Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404 nginx


  • Please log in to reply
11 replies to this topic

#1 Jonathan589

Jonathan589

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 04:04 AM

Windows 7 Ultimate 64-bit. IE9 and Chrome browsers.

It started two or three weeks ago that ads started popping up in bottom corners of my monitor screen. Then clicking on links in a site I use all the time (www.ancestry.co.uk) would give me a blank screen except for "404 error nginx". The ads and the 404 message usually look home made, often in a Times font. Occasionally a link is redirected to somewhere else vaguely related to what I wanted, such as computer help sites when I clicked links in this site to read the guidance for posters! Google and the BBC seem free of these interferences, but I suffer when browsing other sites. Searching the internet for help often pointed me at Combofix and Bleeping Computers.

I had been using just MS Security Essentials, but tried running SuperAntiSpyware and AdAware (both still a-going) in Safe mode, emptying recycle bin, and when connected too. Ditto CWShredder. Ditto MS's Mr Fixit. All found something in cookies and trojans, but not much and immediately eliminated. At some stage I emptied Temp and Temp Internet Files, being surprised I had so many of the latter because my IE settings include emptying that folder every time I close it.

One of the links in the popups was to ad.xtendmedia.com, so I searched the registry for xtendmedia and found nothing.

I changed my IE settings and tried Chrome - no difference until yesterday when IE now takes 1-2 minutes to load anything after Google but Chrome still works quickly. Then I wiped an old HDD I'd added (months ago) to this machine, formatted it and since then have CHDSKed all the drives.

None of these has made a difference to the redirection and it's very frustrating. My computer files are tidier as a result which is a good thing, but I am really tired of this hijacking business and would be very grateful for further suggestions.

Thanks

Jonathan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 04:06 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Jonathan589

Jonathan589
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 09:45 AM

Thank you for your suggestions. In my earlier post I forgot to mention (a) that I'd checked my Hosts file and found it fine and (b ) running full scans usually ended with blue screens but not when I ran 'em in safe mode. I didn't use safe mode when running the three apps you suggested and they didn't blue-screen.

Here follow the three log files. The I: and J: drives are secondary HDDs: I internal, J external. I neglected to turn off AdAware and SuperAntiSpyware until after running TDSSkiller and aswMBR. Should I redo these?

Thanks, Jonathan

TDSSkiller:

14:16:21.0303 4964 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:16:21.0516 4964 ============================================================
14:16:21.0516 4964 Current date / time: 2012/10/07 14:16:21.0516
14:16:21.0516 4964 SystemInfo:
14:16:21.0516 4964
14:16:21.0516 4964 OS Version: 6.1.7601 ServicePack: 1.0
14:16:21.0516 4964 Product type: Workstation
14:16:21.0517 4964 ComputerName: JONATHAN589-PC
14:16:21.0517 4964 UserName: Jonathan589
14:16:21.0517 4964 Windows directory: C:\Windows
14:16:21.0517 4964 System windows directory: C:\Windows
14:16:21.0517 4964 Running under WOW64
14:16:21.0517 4964 Processor architecture: Intel x64
14:16:21.0517 4964 Number of processors: 4
14:16:21.0517 4964 Page size: 0x1000
14:16:21.0517 4964 Boot type: Normal boot
14:16:21.0517 4964 ============================================================
14:16:21.0729 4964 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize:

0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000040
14:16:21.0731 4964 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize:

0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags

0x00000040
14:16:21.0736 4964 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize:

0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000040
14:16:21.0738 4964 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize:

0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:16:21.0755 4964 ============================================================
14:16:21.0755 4964 \Device\Harddisk0\DR0:
14:16:21.0756 4964 MBR partitions:
14:16:21.0756 4964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum

0x32000
14:16:21.0756 4964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800,

BlocksNum 0xDF61800
14:16:21.0756 4964 \Device\Harddisk2\DR2:
14:16:21.0756 4964 MBR partitions:
14:16:21.0756 4964 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum

0x3A380D41
14:16:21.0756 4964 \Device\Harddisk1\DR1:
14:16:21.0756 4964 MBR partitions:
14:16:21.0756 4964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum

0x74705800
14:16:21.0756 4964 \Device\Harddisk3\DR3:
14:16:21.0756 4964 MBR partitions:
14:16:21.0756 4964 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum

0x17F9DED0
14:16:21.0776 4964 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x17F9DF4E,

BlocksNum 0xD48F773
14:16:21.0776 4964 ============================================================
14:16:21.0777 4964 C: <-> \Device\Harddisk0\DR0\Partition2
14:16:21.0778 4964 E: <-> \Device\Harddisk2\DR2\Partition1
14:16:21.0792 4964 I: <-> \Device\Harddisk1\DR1\Partition1
14:16:21.0793 4964 J: <-> \Device\Harddisk3\DR3\Partition1
14:16:21.0795 4964 K: <-> \Device\Harddisk3\DR3\Partition2
14:16:21.0795 4964 ============================================================
14:16:21.0796 4964 Initialize success
14:16:21.0796 4964 ============================================================
14:16:44.0412 4336 ============================================================
14:16:44.0412 4336 Scan started
14:16:44.0412 4336 Mode: Manual; TDLFS;
14:16:44.0412 4336 ============================================================
14:16:44.0484 4336 ================ Scan system memory ========================
14:16:44.0484 4336 System memory - ok
14:16:44.0484 4336 ================ Scan services =============================
14:16:44.0488 4336 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files

\SUPERAntiSpyware\SASCORE64.EXE
14:16:44.0489 4336 !SASCORE - ok
14:16:44.0516 4336 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows

\system32\drivers\1394ohci.sys
14:16:44.0518 4336 1394ohci - ok
14:16:44.0523 4336 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows

\system32\drivers\ACPI.sys
14:16:44.0525 4336 ACPI - ok
14:16:44.0526 4336 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows

\system32\drivers\acpipmi.sys
14:16:44.0527 4336 AcpiPmi - ok
14:16:44.0537 4336 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Program Files

(x86)\Ad-Aware Antivirus\AdAwareService.exe
14:16:44.0544 4336 Ad-Aware Service - ok
14:16:44.0547 4336 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:16:44.0548 4336 AdobeARMservice - ok
14:16:44.0566 4336 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:16:44.0569 4336 AdobeFlashPlayerUpdateSvc - ok
14:16:44.0574 4336 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows

\system32\drivers\adp94xx.sys
14:16:44.0577 4336 adp94xx - ok
14:16:44.0581 4336 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows

\system32\drivers\adpahci.sys
14:16:44.0583 4336 adpahci - ok
14:16:44.0586 4336 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows

\system32\drivers\adpu320.sys
14:16:44.0587 4336 adpu320 - ok
14:16:44.0590 4336 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows

\System32\aelupsvc.dll
14:16:44.0591 4336 AeLookupSvc - ok
14:16:44.0596 4336 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows

\system32\drivers\afd.sys
14:16:44.0599 4336 AFD - ok
14:16:44.0601 4336 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows

\system32\drivers\agp440.sys
14:16:44.0601 4336 agp440 - ok
14:16:44.0603 4336 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows

\System32\alg.exe
14:16:44.0604 4336 ALG - ok
14:16:44.0605 4336 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows

\system32\drivers\aliide.sys
14:16:44.0606 4336 aliide - ok
14:16:44.0607 4336 ALSysIO - ok
14:16:44.0611 4336 [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:

\Windows\system32\atiesrxx.exe
14:16:44.0613 4336 AMD External Events Utility - ok
14:16:44.0614 4336 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows

\system32\drivers\amdide.sys
14:16:44.0615 4336 amdide - ok
14:16:44.0616 4336 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows

\system32\drivers\amdk8.sys
14:16:44.0617 4336 AmdK8 - ok
14:16:44.0730 4336 [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag C:\Windows

\system32\DRIVERS\atikmdag.sys
14:16:44.0800 4336 amdkmdag - ok
14:16:44.0805 4336 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows

\system32\DRIVERS\atikmpag.sys
14:16:44.0806 4336 amdkmdap - ok
14:16:44.0808 4336 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows

\system32\drivers\amdppm.sys
14:16:44.0809 4336 AmdPPM - ok
14:16:44.0811 4336 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows

\system32\drivers\amdsata.sys
14:16:44.0812 4336 amdsata - ok
14:16:44.0815 4336 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows

\system32\drivers\amdsbs.sys
14:16:44.0817 4336 amdsbs - ok
14:16:44.0818 4336 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows

\system32\drivers\amdxata.sys
14:16:44.0818 4336 amdxata - ok
14:16:44.0820 4336 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows

\system32\drivers\appid.sys
14:16:44.0821 4336 AppID - ok
14:16:44.0822 4336 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows

\System32\appidsvc.dll
14:16:44.0823 4336 AppIDSvc - ok
14:16:44.0825 4336 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows

\System32\appinfo.dll
14:16:44.0826 4336 Appinfo - ok
14:16:44.0829 4336 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows

\System32\appmgmts.dll
14:16:44.0830 4336 AppMgmt - ok
14:16:44.0833 4336 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows

\system32\drivers\arc.sys
14:16:44.0833 4336 arc - ok
14:16:44.0835 4336 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows

\system32\drivers\arcsas.sys
14:16:44.0836 4336 arcsas - ok
14:16:44.0839 4336 [ E1E75921E9EB025009696D4837F531FB ] asmthub3 C:\Windows

\system32\drivers\asmthub3.sys
14:16:44.0839 4336 asmthub3 - ok
14:16:44.0843 4336 [ B0CF9AB16006B61634D4F955345CA5D2 ] asmtxhci C:\Windows

\system32\drivers\asmtxhci.sys
14:16:44.0844 4336 asmtxhci - ok
14:16:44.0846 4336 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows

\system32\DRIVERS\asyncmac.sys
14:16:44.0846 4336 AsyncMac - ok
14:16:44.0848 4336 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows

\system32\drivers\atapi.sys
14:16:44.0848 4336 atapi - ok
14:16:44.0851 4336 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows

\system32\drivers\AtihdW76.sys
14:16:44.0851 4336 AtiHDAudioService - ok
14:16:44.0859 4336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows

\System32\Audiosrv.dll
14:16:44.0864 4336 AudioEndpointBuilder - ok
14:16:44.0870 4336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows

\System32\Audiosrv.dll
14:16:44.0872 4336 AudioSrv - ok
14:16:44.0874 4336 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows

\System32\AxInstSV.dll
14:16:44.0876 4336 AxInstSV - ok
14:16:44.0881 4336 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows

\system32\drivers\bxvbda.sys
14:16:44.0884 4336 b06bdrv - ok
14:16:44.0887 4336 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows

\system32\DRIVERS\b57nd60a.sys
14:16:44.0889 4336 b57nd60a - ok
14:16:44.0892 4336 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows

\System32\bdesvc.dll
14:16:44.0893 4336 BDESVC - ok
14:16:44.0894 4336 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows

\system32\drivers\Beep.sys
14:16:44.0895 4336 Beep - ok
14:16:44.0902 4336 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows

\System32\bfe.dll
14:16:44.0908 4336 BFE - ok
14:16:44.0917 4336 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows

\System32\qmgr.dll
14:16:44.0924 4336 BITS - ok
14:16:44.0926 4336 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows

\system32\drivers\blbdrive.sys
14:16:44.0926 4336 blbdrive - ok
14:16:44.0928 4336 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows

\system32\DRIVERS\bowser.sys
14:16:44.0929 4336 bowser - ok
14:16:44.0931 4336 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows

\system32\drivers\BrFiltLo.sys
14:16:44.0931 4336 BrFiltLo - ok
14:16:44.0933 4336 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows

\system32\drivers\BrFiltUp.sys
14:16:44.0933 4336 BrFiltUp - ok
14:16:44.0936 4336 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows

\System32\browser.dll
14:16:44.0937 4336 Browser - ok
14:16:44.0940 4336 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows

\System32\Drivers\Brserid.sys
14:16:44.0942 4336 Brserid - ok
14:16:44.0943 4336 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows

\System32\Drivers\BrSerWdm.sys
14:16:44.0944 4336 BrSerWdm - ok
14:16:44.0945 4336 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows

\System32\Drivers\BrUsbMdm.sys
14:16:44.0946 4336 BrUsbMdm - ok
14:16:44.0947 4336 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows

\System32\Drivers\BrUsbSer.sys
14:16:44.0947 4336 BrUsbSer - ok
14:16:44.0949 4336 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows

\system32\drivers\BthEnum.sys
14:16:44.0950 4336 BthEnum - ok
14:16:44.0952 4336 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows

\system32\drivers\bthmodem.sys
14:16:44.0953 4336 BTHMODEM - ok
14:16:44.0955 4336 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows

\system32\DRIVERS\bthpan.sys
14:16:44.0956 4336 BthPan - ok
14:16:44.0962 4336 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows

\System32\Drivers\BTHport.sys
14:16:44.0966 4336 BTHPORT - ok
14:16:44.0968 4336 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows

\system32\bthserv.dll
14:16:44.0969 4336 bthserv - ok
14:16:44.0971 4336 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows

\System32\Drivers\BTHUSB.sys
14:16:44.0972 4336 BTHUSB - ok
14:16:44.0974 4336 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows

\system32\DRIVERS\cdfs.sys
14:16:44.0974 4336 cdfs - ok
14:16:44.0977 4336 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows

\system32\DRIVERS\cdrom.sys
14:16:44.0978 4336 cdrom - ok
14:16:44.0981 4336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows

\System32\certprop.dll
14:16:44.0981 4336 CertPropSvc - ok
14:16:44.0983 4336 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows

\system32\drivers\circlass.sys
14:16:44.0984 4336 circlass - ok
14:16:44.0988 4336 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows

\system32\CLFS.sys
14:16:44.0991 4336 CLFS - ok
14:16:44.0995 4336 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:

\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:44.0997 4336 clr_optimization_v2.0.50727_32 - ok
14:16:45.0000 4336 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:

\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:16:45.0002 4336 clr_optimization_v2.0.50727_64 - ok
14:16:45.0006 4336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:45.0008 4336 clr_optimization_v4.0.30319_32 - ok
14:16:45.0012 4336 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:16:45.0014 4336 clr_optimization_v4.0.30319_64 - ok
14:16:45.0016 4336 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows

\system32\drivers\CmBatt.sys
14:16:45.0016 4336 CmBatt - ok
14:16:45.0018 4336 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows

\system32\drivers\cmdide.sys
14:16:45.0018 4336 cmdide - ok
14:16:45.0023 4336 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows

\system32\Drivers\cng.sys
14:16:45.0025 4336 CNG - ok
14:16:45.0027 4336 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows

\system32\drivers\compbatt.sys
14:16:45.0028 4336 Compbatt - ok
14:16:45.0029 4336 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows

\system32\drivers\CompositeBus.sys
14:16:45.0030 4336 CompositeBus - ok
14:16:45.0031 4336 COMSysApp - ok
14:16:45.0033 4336 cpuz130 - ok
14:16:45.0035 4336 [ CCB09EB78E047C931708149992C2E435 ] cpuz135 C:\Windows

\system32\drivers\cpuz135_x64.sys
14:16:45.0035 4336 cpuz135 - ok
14:16:45.0036 4336 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows

\system32\drivers\crcdisk.sys
14:16:45.0037 4336 crcdisk - ok
14:16:45.0040 4336 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows

\system32\cryptsvc.dll
14:16:45.0041 4336 CryptSvc - ok
14:16:45.0048 4336 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows

\system32\drivers\csc.sys
14:16:45.0052 4336 CSC - ok
14:16:45.0060 4336 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows

\System32\cscsvc.dll
14:16:45.0065 4336 CscService - ok
14:16:45.0072 4336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows

\system32\rpcss.dll
14:16:45.0076 4336 DcomLaunch - ok
14:16:45.0080 4336 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows

\System32\defragsvc.dll
14:16:45.0083 4336 defragsvc - ok
14:16:45.0085 4336 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows

\system32\Drivers\dfsc.sys
14:16:45.0086 4336 DfsC - ok
14:16:45.0091 4336 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows

\system32\dhcpcore.dll
14:16:45.0093 4336 Dhcp - ok
14:16:45.0095 4336 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows

\system32\drivers\discache.sys
14:16:45.0096 4336 discache - ok
14:16:45.0098 4336 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows

\system32\drivers\disk.sys
14:16:45.0099 4336 Disk - ok
14:16:45.0101 4336 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows

\system32\drivers\dmvsc.sys
14:16:45.0102 4336 dmvsc - ok
14:16:45.0106 4336 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows

\System32\dnsrslvr.dll
14:16:45.0109 4336 Dnscache - ok
14:16:45.0112 4336 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows

\System32\dot3svc.dll
14:16:45.0114 4336 dot3svc - ok
14:16:45.0117 4336 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows

\system32\dps.dll
14:16:45.0119 4336 DPS - ok
14:16:45.0121 4336 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows

\system32\drivers\drmkaud.sys
14:16:45.0121 4336 drmkaud - ok
14:16:45.0132 4336 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows

\System32\drivers\dxgkrnl.sys
14:16:45.0135 4336 DXGKrnl - ok
14:16:45.0137 4336 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows

\System32\eapsvc.dll
14:16:45.0139 4336 EapHost - ok
14:16:45.0160 4336 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows

\system32\drivers\evbda.sys
14:16:45.0178 4336 ebdrv - ok
14:16:45.0180 4336 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows

\System32\lsass.exe
14:16:45.0181 4336 EFS - ok
14:16:45.0187 4336 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome

\ehRecvr.exe
14:16:45.0192 4336 ehRecvr - ok
14:16:45.0194 4336 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome

\ehsched.exe
14:16:45.0195 4336 ehSched - ok
14:16:45.0200 4336 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows

\system32\drivers\elxstor.sys
14:16:45.0204 4336 elxstor - ok
14:16:45.0207 4336 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData

\EPSON\EPW!3 SSRP\E_S30RP1.EXE
14:16:45.0208 4336 EPSON_PM_RPCV4_01 - ok
14:16:45.0209 4336 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows

\system32\drivers\errdev.sys
14:16:45.0210 4336 ErrDev - ok
14:16:45.0217 4336 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows

\system32\es.dll
14:16:45.0220 4336 EventSystem - ok
14:16:45.0223 4336 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows

\system32\drivers\exfat.sys
14:16:45.0225 4336 exfat - ok
14:16:45.0227 4336 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows

\system32\drivers\fastfat.sys
14:16:45.0229 4336 fastfat - ok
14:16:45.0237 4336 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows

\system32\fxssvc.exe
14:16:45.0243 4336 Fax - ok
14:16:45.0245 4336 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows

\system32\drivers\fdc.sys
14:16:45.0245 4336 fdc - ok
14:16:45.0247 4336 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows

\system32\fdPHost.dll
14:16:45.0248 4336 fdPHost - ok
14:16:45.0249 4336 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows

\system32\fdrespub.dll
14:16:45.0250 4336 FDResPub - ok
14:16:45.0252 4336 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows

\system32\drivers\fileinfo.sys
14:16:45.0253 4336 FileInfo - ok
14:16:45.0254 4336 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows

\system32\drivers\filetrace.sys
14:16:45.0255 4336 Filetrace - ok
14:16:45.0256 4336 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows

\system32\drivers\flpydisk.sys
14:16:45.0257 4336 flpydisk - ok
14:16:45.0260 4336 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows

\system32\drivers\fltmgr.sys
14:16:45.0262 4336 FltMgr - ok
14:16:45.0271 4336 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows

\system32\FntCache.dll
14:16:45.0278 4336 FontCache - ok
14:16:45.0280 4336 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows

\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:16:45.0281 4336 FontCache3.0.0.0 - ok
14:16:45.0283 4336 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows

\system32\drivers\FsDepends.sys
14:16:45.0284 4336 FsDepends - ok
14:16:45.0285 4336 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows

\system32\drivers\Fs_Rec.sys
14:16:45.0286 4336 Fs_Rec - ok
14:16:45.0289 4336 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows

\system32\DRIVERS\fvevol.sys
14:16:45.0291 4336 fvevol - ok
14:16:45.0292 4336 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows

\system32\drivers\gagp30kx.sys
14:16:45.0293 4336 gagp30kx - ok
14:16:45.0301 4336 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows

\System32\gpsvc.dll
14:16:45.0307 4336 gpsvc - ok
14:16:45.0311 4336 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe
14:16:45.0312 4336 gupdate - ok
14:16:45.0314 4336 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe
14:16:45.0314 4336 gupdatem - ok
14:16:45.0316 4336 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows

\system32\drivers\hcw85cir.sys
14:16:45.0317 4336 hcw85cir - ok
14:16:45.0321 4336 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows

\system32\drivers\HdAudio.sys
14:16:45.0323 4336 HdAudAddService - ok
14:16:45.0327 4336 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows

\system32\DRIVERS\HDAudBus.sys
14:16:45.0328 4336 HDAudBus - ok
14:16:45.0330 4336 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows

\system32\drivers\HidBatt.sys
14:16:45.0331 4336 HidBatt - ok
14:16:45.0333 4336 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows

\system32\drivers\hidbth.sys
14:16:45.0333 4336 HidBth - ok
14:16:45.0335 4336 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows

\system32\drivers\hidir.sys
14:16:45.0336 4336 HidIr - ok
14:16:45.0337 4336 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows

\system32\hidserv.dll
14:16:45.0338 4336 hidserv - ok
14:16:45.0340 4336 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows

\system32\DRIVERS\hidusb.sys
14:16:45.0341 4336 HidUsb - ok
14:16:45.0343 4336 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows

\system32\kmsvc.dll
14:16:45.0344 4336 hkmsvc - ok
14:16:45.0347 4336 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows

\system32\ListSvc.dll
14:16:45.0349 4336 HomeGroupListener - ok
14:16:45.0353 4336 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows

\system32\provsvc.dll
14:16:45.0355 4336 HomeGroupProvider - ok
14:16:45.0357 4336 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows

\system32\drivers\HpSAMD.sys
14:16:45.0357 4336 HpSAMD - ok
14:16:45.0365 4336 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows

\system32\drivers\HTTP.sys
14:16:45.0370 4336 HTTP - ok
14:16:45.0372 4336 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows

\system32\drivers\hwpolicy.sys
14:16:45.0373 4336 hwpolicy - ok
14:16:45.0375 4336 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows

\system32\drivers\i8042prt.sys
14:16:45.0376 4336 i8042prt - ok
14:16:45.0377 4336 [ 87A72502C8AC5E89B5A46FF6E874F5C5 ] IAMTVE C:\Windows

\system32\drivers\IAMTVE.sys
14:16:45.0378 4336 IAMTVE - ok
14:16:45.0379 4336 [ 5516F8E518A2F6A8755498F3E73957CF ] IAMTXPE C:\Windows

\system32\drivers\IAMTXPE.sys
14:16:45.0380 4336 IAMTXPE - ok
14:16:45.0385 4336 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows

\system32\drivers\iaStorV.sys
14:16:45.0388 4336 iaStorV - ok
14:16:45.0395 4336 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows

\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:16:45.0401 4336 idsvc - ok
14:16:45.0403 4336 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows

\system32\drivers\iirsp.sys
14:16:45.0403 4336 iirsp - ok
14:16:45.0412 4336 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows

\System32\ikeext.dll
14:16:45.0418 4336 IKEEXT - ok
14:16:45.0444 4336 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows

\system32\drivers\RTKVHD64.sys
14:16:45.0451 4336 IntcAzAudAddService - ok
14:16:45.0453 4336 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows

\system32\drivers\intelide.sys
14:16:45.0454 4336 intelide - ok
14:16:45.0456 4336 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows

\system32\DRIVERS\intelppm.sys
14:16:45.0456 4336 intelppm - ok
14:16:45.0458 4336 [ E45575812630B049CE0F679D87561A4D ] ioatdma1 C:\Windows

\System32\Drivers\qd162x64.sys
14:16:45.0459 4336 ioatdma1 - ok
14:16:45.0460 4336 [ 2C23820DD9E81199E60F553EB50BC449 ] ioatdma2 C:\Windows

\System32\Drivers\qd262x64.sys
14:16:45.0461 4336 ioatdma2 - ok
14:16:45.0463 4336 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows

\system32\ipbusenum.dll
14:16:45.0465 4336 IPBusEnum - ok
14:16:45.0467 4336 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows

\system32\DRIVERS\ipfltdrv.sys
14:16:45.0467 4336 IpFilterDriver - ok
14:16:45.0474 4336 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows

\System32\iphlpsvc.dll
14:16:45.0480 4336 iphlpsvc - ok
14:16:45.0482 4336 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows

\system32\drivers\IPMIDrv.sys
14:16:45.0483 4336 IPMIDRV - ok
14:16:45.0485 4336 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows

\system32\drivers\ipnat.sys
14:16:45.0486 4336 IPNAT - ok
14:16:45.0488 4336 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows

\system32\drivers\irenum.sys
14:16:45.0488 4336 IRENUM - ok
14:16:45.0489 4336 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows

\system32\drivers\isapnp.sys
14:16:45.0490 4336 isapnp - ok
14:16:45.0493 4336 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows

\system32\drivers\msiscsi.sys
14:16:45.0495 4336 iScsiPrt - ok
14:16:45.0497 4336 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows

\system32\DRIVERS\kbdclass.sys
14:16:45.0497 4336 kbdclass - ok
14:16:45.0499 4336 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows

\system32\DRIVERS\kbdhid.sys
14:16:45.0500 4336 kbdhid - ok
14:16:45.0501 4336 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows

\system32\lsass.exe
14:16:45.0501 4336 KeyIso - ok
14:16:45.0504 4336 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows

\system32\Drivers\ksecdd.sys
14:16:45.0504 4336 KSecDD - ok
14:16:45.0507 4336 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows

\system32\Drivers\ksecpkg.sys
14:16:45.0508 4336 KSecPkg - ok
14:16:45.0509 4336 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows

\system32\drivers\ksthunk.sys
14:16:45.0510 4336 ksthunk - ok
14:16:45.0513 4336 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows

\system32\msdtckrm.dll
14:16:45.0516 4336 KtmRm - ok
14:16:45.0519 4336 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows

\system32\srvsvc.dll
14:16:45.0522 4336 LanmanServer - ok
14:16:45.0525 4336 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows

\System32\wkssvc.dll
14:16:45.0527 4336 LanmanWorkstation - ok
14:16:45.0529 4336 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows

\system32\DRIVERS\lltdio.sys
14:16:45.0530 4336 lltdio - ok
14:16:45.0534 4336 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows

\System32\lltdsvc.dll
14:16:45.0536 4336 lltdsvc - ok
14:16:45.0537 4336 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows

\System32\lmhsvc.dll
14:16:45.0538 4336 lmhosts - ok
14:16:45.0541 4336 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows

\system32\drivers\lsi_fc.sys
14:16:45.0542 4336 LSI_FC - ok
14:16:45.0544 4336 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows

\system32\drivers\lsi_sas.sys
14:16:45.0545 4336 LSI_SAS - ok
14:16:45.0547 4336 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows

\system32\drivers\lsi_sas2.sys
14:16:45.0547 4336 LSI_SAS2 - ok
14:16:45.0549 4336 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows

\system32\drivers\lsi_scsi.sys
14:16:45.0550 4336 LSI_SCSI - ok
14:16:45.0553 4336 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows

\system32\drivers\luafv.sys
14:16:45.0554 4336 luafv - ok
14:16:45.0556 4336 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows

\system32\Mcx2Svc.dll
14:16:45.0557 4336 Mcx2Svc - ok
14:16:45.0559 4336 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows

\system32\drivers\megasas.sys
14:16:45.0560 4336 megasas - ok
14:16:45.0563 4336 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows

\system32\drivers\MegaSR.sys
14:16:45.0565 4336 MegaSR - ok
14:16:45.0567 4336 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows

\system32\drivers\HECIx64.sys
14:16:45.0567 4336 MEIx64 - ok
14:16:45.0571 4336 Microsoft SharePoint Workspace Audit Service - ok
14:16:45.0574 4336 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows

\system32\mmcss.dll
14:16:45.0576 4336 MMCSS - ok
14:16:45.0578 4336 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows

\system32\drivers\modem.sys
14:16:45.0578 4336 Modem - ok
14:16:45.0580 4336 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows

\system32\DRIVERS\monitor.sys
14:16:45.0580 4336 monitor - ok
14:16:45.0582 4336 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows

\system32\DRIVERS\mouclass.sys
14:16:45.0582 4336 mouclass - ok
14:16:45.0584 4336 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows

\system32\DRIVERS\mouhid.sys
14:16:45.0584 4336 mouhid - ok
14:16:45.0587 4336 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows

\system32\drivers\mountmgr.sys
14:16:45.0587 4336 mountmgr - ok
14:16:45.0591 4336 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows

\system32\DRIVERS\MpFilter.sys
14:16:45.0592 4336 MpFilter - ok
14:16:45.0595 4336 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows

\system32\drivers\mpio.sys
14:16:45.0596 4336 mpio - ok
14:16:45.0598 4336 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows

\system32\drivers\mpsdrv.sys
14:16:45.0599 4336 mpsdrv - ok
14:16:45.0607 4336 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows

\system32\mpssvc.dll
14:16:45.0614 4336 MpsSvc - ok
14:16:45.0617 4336 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows

\system32\drivers\mrxdav.sys
14:16:45.0618 4336 MRxDAV - ok
14:16:45.0621 4336 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows

\system32\DRIVERS\mrxsmb.sys
14:16:45.0622 4336 mrxsmb - ok
14:16:45.0627 4336 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows

\system32\DRIVERS\mrxsmb10.sys
14:16:45.0630 4336 mrxsmb10 - ok
14:16:45.0633 4336 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows

\system32\DRIVERS\mrxsmb20.sys
14:16:45.0634 4336 mrxsmb20 - ok
14:16:45.0635 4336 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows

\system32\drivers\msahci.sys
14:16:45.0636 4336 msahci - ok
14:16:45.0638 4336 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows

\system32\drivers\msdsm.sys
14:16:45.0639 4336 msdsm - ok
14:16:45.0641 4336 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows

\System32\msdtc.exe
14:16:45.0643 4336 MSDTC - ok
14:16:45.0646 4336 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows

\system32\drivers\Msfs.sys
14:16:45.0647 4336 Msfs - ok
14:16:45.0648 4336 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows

\System32\drivers\mshidkmdf.sys
14:16:45.0648 4336 mshidkmdf - ok
14:16:45.0650 4336 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows

\system32\drivers\msisadrv.sys
14:16:45.0650 4336 msisadrv - ok
14:16:45.0653 4336 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows

\system32\iscsiexe.dll
14:16:45.0654 4336 MSiSCSI - ok
14:16:45.0655 4336 msiserver - ok
14:16:45.0657 4336 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows

\system32\drivers\MSKSSRV.sys
14:16:45.0657 4336 MSKSSRV - ok
14:16:45.0660 4336 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files

\Microsoft Security Client\MsMpEng.exe
14:16:45.0660 4336 MsMpSvc - ok
14:16:45.0661 4336 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows

\system32\drivers\MSPCLOCK.sys
14:16:45.0662 4336 MSPCLOCK - ok
14:16:45.0663 4336 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows

\system32\drivers\MSPQM.sys
14:16:45.0664 4336 MSPQM - ok
14:16:45.0669 4336 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows

\system32\drivers\MsRPC.sys
14:16:45.0672 4336 MsRPC - ok
14:16:45.0674 4336 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows

\system32\drivers\mssmbios.sys
14:16:45.0675 4336 mssmbios - ok
14:16:45.0676 4336 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows

\system32\drivers\MSTEE.sys
14:16:45.0677 4336 MSTEE - ok
14:16:45.0678 4336 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows

\system32\drivers\MTConfig.sys
14:16:45.0678 4336 MTConfig - ok
14:16:45.0680 4336 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows

\system32\drivers\ASACPI.sys
14:16:45.0680 4336 MTsensor - ok
14:16:45.0682 4336 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows

\system32\Drivers\mup.sys
14:16:45.0683 4336 Mup - ok
14:16:45.0688 4336 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows

\system32\qagentRT.dll
14:16:45.0691 4336 napagent - ok
14:16:45.0694 4336 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows

\system32\DRIVERS\nwifi.sys
14:16:45.0697 4336 NativeWifiP - ok
14:16:45.0705 4336 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows

\system32\drivers\ndis.sys
14:16:45.0710 4336 NDIS - ok
14:16:45.0712 4336 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows

\system32\DRIVERS\ndiscap.sys
14:16:45.0713 4336 NdisCap - ok
14:16:45.0714 4336 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows

\system32\DRIVERS\ndistapi.sys
14:16:45.0715 4336 NdisTapi - ok
14:16:45.0716 4336 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows

\system32\DRIVERS\ndisuio.sys
14:16:45.0717 4336 Ndisuio - ok
14:16:45.0720 4336 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows

\system32\DRIVERS\ndiswan.sys
14:16:45.0722 4336 NdisWan - ok
14:16:45.0724 4336 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows

\system32\drivers\NDProxy.sys
14:16:45.0725 4336 NDProxy - ok
14:16:45.0727 4336 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows

\system32\DRIVERS\netbios.sys
14:16:45.0728 4336 NetBIOS - ok
14:16:45.0732 4336 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows

\system32\DRIVERS\netbt.sys
14:16:45.0734 4336 NetBT - ok
14:16:45.0735 4336 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows

\system32\lsass.exe
14:16:45.0736 4336 Netlogon - ok
14:16:45.0741 4336 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows

\System32\netman.dll
14:16:45.0744 4336 Netman - ok
14:16:45.0750 4336 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows

\System32\netprofm.dll
14:16:45.0754 4336 netprofm - ok
14:16:45.0756 4336 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows

\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:16:45.0757 4336 NetTcpPortSharing - ok
14:16:45.0758 4336 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows

\system32\drivers\nfrd960.sys
14:16:45.0759 4336 nfrd960 - ok
14:16:45.0762 4336 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows

\system32\DRIVERS\NisDrvWFP.sys
14:16:45.0763 4336 NisDrv - ok
14:16:45.0767 4336 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files

\Microsoft Security Client\NisSrv.exe
14:16:45.0769 4336 NisSrv - ok
14:16:45.0774 4336 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows

\System32\nlasvc.dll
14:16:45.0777 4336 NlaSvc - ok
14:16:45.0779 4336 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows

\system32\drivers\Npfs.sys
14:16:45.0779 4336 Npfs - ok
14:16:45.0781 4336 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows

\system32\nsisvc.dll
14:16:45.0782 4336 nsi - ok
14:16:45.0784 4336 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows

\system32\drivers\nsiproxy.sys
14:16:45.0784 4336 nsiproxy - ok
14:16:45.0801 4336 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows

\system32\drivers\Ntfs.sys
14:16:45.0813 4336 Ntfs - ok
14:16:45.0815 4336 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows

\system32\drivers\Null.sys
14:16:45.0816 4336 Null - ok
14:16:45.0818 4336 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows

\system32\drivers\nusb3hub.sys
14:16:45.0819 4336 nusb3hub - ok
14:16:45.0821 4336 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows

\system32\drivers\nusb3xhc.sys
14:16:45.0823 4336 nusb3xhc - ok
14:16:45.0825 4336 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows

\system32\drivers\nvraid.sys
14:16:45.0826 4336 nvraid - ok
14:16:45.0829 4336 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows

\system32\drivers\nvstor.sys
14:16:45.0831 4336 nvstor - ok
14:16:45.0835 4336 [ 4DC87CDA61D7B185E79618581F46B85A ] NvStUSB C:\Windows

\system32\drivers\nvstusb.sys
14:16:45.0838 4336 NvStUSB - ok
14:16:45.0840 4336 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows

\system32\drivers\nv_agp.sys
14:16:45.0841 4336 nv_agp - ok
14:16:45.0843 4336 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows

\system32\drivers\ohci1394.sys
14:16:45.0844 4336 ohci1394 - ok
14:16:45.0846 4336 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files

\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:45.0848 4336 ose64 - ok
14:16:45.0900 4336 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files

\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:16:45.0940 4336 osppsvc - ok
14:16:45.0946 4336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows

\system32\pnrpsvc.dll
14:16:45.0950 4336 p2pimsvc - ok
14:16:45.0954 4336 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows

\system32\p2psvc.dll
14:16:45.0957 4336 p2psvc - ok
14:16:45.0959 4336 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows

\system32\drivers\parport.sys
14:16:45.0960 4336 Parport - ok
14:16:45.0962 4336 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows

\system32\drivers\partmgr.sys
14:16:45.0963 4336 partmgr - ok
14:16:45.0966 4336 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows

\System32\pcasvc.dll
14:16:45.0968 4336 PcaSvc - ok
14:16:45.0971 4336 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows

\system32\drivers\pci.sys
14:16:45.0972 4336 pci - ok
14:16:45.0974 4336 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows

\system32\drivers\pciide.sys
14:16:45.0974 4336 pciide - ok
14:16:45.0976 4336 [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial C:\Windows

\system32\drivers\PciIsaSerial.sys
14:16:45.0977 4336 PciIsaSerial - ok
14:16:45.0979 4336 [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts C:\Windows

\system32\drivers\PciPPorts.sys
14:16:45.0980 4336 PciPPorts - ok
14:16:45.0982 4336 [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts C:\Windows

\system32\drivers\PciSPorts.sys
14:16:45.0983 4336 PciSPorts - ok
14:16:45.0986 4336 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows

\system32\drivers\pcmcia.sys
14:16:45.0987 4336 pcmcia - ok
14:16:45.0989 4336 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows

\system32\drivers\pcw.sys
14:16:45.0990 4336 pcw - ok
14:16:45.0997 4336 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows

\system32\drivers\peauth.sys
14:16:46.0002 4336 PEAUTH - ok
14:16:46.0013 4336 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows

\system32\peerdistsvc.dll
14:16:46.0021 4336 PeerDistSvc - ok
14:16:46.0038 4336 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows

\SysWow64\perfhost.exe
14:16:46.0039 4336 PerfHost - ok
14:16:46.0052 4336 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows

\system32\pla.dll
14:16:46.0061 4336 pla - ok
14:16:46.0067 4336 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows

\system32\umpnpmgr.dll
14:16:46.0070 4336 PlugPlay - ok
14:16:46.0072 4336 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows

\system32\pnrpauto.dll
14:16:46.0073 4336 PNRPAutoReg - ok
14:16:46.0077 4336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows

\system32\pnrpsvc.dll
14:16:46.0079 4336 PNRPsvc - ok
14:16:46.0084 4336 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows

\System32\ipsecsvc.dll
14:16:46.0088 4336 PolicyAgent - ok
14:16:46.0091 4336 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows

\system32\umpo.dll
14:16:46.0093 4336 Power - ok
14:16:46.0096 4336 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows

\system32\DRIVERS\raspptp.sys
14:16:46.0097 4336 PptpMiniport - ok
14:16:46.0099 4336 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows

\system32\drivers\processr.sys
14:16:46.0100 4336 Processor - ok
14:16:46.0102 4336 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows

\system32\profsvc.dll
14:16:46.0104 4336 ProfSvc - ok
14:16:46.0105 4336 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows

\system32\lsass.exe
14:16:46.0106 4336 ProtectedStorage - ok
14:16:46.0109 4336 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows

\system32\DRIVERS\pacer.sys
14:16:46.0111 4336 Psched - ok
14:16:46.0122 4336 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows

\system32\drivers\ql2300.sys
14:16:46.0132 4336 ql2300 - ok
14:16:46.0134 4336 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows

\system32\drivers\ql40xx.sys
14:16:46.0135 4336 ql40xx - ok
14:16:46.0139 4336 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows

\system32\qwave.dll
14:16:46.0141 4336 QWAVE - ok
14:16:46.0143 4336 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows

\system32\drivers\qwavedrv.sys
14:16:46.0144 4336 QWAVEdrv - ok
14:16:46.0145 4336 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows

\system32\DRIVERS\rasacd.sys
14:16:46.0145 4336 RasAcd - ok
14:16:46.0147 4336 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows

\system32\DRIVERS\AgileVpn.sys
14:16:46.0148 4336 RasAgileVpn - ok
14:16:46.0150 4336 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows

\System32\rasauto.dll
14:16:46.0151 4336 RasAuto - ok
14:16:46.0154 4336 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows

\system32\DRIVERS\rasl2tp.sys
14:16:46.0155 4336 Rasl2tp - ok
14:16:46.0159 4336 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows

\System32\rasmans.dll
14:16:46.0161 4336 RasMan - ok
14:16:46.0164 4336 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows

\system32\DRIVERS\raspppoe.sys
14:16:46.0165 4336 RasPppoe - ok
14:16:46.0167 4336 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows

\system32\DRIVERS\rassstp.sys
14:16:46.0168 4336 RasSstp - ok
14:16:46.0172 4336 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows

\system32\DRIVERS\rdbss.sys
14:16:46.0175 4336 rdbss - ok
14:16:46.0177 4336 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows

\system32\drivers\rdpbus.sys
14:16:46.0177 4336 rdpbus - ok
14:16:46.0179 4336 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows

\system32\DRIVERS\RDPCDD.sys
14:16:46.0179 4336 RDPCDD - ok
14:16:46.0183 4336 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows

\system32\drivers\rdpdr.sys
14:16:46.0184 4336 RDPDR - ok
14:16:46.0186 4336 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows

\system32\drivers\rdpencdd.sys
14:16:46.0186 4336 RDPENCDD - ok
14:16:46.0188 4336 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows

\system32\drivers\rdprefmp.sys
14:16:46.0189 4336 RDPREFMP - ok
14:16:46.0191 4336 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows

\system32\drivers\rdpvideominiport.sys
14:16:46.0192 4336 RdpVideoMiniport - ok
14:16:46.0195 4336 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows

\system32\drivers\RDPWD.sys
14:16:46.0197 4336 RDPWD - ok
14:16:46.0200 4336 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows

\system32\drivers\rdyboost.sys
14:16:46.0202 4336 rdyboost - ok
14:16:46.0204 4336 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows

\System32\mprdim.dll
14:16:46.0205 4336 RemoteAccess - ok
14:16:46.0208 4336 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows

\system32\regsvc.dll
14:16:46.0209 4336 RemoteRegistry - ok
14:16:46.0212 4336 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows

\system32\DRIVERS\rfcomm.sys
14:16:46.0213 4336 RFCOMM - ok
14:16:46.0216 4336 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows

\System32\RpcEpMap.dll
14:16:46.0217 4336 RpcEptMapper - ok
14:16:46.0218 4336 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows

\system32\locator.exe
14:16:46.0219 4336 RpcLocator - ok
14:16:46.0225 4336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows

\system32\rpcss.dll
14:16:46.0227 4336 RpcSs - ok
14:16:46.0229 4336 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows

\system32\DRIVERS\rspndr.sys
14:16:46.0229 4336 rspndr - ok
14:16:46.0236 4336 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows

\system32\DRIVERS\Rt64win7.sys
14:16:46.0237 4336 RTL8167 - ok
14:16:46.0239 4336 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows

\system32\drivers\vms3cap.sys
14:16:46.0240 4336 s3cap - ok
14:16:46.0241 4336 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows

\system32\lsass.exe
14:16:46.0242 4336 SamSs - ok
14:16:46.0244 4336 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files

\SUPERAntiSpyware\SASDIFSV64.SYS
14:16:46.0244 4336 SASDIFSV - ok
14:16:46.0246 4336 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files

\SUPERAntiSpyware\SASKUTIL64.SYS
14:16:46.0246 4336 SASKUTIL - ok
14:16:46.0270 4336 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files

(x86)\Ad-Aware Antivirus\SBAMSvc.exe
14:16:46.0287 4336 SBAMSvc - ok
14:16:46.0290 4336 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows

\system32\DRIVERS\sbapifs.sys
14:16:46.0291 4336 sbapifs - ok
14:16:46.0293 4336 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows

\system32\drivers\sbhips.sys
14:16:46.0294 4336 sbhips - ok
14:16:46.0296 4336 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows

\system32\drivers\sbp2port.sys
14:16:46.0297 4336 sbp2port - ok
14:16:46.0299 4336 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows

\system32\drivers\SBREdrv.sys
14:16:46.0299 4336 SBRE - ok
14:16:46.0302 4336 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows

\System32\SCardSvr.dll
14:16:46.0304 4336 SCardSvr - ok
14:16:46.0305 4336 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows

\system32\DRIVERS\scfilter.sys
14:16:46.0306 4336 scfilter - ok
14:16:46.0316 4336 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows

\system32\schedsvc.dll
14:16:46.0324 4336 Schedule - ok
14:16:46.0327 4336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows

\System32\certprop.dll
14:16:46.0327 4336 SCPolicySvc - ok
14:16:46.0330 4336 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows

\System32\SDRSVC.dll
14:16:46.0331 4336 SDRSVC - ok
14:16:46.0333 4336 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows

\system32\drivers\secdrv.sys
14:16:46.0334 4336 secdrv - ok
14:16:46.0335 4336 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows

\system32\seclogon.dll
14:16:46.0336 4336 seclogon - ok
14:16:46.0338 4336 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows

\System32\sens.dll
14:16:46.0339 4336 SENS - ok
14:16:46.0341 4336 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows

\system32\sensrsvc.dll
14:16:46.0342 4336 SensrSvc - ok
14:16:46.0343 4336 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows

\system32\drivers\serenum.sys
14:16:46.0343 4336 Serenum - ok
14:16:46.0346 4336 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows

\system32\drivers\serial.sys
14:16:46.0347 4336 Serial - ok
14:16:46.0349 4336 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows

\system32\drivers\sermouse.sys
14:16:46.0349 4336 sermouse - ok
14:16:46.0354 4336 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows

\system32\sessenv.dll
14:16:46.0355 4336 SessionEnv - ok
14:16:46.0356 4336 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows

\system32\drivers\sffdisk.sys
14:16:46.0357 4336 sffdisk - ok
14:16:46.0358 4336 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows

\system32\drivers\sffp_mmc.sys
14:16:46.0359 4336 sffp_mmc - ok
14:16:46.0360 4336 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows

\system32\drivers\sffp_sd.sys
14:16:46.0361 4336 sffp_sd - ok
14:16:46.0362 4336 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows

\system32\drivers\sfloppy.sys
14:16:46.0363 4336 sfloppy - ok
14:16:46.0366 4336 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows

\System32\ipnathlp.dll
14:16:46.0369 4336 SharedAccess - ok
14:16:46.0373 4336 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows

\System32\shsvcs.dll
14:16:46.0376 4336 ShellHWDetection - ok
14:16:46.0378 4336 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows

\system32\drivers\SiSRaid2.sys
14:16:46.0379 4336 SiSRaid2 - ok
14:16:46.0380 4336 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows

\system32\drivers\sisraid4.sys
14:16:46.0381 4336 SiSRaid4 - ok
14:16:46.0383 4336 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows

\system32\DRIVERS\smb.sys
14:16:46.0384 4336 Smb - ok
14:16:46.0387 4336 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows

\System32\snmptrap.exe
14:16:46.0388 4336 SNMPTRAP - ok
14:16:46.0389 4336 SophosVirusRemovalTool - ok
14:16:46.0392 4336 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows

\system32\drivers\spldr.sys
14:16:46.0392 4336 spldr - ok
14:16:46.0397 4336 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows

\System32\spoolsv.exe
14:16:46.0401 4336 Spooler - ok
14:16:46.0436 4336 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows

\system32\sppsvc.exe
14:16:46.0464 4336 sppsvc - ok
14:16:46.0466 4336 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows

\system32\sppuinotify.dll
14:16:46.0468 4336 sppuinotify - ok
14:16:46.0473 4336 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows

\system32\DRIVERS\srv.sys
14:16:46.0477 4336 srv - ok
14:16:46.0483 4336 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows

\system32\DRIVERS\srv2.sys
14:16:46.0487 4336 srv2 - ok
14:16:46.0490 4336 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows

\system32\DRIVERS\srvnet.sys
14:16:46.0493 4336 srvnet - ok
14:16:46.0497 4336 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows

\System32\ssdpsrv.dll
14:16:46.0499 4336 SSDPSRV - ok
14:16:46.0501 4336 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows

\system32\sstpsvc.dll
14:16:46.0502 4336 SstpSvc - ok
14:16:46.0504 4336 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows

\system32\drivers\stexstor.sys
14:16:46.0505 4336 stexstor - ok
14:16:46.0511 4336 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows

\System32\wiaservc.dll
14:16:46.0516 4336 stisvc - ok
14:16:46.0518 4336 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows

\system32\drivers\vmstorfl.sys
14:16:46.0518 4336 storflt - ok
14:16:46.0520 4336 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows

\system32\drivers\storvsc.sys
14:16:46.0520 4336 storvsc - ok
14:16:46.0522 4336 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows

\system32\drivers\swenum.sys
14:16:46.0522 4336 swenum - ok
14:16:46.0529 4336 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows

\System32\swprv.dll
14:16:46.0535 4336 swprv - ok
14:16:46.0537 4336 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows

\system32\drivers\Synth3dVsc.sys
14:16:46.0538 4336 Synth3dVsc - ok
14:16:46.0553 4336 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows

\system32\sysmain.dll
14:16:46.0564 4336 SysMain - ok
14:16:46.0567 4336 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows

\System32\TabSvc.dll
14:16:46.0568 4336 TabletInputService - ok
14:16:46.0572 4336 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows

\System32\tapisrv.dll
14:16:46.0574 4336 TapiSrv - ok
14:16:46.0576 4336 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows

\System32\tbssvc.dll
14:16:46.0577 4336 TBS - ok
14:16:46.0592 4336 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows

\system32\drivers\tcpip.sys
14:16:46.0603 4336 Tcpip - ok
14:16:46.0617 4336 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows

\system32\DRIVERS\tcpip.sys
14:16:46.0622 4336 TCPIP6 - ok
14:16:46.0625 4336 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows

\system32\drivers\tcpipreg.sys
14:16:46.0626 4336 tcpipreg - ok
14:16:46.0628 4336 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows

\system32\drivers\tdpipe.sys
14:16:46.0628 4336 TDPIPE - ok
14:16:46.0630 4336 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows

\system32\drivers\tdtcp.sys
14:16:46.0631 4336 TDTCP - ok
14:16:46.0633 4336 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows

\system32\DRIVERS\tdx.sys
14:16:46.0635 4336 tdx - ok
14:16:46.0654 4336 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files

(x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:16:46.0661 4336 TeamViewer7 - ok
14:16:46.0664 4336 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows

\system32\drivers\termdd.sys
14:16:46.0664 4336 TermDD - ok
14:16:46.0666 4336 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows

\system32\drivers\terminpt.sys
14:16:46.0667 4336 terminpt - ok
14:16:46.0673 4336 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows

\System32\termsrv.dll
14:16:46.0677 4336 TermService - ok
14:16:46.0679 4336 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows

\system32\themeservice.dll
14:16:46.0680 4336 Themes - ok
14:16:46.0683 4336 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows

\system32\mmcss.dll
14:16:46.0684 4336 THREADORDER - ok
14:16:46.0686 4336 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows

\System32\trkwks.dll
14:16:46.0688 4336 TrkWks - ok
14:16:46.0691 4336 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing

\TrustedInstaller.exe
14:16:46.0693 4336 TrustedInstaller - ok
14:16:46.0695 4336 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows

\system32\DRIVERS\tssecsrv.sys
14:16:46.0696 4336 tssecsrv - ok
14:16:46.0697 4336 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows

\system32\drivers\tsusbflt.sys
14:16:46.0698 4336 TsUsbFlt - ok
14:16:46.0700 4336 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows

\system32\drivers\TsUsbGD.sys
14:16:46.0700 4336 TsUsbGD - ok
14:16:46.0702 4336 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows

\system32\drivers\tsusbhub.sys
14:16:46.0704 4336 tsusbhub - ok
14:16:46.0706 4336 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows

\system32\DRIVERS\tunnel.sys
14:16:46.0707 4336 tunnel - ok
14:16:46.0709 4336 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows

\system32\drivers\uagp35.sys
14:16:46.0710 4336 uagp35 - ok
14:16:46.0713 4336 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows

\system32\DRIVERS\udfs.sys
14:16:46.0716 4336 udfs - ok
14:16:46.0719 4336 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows

\system32\UI0Detect.exe
14:16:46.0720 4336 UI0Detect - ok
14:16:46.0721 4336 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows

\system32\drivers\uliagpkx.sys
14:16:46.0722 4336 uliagpkx - ok
14:16:46.0724 4336 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows

\system32\drivers\umbus.sys
14:16:46.0724 4336 umbus - ok
14:16:46.0726 4336 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows

\system32\drivers\umpass.sys
14:16:46.0726 4336 UmPass - ok
14:16:46.0729 4336 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows

\System32\umrdp.dll
14:16:46.0732 4336 UmRdpService - ok
14:16:46.0737 4336 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows

\System32\upnphost.dll
14:16:46.0741 4336 upnphost - ok
14:16:46.0743 4336 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows

\system32\DRIVERS\usbccgp.sys
14:16:46.0745 4336 usbccgp - ok
14:16:46.0747 4336 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows

\system32\drivers\usbcir.sys
14:16:46.0748 4336 usbcir - ok
14:16:46.0750 4336 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows

\system32\drivers\usbehci.sys
14:16:46.0751 4336 usbehci - ok
14:16:46.0756 4336 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows

\system32\drivers\usbhub.sys
14:16:46.0760 4336 usbhub - ok
14:16:46.0762 4336 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows

\system32\drivers\usbohci.sys
14:16:46.0762 4336 usbohci - ok
14:16:46.0764 4336 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows

\system32\DRIVERS\usbprint.sys
14:16:46.0765 4336 usbprint - ok
14:16:46.0767 4336 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows

\system32\DRIVERS\usbscan.sys
14:16:46.0767 4336 usbscan - ok
14:16:46.0769 4336 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows

\system32\DRIVERS\USBSTOR.SYS
14:16:46.0770 4336 USBSTOR - ok
14:16:46.0772 4336 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows

\system32\drivers\usbuhci.sys
14:16:46.0772 4336 usbuhci - ok
14:16:46.0774 4336 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows

\System32\uxsms.dll
14:16:46.0775 4336 UxSms - ok
14:16:46.0777 4336 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows

\system32\lsass.exe
14:16:46.0777 4336 VaultSvc - ok
14:16:46.0780 4336 [ C30F3D43CEB6F79ADE9B805387E5F63C ] VBoxDrv C:\Windows

\system32\DRIVERS\VBoxDrv.sys
14:16:46.0781 4336 VBoxDrv - ok
14:16:46.0784 4336 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows

\system32\DRIVERS\VBoxNetAdp.sys
14:16:46.0784 4336 VBoxNetAdp - ok
14:16:46.0787 4336 [ 7B657669C53A0E6583F07EBAA303D9EA ] VBoxNetFlt C:\Windows

\system32\DRIVERS\VBoxNetFlt.sys
14:16:46.0788 4336 VBoxNetFlt - ok
14:16:46.0790 4336 [ CF3EE68CD9723E9F21E3198A0F690400 ] VBoxUSBMon C:\Windows

\system32\DRIVERS\VBoxUSBMon.sys
14:16:46.0791 4336 VBoxUSBMon - ok
14:16:46.0793 4336 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows

\system32\drivers\vdrvroot.sys
14:16:46.0793 4336 vdrvroot - ok
14:16:46.0798 4336 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows

\System32\vds.exe
14:16:46.0801 4336 vds - ok
14:16:46.0803 4336 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows

\system32\DRIVERS\vgapnp.sys
14:16:46.0803 4336 vga - ok
14:16:46.0805 4336 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows

\System32\drivers\vga.sys
14:16:46.0806 4336 VgaSave - ok
14:16:46.0808 4336 VGPU - ok
14:16:46.0811 4336 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows

\system32\drivers\vhdmp.sys
14:16:46.0812 4336 vhdmp - ok
14:16:46.0814 4336 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows

\system32\drivers\viaide.sys
14:16:46.0814 4336 viaide - ok
14:16:46.0817 4336 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows

\system32\drivers\vmbus.sys
14:16:46.0819 4336 vmbus - ok
14:16:46.0820 4336 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows

\system32\drivers\VMBusHID.sys
14:16:46.0821 4336 VMBusHID - ok
14:16:46.0823 4336 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows

\system32\drivers\volmgr.sys
14:16:46.0824 4336 volmgr - ok
14:16:46.0828 4336 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows

\system32\drivers\volmgrx.sys
14:16:46.0831 4336 volmgrx - ok
14:16:46.0835 4336 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows

\system32\drivers\volsnap.sys
14:16:46.0838 4336 volsnap - ok
14:16:46.0840 4336 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows

\system32\drivers\vsmraid.sys
14:16:46.0841 4336 vsmraid - ok
14:16:46.0858 4336 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows

\system32\vssvc.exe
14:16:46.0871 4336 VSS - ok
14:16:46.0873 4336 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows

\System32\drivers\vwifibus.sys
14:16:46.0874 4336 vwifibus - ok
14:16:46.0878 4336 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows

\system32\w32time.dll
14:16:46.0882 4336 W32Time - ok
14:16:46.0884 4336 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows

\system32\drivers\wacompen.sys
14:16:46.0885 4336 WacomPen - ok
14:16:46.0887 4336 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows

\system32\DRIVERS\wanarp.sys
14:16:46.0888 4336 WANARP - ok
14:16:46.0890 4336 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows

\system32\DRIVERS\wanarp.sys
14:16:46.0890 4336 Wanarpv6 - ok
14:16:46.0904 4336 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows

\system32\Wat\WatAdminSvc.exe
14:16:46.0914 4336 WatAdminSvc - ok
14:16:46.0926 4336 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows

\system32\wbengine.exe
14:16:46.0936 4336 wbengine - ok
14:16:46.0939 4336 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows

\System32\wbiosrvc.dll
14:16:46.0941 4336 WbioSrvc - ok
14:16:46.0945 4336 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows

\System32\wcncsvc.dll
14:16:46.0948 4336 wcncsvc - ok
14:16:46.0950 4336 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows

\System32\WcsPlugInService.dll
14:16:46.0951 4336 WcsPlugInService - ok
14:16:46.0952 4336 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows

\system32\drivers\wd.sys
14:16:46.0953 4336 Wd - ok
14:16:46.0961 4336 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows

\system32\drivers\Wdf01000.sys
14:16:46.0966 4336 Wdf01000 - ok
14:16:46.0968 4336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows

\system32\wdi.dll
14:16:46.0970 4336 WdiServiceHost - ok
14:16:46.0971 4336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows

\system32\wdi.dll
14:16:46.0972 4336 WdiSystemHost - ok
14:16:46.0975 4336 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows

\System32\webclnt.dll
14:16:46.0977 4336 WebClient - ok
14:16:46.0980 4336 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows

\system32\wecsvc.dll
14:16:46.0982 4336 Wecsvc - ok
14:16:46.0984 4336 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows

\System32\wercplsupport.dll
14:16:46.0986 4336 wercplsupport - ok
14:16:46.0988 4336 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows

\System32\WerSvc.dll
14:16:46.0989 4336 WerSvc - ok
14:16:46.0991 4336 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows

\system32\DRIVERS\wfplwf.sys
14:16:46.0992 4336 WfpLwf - ok
14:16:46.0993 4336 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows

\system32\drivers\wimmount.sys
14:16:46.0994 4336 WIMMount - ok
14:16:46.0995 4336 WinDefend - ok
14:16:46.0996 4336 WinHttpAutoProxySvc - ok
14:16:47.0003 4336 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows

\system32\wbem\WMIsvc.dll
14:16:47.0006 4336 Winmgmt - ok
14:16:47.0021 4336 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows

\system32\WsmSvc.dll
14:16:47.0033 4336 WinRM - ok
14:16:47.0043 4336 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows

\System32\wlansvc.dll
14:16:47.0049 4336 Wlansvc - ok
14:16:47.0051 4336 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows

\system32\drivers\wmiacpi.sys
14:16:47.0051 4336 WmiAcpi - ok
14:16:47.0054 4336 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows

\system32\wbem\WmiApSrv.exe
14:16:47.0056 4336 wmiApSrv - ok
14:16:47.0057 4336 WMPNetworkSvc - ok
14:16:47.0059 4336 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows

\System32\wpcsvc.dll
14:16:47.0060 4336 WPCSvc - ok
14:16:47.0062 4336 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows

\system32\wpdbusenum.dll
14:16:47.0063 4336 WPDBusEnum - ok
14:16:47.0065 4336 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows

\system32\drivers\ws2ifsl.sys
14:16:47.0065 4336 ws2ifsl - ok
14:16:47.0068 4336 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows

\System32\wscsvc.dll
14:16:47.0069 4336 wscsvc - ok
14:16:47.0070 4336 WSearch - ok
14:16:47.0089 4336 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows

\system32\wuaueng.dll
14:16:47.0103 4336 wuauserv - ok
14:16:47.0106 4336 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows

\system32\drivers\WudfPf.sys
14:16:47.0107 4336 WudfPf - ok
14:16:47.0110 4336 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows

\system32\DRIVERS\WUDFRd.sys
14:16:47.0112 4336 WUDFRd - ok
14:16:47.0114 4336 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows

\System32\WUDFSvc.dll
14:16:47.0116 4336 wudfsvc - ok
14:16:47.0119 4336 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows

\System32\wwansvc.dll
14:16:47.0121 4336 WwanSvc - ok
14:16:47.0124 4336 ================ Scan global ===============================
14:16:47.0125 4336 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:16:47.0128 4336 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:16:47.0133 4336 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:16:47.0135 4336 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:16:47.0140 4336 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:16:47.0144 4336 [Global] - ok
14:16:47.0144 4336 ================ Scan MBR ==================================
14:16:47.0145 4336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:16:47.0232 4336 \Device\Harddisk0\DR0 - ok
14:16:47.0236 4336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:16:47.0306 4336 \Device\Harddisk2\DR2 - ok
14:16:47.0309 4336 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:16:47.0370 4336 \Device\Harddisk1\DR1 - ok
14:16:47.0374 4336 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
14:16:47.0910 4336 \Device\Harddisk3\DR3 - ok
14:16:47.0911 4336 ================ Scan VBR ==================================
14:16:47.0914 4336 [ 1C1571DBA57DBD23CD307DC9087567E9 ] \Device\Harddisk0\DR0\Partition1
14:16:47.0916 4336 \Device\Harddisk0\DR0\Partition1 - ok
14:16:47.0918 4336 [ 4D9AC3A6706C80D611C51A1009A64A4F ] \Device\Harddisk0\DR0\Partition2
14:16:47.0919 4336 \Device\Harddisk0\DR0\Partition2 - ok
14:16:47.0923 4336 [ 0F696C3B11FBFA686FB69C2B5B74455A ] \Device\Harddisk2\DR2\Partition1
14:16:47.0924 4336 \Device\Harddisk2\DR2\Partition1 - ok
14:16:47.0927 4336 [ C01BCAE88E578E45E7658B57EBEF04EB ] \Device\Harddisk1\DR1\Partition1
14:16:47.0928 4336 \Device\Harddisk1\DR1\Partition1 - ok
14:16:47.0931 4336 [ 5EB40502CC92495ABACEBAB08600EDD4 ] \Device\Harddisk3\DR3\Partition1
14:16:47.0932 4336 \Device\Harddisk3\DR3\Partition1 - ok
14:16:47.0933 4336 [ 34007EE9073B2A97E61277B5BD934916 ] \Device\Harddisk3\DR3\Partition2
14:16:47.0936 4336 \Device\Harddisk3\DR3\Partition2 - ok
14:16:47.0936 4336 ============================================================
14:16:47.0936 4336 Scan finished
14:16:47.0936 4336 ============================================================
14:16:47.0939 3980 Detected object count: 0
14:16:47.0939 3980 Actual detected object count: 0

--------------------------------------------------------

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 14:20:16
-----------------------------
14:20:16.522 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:16.522 Number of processors: 4 586 0x2A07
14:20:16.523 ComputerName: JONATHAN589-PC UserName: Jonathan589
14:20:16.678 Initialize success
14:25:11.491 AVAST engine defs: 12100701
14:25:58.866 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:25:58.868 Disk 0 Vendor: Corsair_Force_3_SSD 1.3.3 Size: 114473MB BusType: 11
14:25:58.870 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
14:25:58.873 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11
14:25:58.875 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
14:25:58.878 Disk 2 Vendor: SAMSUNG_HD501LJ CR100-11 Size: 476940MB BusType: 11
14:25:58.883 Disk 0 MBR read successfully
14:25:58.886 Disk 0 MBR scan
14:25:58.892 Disk 0 Windows 7 default MBR code
14:25:58.895 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:25:58.901 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
14:25:58.910 Disk 0 scanning C:\Windows\system32\drivers
14:26:00.615 Service scanning
14:26:06.349 Modules scanning
14:26:06.359 Disk 0 trace - called modules:
14:26:06.367 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll

msahci.sys
14:26:06.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d5bc060]
14:26:06.377 3 CLASSPNP.SYS[fffff8800191643f] -> nt!IofCallDriver -> [0xfffffa800d3a4e40]
14:26:06.382 5 ACPI.sys[fffff88000d527a1] -> nt!IofCallDriver -> \Device\Ide

\IdeDeviceP0T0L0-0[0xfffffa800d3a1060]
14:26:06.543 AVAST engine scan C:\Windows
14:26:06.883 AVAST engine scan C:\Windows\system32
14:26:45.174 AVAST engine scan C:\Windows\system32\drivers
14:26:47.275 AVAST engine scan C:\Users\Jonathan589
14:27:23.611 AVAST engine scan C:\ProgramData
14:27:27.897 Scan finished successfully
14:27:57.174 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan589\Documents

\Computer things\Protection\MBR.dat"
14:27:57.176 The log file has been saved successfully to "C:\Users\Jonathan589\Documents

\Computer things\Protection\aswMBR.txt"

-------------------------------------------------------

eset online scanner:

I:\Computer setups\Kindle\SoftonicDownloader_for_epubor-kindle-drm-removal.exe a variant of

Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
I:\MyOldDocs\Documents\j_Computer setups\DriverSweeper\SoftonicDownloader_for_driver-

sweeper.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting -

quarantined
I:\MyOldDocs\Documents\j_Computer setups\j_Computer setups old JIC\Spyware

\Download_spycatcher.exe probably a variant of Win32/Agent.LKMTCBA trojan cleaned

by deleting - quarantined
I:\MyOldDocs\Documents\j_Computer setups\Spyware\Download_spycatcher.exe probably a

variant of Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined
I:\VeryOldDocs\j_Computer setups\Spyware\Download_spycatcher.exe probably a variant of

Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined
J:\System Volume Information\_restore{37A9B8D4-D9A2-43F6-B5E2-B1EF70747CE9}\RP134\A0024128.exe

Win32/Adware.Gator application cleaned by deleting - quarantined
J:\System Volume Information\_restore{37A9B8D4-D9A2-43F6-B5E2-B1EF70747CE9}\RP134\A0024456.exe

probably a variant of Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined
J:\System Volume Information\_restore{37A9B8D4-D9A2-43F6-B5E2-B1EF70747CE9}\RP134\A0024682.exe

Win32/Adware.Gator application cleaned by deleting - quarantined
J:\System Volume Information\_restore{37A9B8D4-D9A2-43F6-B5E2-B1EF70747CE9}\RP164\A0033388.exe

Win32/Adware.Gator application cleaned by deleting - quarantined
J:\System Volume Information\_restore{FACAE91C-B775-40F3-82B8-075C42BF420E}\RP965\A0150367.exe

probably a variant of Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined
J:\Jonathan\My Documents\My Pictures\digiblas\moving\DivXPro502GAINBundle.exe

Win32/Adware.Gator application cleaned by deleting - quarantined
J:\Jonathan\My Documents\j_History\Family History\Mine\Census\My Pictures\digiblas\moving

\DivXPro502GAINBundle.exe Win32/Adware.Gator application cleaned by deleting -

quarantined
J:\Jonathan\My Documents\j_Computer setups\Spybot\Download_spycatcher.exe probably a

variant of Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined
J:\Jonathan\My Documents\j_Computer setups\Spyware\Download_spycatcher.exe probably a

variant of Win32/Agent.LKMTCBA trojan cleaned by deleting - quarantined

Edited by Jonathan589, 07 October 2012 - 09:46 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 09:53 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Jonathan589

Jonathan589
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 01:21 PM

Thank you for your continued support. I did as instructed except for the last (JRT) where I forgot to turn off AntiSpyware and AdAware before running it, and did not rt-click to Run as Admin either, although my username has admin rights. Should I rerun it?

Thanks, Jonathan

---------------------------------------------------------------------------------------------

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan589 :: JONATHAN589-PC [administrator]

Protection: Enabled

07/10/2012 18:17:49
mbam-log-2012-10-07 (18-17-49).txt

Scan type: Full scan (C:\|E:\|I:\|J:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512952
Time elapsed: 27 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\SystemRestore\FRStaging\Users\Jonathan589\Documents\History\Family History\Mine\Census\My Pictures\digiblas\moving\DivXPro502GAINBundle.exe (Adware.Gain) -> Quarantined and deleted successfully.
J:\Jonathan\Office070507\SpecApps\keyfinder\keyfinder.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

-----------------------------------------------------------------------------------------------

Minitoolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jonathan589 (administrator) on 07-10-2012 at 18:56:06
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

--------------------------------------------------------------------------------------------------

Farbar Service Scanner log:

Farbar Service Scanner Version: 19-09-2012
Ran by Jonathan589 (administrator) on 07-10-2012 at 18:59:45
Running from "C:\Users\Jonathan589\Documents\Computer things\Protection2"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-------------------------------------------------------------------------------------------------

Adware cleaner log:

# AdwCleaner v2.004 - Logfile created 10/07/2012 at 19:02:44
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Jonathan589 - JONATHAN589-PC
# Boot Mode : Normal
# Running from : C:\Users\Jonathan589\Documents\Computer things\Protection2\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\blekko toolbars

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jonathan589\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1199 octets] - [07/10/2012 19:02:44]

########## EOF - C:\AdwCleaner[S1].txt - [1259 octets] ##########

------------------------------------------------------------------------------------------------

Junkware removal tool log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.0 (10.07.2012)
OS: Windows 7 Ultimate x64
Ran by Jonathan589 on 07/10/2012 at 19:10:20.90
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values:

ERROR: Access is denied.

Failed to delete: [VALUE-LOCKED!] {6c97a91e-4524-4019-86af-2aa2d567bf5c} from: hkey_local_machine\software\microsoft\internet explorer\toolbar



*** Registry Keys:

ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_classes_root\wow6432node\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Users\Jonathan589\appdata\local\adawarebp"



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 07/10/2012 at 19:10:26.23
End of Report

Edited by Jonathan589, 07 October 2012 - 01:22 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 01:31 PM

Thank you for your continued support. I did as instructed except for the last (JRT) where I forgot to turn off AntiSpyware and AdAware before running it, and did not rt-click to Run as Admin either, although my username has admin rights. Should I rerun it?


Yes

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands

Download

Hosts fixit

Run it,restart the PC

Now launch mini toolbox and checkmark hosts contents alone and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 Jonathan589

Jonathan589
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 03:20 PM

Thank you still! Did as you said, remembering to turn off the various antivirus things after each restart.

Jonathan

---------------------------------------------------------------------------------------------------

MiniToolbox (after hosts fixit) log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jonathan589 (administrator) on 07-10-2012 at 21:07:58
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

--------------------------------------------------------------------------------------------------

Rkill log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 09:08:21 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Jonathan589\Desktop\rkill\rkill-10-07-2012-09-08-51.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/07/2012 09:08:53 PM
Execution time: 0 hours(s), 0 minute(s), and 32 seconds(s)

-------------------------------------------------------------------------------------------------

Autoruns log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Ad-Aware Antivirus" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files (x86)\ad-aware antivirus\adawarelauncher.exe"
+ "Ad-Aware Browsing Protection" "Ad-Aware Browsing Protection and Anti-Phishing" "Lavasoft" "c:\programdata\ad-aware browsing protection\adawarebp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "MMReminderService" "MindManager Topic Alerts" "Mindjet" "c:\program files (x86)\mindjet\mindmanager 7\mmreminderservice.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
"C:\Users\Jonathan589\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropbox.exe"
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office14\onenotem.exe"
+ "OpenOffice.org 3.4.1.lnk" "" "" "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BitTorrent" "" "" "File not found: C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinMerge" "WinMerge Shell Integration library" "http://winmerge.org" "c:\program files (x86)\winmerge\shellextensionx64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "AdAwareContextMenu64" "Ad-Aware Antivirus Shell Extension x64" "Lavasoft Limited" "c:\program files (x86)\ad-aware antivirus\adawareshellextension64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "AdAwareContextMenu" "Ad-Aware Antivirus Shell Extension" "Lavasoft Limited" "c:\program files (x86)\ad-aware antivirus\adawareshellextension.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinMerge" "WinMerge Shell Integration library" "http://winmerge.org" "c:\program files (x86)\winmerge\shellextensionx64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "WinMerge" "WinMerge Shell Integration library" "http://winmerge.org" "c:\program files (x86)\winmerge\shellextensionx64.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\jonathan589\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Ad-Aware Security Add-on" "Ad-Aware Security Add-on Link Library" "" "c:\program files (x86)\adawaretb\adawaredx.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CmjBrowserHelperObject Object" "Internet Explorer add-in for MindManager 7" "Mindjet" "c:\program files (x86)\mindjet\mindmanager 7\mm7internetexplorer.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Ad-Aware Security Add-on" "Ad-Aware Security Add-on Link Library" "" "c:\program files (x86)\adawaretb\adawaredx.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Send to Mindjet MindManager" "Internet Explorer add-in for MindManager 7" "Mindjet" "c:\program files (x86)\mindjet\mindmanager 7\mm7internetexplorer.dll"
"Task Scheduler" "" "" ""
+ "\Ad-Aware Antivirus Scheduled Scan" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files (x86)\ad-aware antivirus\adawarelauncher.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{033FC490-8A4C-43C6-8DC1-AB45954B24E2}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{201915C2-9EB5-416A-9515-F714575CAAD9}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{31D5B94F-D1DA-40C1-A1E2-C93EBC5D889B}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{342F5A84-389D-408C-B2DA-402FA3541C7A}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{37666B77-2E40-4346-8DBC-3C30B357DC63}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{3A8E981C-2430-4BA0-9E1E-B199614A58FD}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{5C783380-7E88-4635-B677-26C473F77B5B}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{64123644-12CD-4A10-A26E-39CAEAE3AFC6}" "" "" "c:\users\jonathan589\documents\analog_60w32\analog 6.0\analog.exe"
+ "\{8A95F39F-9F57-44CB-A19D-1C0CDE0B4706}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{8CFACBC7-33F2-437A-A7C9-94D30111DAF0}" "" "" "c:\users\jonathan589\documents\analog_60w32\analog 6.0\analog.exe"
+ "\{9F374D06-FB9C-4374-AFB2-C0C3A1F36DDF}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
+ "\{A0C65A93-E3AB-4D24-8324-6CA257832A66}" "EPSON Scan" "SEIKO EPSON CORP." "c:\windows\twain_32\escndv\escndv.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited" "c:\program files (x86)\ad-aware antivirus\adawareservice.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "EPSON_PM_RPCV4_01" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\programdata\epson\epw!3 ssrp\e_s30rp1.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose64" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SBAMSvc" "Manages your antispyware and antivirus application" "GFI Software" "c:\program files (x86)\ad-aware antivirus\sbamsvc.exe"
+ "SophosVirusRemovalTool" "" "" "File not found: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe"
+ "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files (x86)\teamviewer\version7\teamviewer_service.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "ALSysIO" "" "" "File not found: C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "asmthub3" "ASMedia USB3 Hub Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmthub3.sys"
+ "asmtxhci" "ASMEDIA XHCI Host Controller Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmtxhci.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cpuz130" "" "" "File not found: C:\Users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys"
+ "cpuz135" "CPUID Driver" "CPUID" "c:\windows\system32\drivers\cpuz135_x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "IAMTVE" "Intel® Active Management Technology – KCS" "Intel Corporation" "c:\windows\system32\drivers\iamtve.sys"
+ "IAMTXPE" "Intel® Active Management Technology – KCS" "Intel Corporation" "c:\windows\system32\drivers\iamtxpe.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "ioatdma1" "Intel® 5000 Series Chipsets Integrated Device - 1A38" "Intel Corporation" "c:\windows\system32\drivers\qd162x64.sys"
+ "ioatdma2" "Intel® 5000 Series Chipsets Integrated Device - 1A38" "Intel Corporation" "c:\windows\system32\drivers\qd262x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "NvStUSB" "Stereoscopic 3D USB controller driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstusb.sys"
+ "PciIsaSerial" "Serial Device Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\pciisaserial.sys"
+ "PciPPorts" "Parallel driver for PCI Parallel Port." "" "c:\windows\system32\drivers\pcipports.sys"
+ "PciSPorts" "Serial driver for PCI Serial Port." "" "c:\windows\system32\drivers\pcisports.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "sbapifs" "GFI Active Protection Filter Driver" "GFI Software" "c:\windows\system32\drivers\sbapifs.sys"
+ "sbhips" "GFI Firewall SDK Host Intrusion Prevention System Driver" "GFI Software" "c:\windows\system32\drivers\sbhips.sys"
+ "SBRE" "GFI Anti-Rootkit Driver" "GFI Software" "c:\windows\system32\drivers\sbredrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "VBoxDrv" "VirtualBox Support Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxdrv.sys"
+ "VBoxNetAdp" "VirtualBox Host-Only Network Adapter Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetadp.sys"
+ "VBoxNetFlt" "VirtualBox Bridged Networking Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetflt.sys"
+ "VBoxUSBMon" "VirtualBox USB Monitor Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxusbmon.sys"
+ "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus D78 Series 64MonitorBE" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_ilmbge.dll"

-------------------------------------------------------------------------------------------------------

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 03:37 PM

Any current issues?

#9 Jonathan589

Jonathan589
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 05:06 PM

oooooh thank you! Especially since you've spent much of your Sunday looking after me - and I see it's now after 3am IST.

IE9 is dead in the water, every page takes minutes to load. I'll remove it in Windows and re-add it later to see if it gets better.
So I've been using Chrome the last hour: not a single popup, delay, or "404 not found nginx error" in Ancestry or other sites, and I was getting them in Chrome.

The logs showed up a few odds and ends I either don't use any more or thought I had deleted long since - they'll be deleted shortly. My security precautions are better than some, but obviously not good enough, so I'll also check BleepingComputer's general advice for antivirus protection to go on with.

Thank you very much indeed.

Jonathan

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 05:09 PM

oooooh thank you! Especially since you've spent much of your Sunday looking after me - and I see it's now after 3am IST.


Lol yes :thumbsup:

So I've been using Chrome the last hour: not a single popup, delay, or "404 not found nginx error" in Ancestry or other sites, and I was getting them in Chrome.



That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 Jonathan589

Jonathan589
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:58 AM

Posted 07 October 2012 - 06:32 PM

All done as you suggested. Thanks again!
:)

Jonathan

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:58 AM

Posted 07 October 2012 - 06:40 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users