094 0596 viaide - ok
10:01:54.0126 0596 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:01:54.0126 0596 volmgr - ok
10:01:54.0157 0596 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:01:54.0172 0596 volmgrx - ok
10:01:54.0188 0596 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:01:54.0204 0596 volsnap - ok
10:01:54.0219 0596 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:01:54.0235 0596 vsmraid - ok
10:01:54.0328 0596 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:01:54.0406 0596 VSS - ok
10:01:54.0516 0596 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:01:54.0531 0596 vwifibus - ok
10:01:54.0594 0596 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:01:54.0609 0596 W32Time - ok
10:01:54.0625 0596 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:01:54.0625 0596 WacomPen - ok
10:01:54.0656 0596 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:54.0703 0596 WANARP - ok
10:01:54.0703 0596 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:54.0718 0596 Wanarpv6 - ok
10:01:54.0781 0596 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:01:54.0812 0596 WatAdminSvc - ok
10:01:54.0859 0596 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:01:54.0906 0596 wbengine - ok
10:01:54.0968 0596 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:01:54.0984 0596 WbioSrvc - ok
10:01:54.0999 0596 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:01:55.0030 0596 wcncsvc - ok
10:01:55.0046 0596 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:01:55.0062 0596 WcsPlugInService - ok
10:01:55.0093 0596 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:01:55.0093 0596 Wd - ok
10:01:55.0124 0596 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:01:55.0140 0596 Wdf01000 - ok
10:01:55.0140 0596 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:01:55.0202 0596 WdiServiceHost - ok
10:01:55.0202 0596 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:01:55.0202 0596 WdiSystemHost - ok
10:01:55.0233 0596 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:01:55.0264 0596 WebClient - ok
10:01:55.0296 0596 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:01:55.0327 0596 Wecsvc - ok
10:01:55.0342 0596 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:01:55.0389 0596 wercplsupport - ok
10:01:55.0405 0596 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:01:55.0452 0596 WerSvc - ok
10:01:55.0498 0596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:01:55.0514 0596 WfpLwf - ok
10:01:55.0530 0596 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:01:55.0530 0596 WIMMount - ok
10:01:55.0545 0596 WinDefend - ok
10:01:55.0561 0596 WinHttpAutoProxySvc - ok
10:01:55.0639 0596 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:01:55.0670 0596 Winmgmt - ok
10:01:55.0717 0596 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:01:55.0795 0596 WinRM - ok
10:01:55.0873 0596 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:01:55.0888 0596 WinUsb - ok
10:01:56.0200 0596 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:01:56.0263 0596 Wlansvc - ok
10:01:56.0731 0596 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:01:56.0793 0596 wlidsvc - ok
10:01:56.0918 0596 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:01:56.0949 0596 WmiAcpi - ok
10:01:56.0996 0596 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:01:56.0996 0596 wmiApSrv - ok
10:01:57.0027 0596 WMPNetworkSvc - ok
10:01:57.0058 0596 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:01:57.0074 0596 WPCSvc - ok
10:01:57.0090 0596 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:01:57.0121 0596 WPDBusEnum - ok
10:01:57.0121 0596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:01:57.0152 0596 ws2ifsl - ok
10:01:57.0168 0596 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:01:57.0199 0596 wscsvc - ok
10:01:57.0199 0596 WSearch - ok
10:01:57.0277 0596 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:01:57.0324 0596 wuauserv - ok
10:01:57.0386 0596 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:01:57.0433 0596 WudfPf - ok
10:01:57.0464 0596 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:57.0511 0596 WUDFRd - ok
10:01:57.0589 0596 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:01:57.0604 0596 wudfsvc - ok
10:01:57.0776 0596 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:01:57.0870 0596 WwanSvc - ok
10:01:57.0948 0596 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
10:01:57.0963 0596 xusb21 - ok
10:01:57.0979 0596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:01:58.0166 0596 \Device\Harddisk0\DR0 - ok
10:01:58.0182 0596 Boot (0x1200) (11d885545993d6c736310831660e9fcd) \Device\Harddisk0\DR0\Partition0
10:01:58.0182 0596 \Device\Harddisk0\DR0\Partition0 - ok
10:01:58.0197 0596 Boot (0x1200) (9c9a128499d85d89f8b78b9961d6b089) \Device\Harddisk0\DR0\Partition1
10:01:58.0197 0596 \Device\Harddisk0\DR0\Partition1 - ok
10:01:58.0197 0596 ============================================================
10:01:58.0197 0596 Scan finished
10:01:58.0197 0596 ============================================================
10:01:58.0213 1740 Detected object count: 1
10:01:58.0213 1740 Actual detected object count: 1
10:03:00.0048 1740 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
10:03:00.0048 1740 HKLM\SYSTEM\ControlSet001\services\IDriverT - will be deleted on reboot
10:03:00.0079 1740 HKLM\SYSTEM\ControlSet002\services\IDriverT - will be deleted on reboot
10:03:00.0204 1740 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - will be deleted on reboot
10:03:00.0204 1740 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Delete
10:03:23.0167 0976 Deinitialize success

this is the tdss killer log, note that the r killer worked correctly but i could not open tdss killer, so i tried undetectable tdss killer and it worked... now i am running super anti spyware and im gonna post you the results next

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 08 September 2012 - 10:11 AM

Ok,thanks let me know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Domlaz

Domlaz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 September 2012 - 10:23 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2012 at 10:39 AM

Application Version : 5.5.1016

Core Rules Database Version : 9198
Trace Rules Database Version: 7010

Scan type : Complete Scan
Total Scan Time : 00:29:52

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 66074
Registry threats detected : 0
File items scanned : 50949
File threats detected : 42

Adware.Tracking Cookie
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\E3AI5RZQ.txt [ /media.legrandclub.rds.ca ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\2FM3JMMG.txt [ /atdmt.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\1Q9IWU21.txt [ /adserver.adtechus.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\QYPVIHRR.txt [ /realmedia.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\JEGFWPHR.txt [ /doubleclick.net ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\5S6XJ5RG.txt [ /click.gethotresults.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\AKC26N0Z.txt [ /media6degrees.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\5O1P4RDM.txt [ /imrworldwide.com ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\5JTHCSJL.txt [ /revsci.net ]
C:\Users\Dom\AppData\Roaming\Microsoft\Windows\Cookies\54YI4JKU.txt [ /network.realmedia.com ]
C:\USERS\DOM\Cookies\2FM3JMMG.txt [ Cookie:dom@atdmt.com/ ]
C:\USERS\DOM\Cookies\1Q9IWU21.txt [ Cookie:dom@adserver.adtechus.com/ ]
C:\USERS\DOM\Cookies\QYPVIHRR.txt [ Cookie:dom@realmedia.com/ ]
C:\USERS\DOM\Cookies\JEGFWPHR.txt [ Cookie:dom@doubleclick.net/ ]
C:\USERS\DOM\Cookies\AKC26N0Z.txt [ Cookie:dom@media6degrees.com/ ]
C:\USERS\DOM\Cookies\5O1P4RDM.txt [ Cookie:dom@imrworldwide.com/cgi-bin ]
C:\USERS\DOM\Cookies\5JTHCSJL.txt [ Cookie:dom@revsci.net/ ]
C:\USERS\DOM\Cookies\54YI4JKU.txt [ Cookie:dom@network.realmedia.com/ ]
.doubleclick.net [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd1.netshelter.net [ C:\USERS\DOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trace.Known Threat Sources
C:\USERS\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWS8QJLQ\crossdomainCAB2P94K.xml [ cache:wista ]
C:\USERS\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PL3AJZF\59b8caa9266b8_2174314[1].flv [ cache:wista ]
C:\USERS\DOM\Local Settings\Temporary Internet Files\Content.IE5\DWS8QJLQ\crossdomainCAB2P94K.xml [ cache:wista ]
C:\USERS\DOM\Local Settings\Temporary Internet Files\Content.IE5\2PL3AJZF\59b8caa9266b8_2174314[1].flv [ cache:wista ]


still redirecting .... and my browser is slow

and i still cant open tdsskiller normal version, it mean i still have a process that stop it right?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 08 September 2012 - 06:21 PM

It does appear there is still something here.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use the Firefox or Chrome browser?



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Domlaz

Domlaz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 September 2012 - 09:37 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Dom (administrator) on 09-09-2012 at 22:36:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dom-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-3C-A7-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6c5f:4689:f0f5:99e1%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 08, 2012 2:41:30 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 10:23:12 PM
Default Gateway . . . . . . . . . : fe80::5ed9:98ff:fe66:e548%10
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D87B9CEC-7973-4BE1-9CB1-63821D939E56}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c0a:158d:524f:ead6(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c0a:158d:524f:ead6%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1006
74.125.228.3
74.125.228.5
74.125.228.9
74.125.228.2
74.125.228.14
74.125.228.0
74.125.228.4
74.125.228.6
74.125.228.7
74.125.228.8
74.125.228.1


Pinging google.com [74.125.228.1] with 32 bytes of data:
Reply from 74.125.228.1: bytes=32 time=27ms TTL=56
Reply from 74.125.228.1: bytes=32 time=26ms TTL=56

Ping statistics for 74.125.228.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=349ms TTL=52
Reply from 72.30.38.140: bytes=32 time=334ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 334ms, Maximum = 349ms, Average = 341ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...6c 62 6d 3c a7 90 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 276
192.168.0.100 255.255.255.255 On-link 192.168.0.100 276
192.168.0.255 255.255.255.255 On-link 192.168.0.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
10 276 ::/0 fe80::5ed9:98ff:fe66:e548
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:1c0a:158d:524f:ead6/128
On-link
10 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::1c0a:158d:524f:ead6/128
On-link
10 276 fe80::6c5f:4689:f0f5:99e1/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/09/2012 10:33:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00d82bfd
Faulting process id: 0xd60
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/08/2012 05:37:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.89, time stamp: 0x503ebf10
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00372bfd
Faulting process id: 0x1700
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (09/07/2012 07:53:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {aa59d596-be71-4ed1-a9a7-b8bcfbda15de}

Error: (09/04/2012 11:00:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time stamp: 0x4fecfb0e
Exception code: 0xc0000005
Fault offset: 0x00227104
Faulting process id: 0x12d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/03/2012 08:22:31 PM) (Source: Application Hang) (User: )
Description: The program BitTorrent.exe version 7.6.1.27328 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 160c

Start Time: 01cd8a31417fca72

Termination Time: 16

Application Path: C:\Program Files (x86)\BitTorrent\BitTorrent.exe

Report Id: 9bc49234-f626-11e1-ad62-6c626d3ca790

Error: (09/02/2012 09:16:21 AM) (Source: Application Hang) (User: )
Description: The program Borderlands.exe version 1.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ae0

Start Time: 01cd890d1a4ab11a

Termination Time: 18

Application Path: C:\Program Files (x86)\Borderlands\binaries\Borderlands.exe

Report Id: 5f82d471-f500-11e1-8ace-6c626d3ca790

Error: (08/22/2012 10:08:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: MSHTML.dll, version: 9.0.8112.16448, time stamp: 0x4fecfb0e
Exception code: 0xc0000005
Fault offset: 0x0041a2f4
Faulting process id: 0xdac
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/19/2012 11:37:31 PM) (Source: Application Hang) (User: )
Description: The program rpc.exe version 4.12.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9d4

Start Time: 01cd7e8511ab349a

Termination Time: 16

Application Path: C:\Program Files (x86)\RAR Password Cracker\rpc.exe

Report Id: 5d28fc50-ea78-11e1-9929-6c626d3ca790

Error: (08/19/2012 11:36:54 PM) (Source: Application Hang) (User: )
Description: The program rpc.exe version 4.12.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c6c

Start Time: 01cd7e84b5f503d0

Termination Time: 15

Application Path: C:\Program Files (x86)\RAR Password Cracker\rpc.exe

Report Id: 46427ccd-ea78-11e1-9929-6c626d3ca790

Error: (08/12/2012 00:30:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xd432bde6
Faulting process id: 0xc98
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (09/09/2012 08:37:27 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer DOM-LAPTOP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D87B9CEC-7973-4BE1-9CB1-63821D939E56}.
The master browser is stopping or an election is being forced.

Error: (09/09/2012 11:17:30 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (09/08/2012 01:27:17 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (09/08/2012 01:27:17 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (09/08/2012 00:19:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/08/2012 00:19:16 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (09/08/2012 00:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/08/2012 00:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/08/2012 00:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/08/2012 00:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/09/2012 10:33:19 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164484fecf1b7unknown0.0.0.000000000c000040900d82bfdd6001cd8efc42b47b99C:\Program Files (x86)\Internet Explorer\iexplore.exeunknowne1345423-faef-11e1-aa03-6c626d3ca790

Error: (09/08/2012 05:37:12 PM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.89503ebf10unknown0.0.0.000000000c000040900372bfd170001cd8e09fd3fddbeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown5952fa78-f9fd-11e1-aa03-6c626d3ca790

Error: (09/07/2012 07:53:23 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {aa59d596-be71-4ed1-a9a7-b8bcfbda15de}

Error: (09/04/2012 11:00:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164484fecf1b7MSHTML.dll9.0.8112.164484fecfb0ec00000050022710412d001cd8af9522f560aC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc90ffecb-f705-11e1-b5f0-6c626d3ca790

Error: (09/03/2012 08:22:31 PM) (Source: Application Hang)(User: )
Description: BitTorrent.exe7.6.1.27328160c01cd8a31417fca7216C:\Program Files (x86)\BitTorrent\BitTorrent.exe9bc49234-f626-11e1-ad62-6c626d3ca790

Error: (09/02/2012 09:16:21 AM) (Source: Application Hang)(User: )
Description: Borderlands.exe1.3.0.0ae001cd890d1a4ab11a18C:\Program Files (x86)\Borderlands\binaries\Borderlands.exe5f82d471-f500-11e1-8ace-6c626d3ca790

Error: (08/22/2012 10:08:36 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164484fecf1b7MSHTML.dll9.0.8112.164484fecfb0ec00000050041a2f4dac01cd80a801b1aaa0C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll72399f46-ecc7-11e1-a314-6c626d3ca790

Error: (08/19/2012 11:37:31 PM) (Source: Application Hang)(User: )
Description: rpc.exe4.12.0.09d401cd7e8511ab349a16C:\Program Files (x86)\RAR Password Cracker\rpc.exe5d28fc50-ea78-11e1-9929-6c626d3ca790

Error: (08/19/2012 11:36:54 PM) (Source: Application Hang)(User: )
Description: rpc.exe4.12.0.01c6c01cd7e84b5f503d015C:\Program Files (x86)\RAR Password Cracker\rpc.exe46427ccd-ea78-11e1-9929-6c626d3ca790

Error: (08/12/2012 00:30:55 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c0000005d432bde6c9801cd78a5a6c72cfbC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown166a60c1-e49b-11e1-b023-6c626d3ca790


=========================== Installed Programs ============================

Ad-Aware (Version: 9.0.7)
Adobe AIR (Version: 3.1.0.4880)
Adobe Download Assistant (Version: 1.2.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
BitTorrent (Version: 7.6.1)
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.22)
Cisco Packet Tracer 5.3.3
Counter-Strike: Source
DAEMON Tools Lite (Version: 4.45.3.0297)
Dark Souls: Prepare to Die Edition
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Diablo III (Version: 1.0.2.9991)
Dota 2
Elements 10 Organizer (Version: 10.0)
EVE Online (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - French/Franšais (Version: 14.0.6029.1000)
Microsoft Office O MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office X MUI (French) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.6106.5001)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA 3D Vision Driver 295.73 (Version: 295.73)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9573)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
ph (Version: 1.0.0)
PSE10 STI Installer (Version: 10.0)
Razer Arctosa (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6278)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Smart Defrag 2 (Version: 2.3)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.5.1016)
SV8100 PCPro (Version: 6.00)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.5.1.0)
Trojan Remover 6.8.4 (Version: 6.8.4)
Tt eSPORTS BLACK (Version: 0.0.1)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
VLC media player 1.1.5 (Version: 1.1.5)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 8191.18 MB
Available physical RAM: 5688.04 MB
Total Pagefile: 16380.55 MB
Available Pagefile: 13531.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.64 GB) (Free:362.12 GB) NTFS
2 Drive d: (Repair disc 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DOM-PC

Administrator Dom Guest
UpdatusUser

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#8 Domlaz

Domlaz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 September 2012 - 09:40 PM

it wont let me run FixTDSS and aswMBR

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:04 PM

Posted 10 September 2012 - 07:49 PM

Sorry for the delay,had a family emergency.. Looks like a few derious infections in here and we need some assistance removing them..
Mention this topic in new post.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users