Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus Wont go away


  • Please log in to reply
15 replies to this topic

#1 Frustration_

Frustration_

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 02:39 AM

Hello everyone.

I have tried and tried to get rid of this stupid virus over and over again but to no avail. I consider myself to have good computer knowledge but this one is escaping me.

In the past I have managed to get rid of any virus without a problem.
I have tried tdss kill, combo-fix and number of virus/adware scanners, all in safe mode.
I have also run minitoolbox.exe all with all antivirus and firewall disabled.

Please help me get rid of this horrible virus.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 02:40 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 02:54 AM

Removing previous logs.

Edited by Frustration_, 08 October 2012 - 03:10 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 03:06 AM

Follow my previous instructions

Edited by narenxp, 08 October 2012 - 03:12 AM.


#5 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 05:41 AM

TDSSKILL REPORT

08:55:29.0934 4220 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:55:31.0947 4220 ============================================================
08:55:31.0947 4220 Current date / time: 2012/10/08 08:55:31.0947
08:55:31.0947 4220 SystemInfo:
08:55:31.0947 4220
08:55:31.0947 4220 OS Version: 6.1.7601 ServicePack: 1.0
08:55:31.0947 4220 Product type: Workstation
08:55:31.0947 4220 ComputerName: KEV-PC
08:55:31.0947 4220 UserName: Work
08:55:31.0947 4220 Windows directory: C:\Windows
08:55:31.0947 4220 System windows directory: C:\Windows
08:55:31.0947 4220 Running under WOW64
08:55:31.0947 4220 Processor architecture: Intel x64
08:55:31.0947 4220 Number of processors: 2
08:55:31.0947 4220 Page size: 0x1000
08:55:31.0947 4220 Boot type: Normal boot
08:55:31.0947 4220 ============================================================
08:55:34.0583 4220 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:55:34.0599 4220 ============================================================
08:55:34.0599 4220 \Device\Harddisk0\DR0:
08:55:34.0599 4220 MBR partitions:
08:55:34.0599 4220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:55:34.0599 4220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x238F6800
08:55:34.0599 4220 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2395A800, BlocksNum 0x1AA0000
08:55:34.0599 4220 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
08:55:34.0599 4220 ============================================================
08:55:34.0645 4220 C: <-> \Device\Harddisk0\DR0\Partition2
08:55:34.0723 4220 D: <-> \Device\Harddisk0\DR0\Partition3
08:55:34.0739 4220 F: <-> \Device\Harddisk0\DR0\Partition4
08:55:34.0801 4220 ============================================================
08:55:34.0801 4220 Initialize success
08:55:34.0801 4220 ============================================================
08:55:41.0821 3512 ============================================================
08:55:41.0821 3512 Scan started
08:55:41.0821 3512 Mode: Manual;
08:55:41.0821 3512 ============================================================
08:55:42.0523 3512 ================ Scan system memory ========================
08:55:42.0523 3512 System memory - ok
08:55:42.0523 3512 ================ Scan services =============================
08:55:42.0648 3512 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:55:42.0648 3512 !SASCORE - ok
08:55:42.0804 3512 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:55:42.0820 3512 1394ohci - ok
08:55:42.0882 3512 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:55:42.0882 3512 ACPI - ok
08:55:42.0913 3512 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:55:42.0913 3512 AcpiPmi - ok
08:55:43.0038 3512 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:55:43.0054 3512 AdobeFlashPlayerUpdateSvc - ok
08:55:43.0101 3512 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:55:43.0116 3512 adp94xx - ok
08:55:43.0147 3512 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:55:43.0147 3512 adpahci - ok
08:55:43.0163 3512 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:55:43.0163 3512 adpu320 - ok
08:55:43.0194 3512 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:55:43.0194 3512 AeLookupSvc - ok
08:55:43.0272 3512 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
08:55:43.0272 3512 AESTFilters - ok
08:55:43.0350 3512 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:55:43.0381 3512 AFD - ok
08:55:43.0553 3512 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:55:43.0600 3512 agp440 - ok
08:55:43.0615 3512 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:55:43.0615 3512 ALG - ok
08:55:43.0647 3512 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:55:43.0647 3512 aliide - ok
08:55:43.0678 3512 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:55:43.0693 3512 AMD External Events Utility - ok
08:55:43.0709 3512 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:55:43.0709 3512 amdide - ok
08:55:43.0740 3512 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:55:43.0740 3512 AmdK8 - ok
08:55:43.0756 3512 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:55:43.0756 3512 AmdPPM - ok
08:55:43.0787 3512 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:55:43.0787 3512 amdsata - ok
08:55:43.0803 3512 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:55:43.0803 3512 amdsbs - ok
08:55:43.0803 3512 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:55:43.0803 3512 amdxata - ok
08:55:43.0881 3512 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:55:43.0881 3512 AppID - ok
08:55:43.0912 3512 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:55:43.0912 3512 AppIDSvc - ok
08:55:43.0974 3512 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:55:43.0974 3512 Appinfo - ok
08:55:44.0052 3512 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:55:44.0052 3512 Apple Mobile Device - ok
08:55:44.0115 3512 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:55:44.0115 3512 arc - ok
08:55:44.0130 3512 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:55:44.0130 3512 arcsas - ok
08:55:44.0177 3512 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
08:55:44.0177 3512 aswFsBlk - ok
08:55:44.0208 3512 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:55:44.0208 3512 aswMonFlt - ok
08:55:44.0239 3512 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
08:55:44.0239 3512 aswRdr - ok
08:55:44.0286 3512 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:55:44.0286 3512 aswSnx - ok
08:55:44.0333 3512 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:55:44.0349 3512 aswSP - ok
08:55:44.0364 3512 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
08:55:44.0364 3512 aswTdi - ok
08:55:44.0395 3512 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:55:44.0395 3512 AsyncMac - ok
08:55:44.0442 3512 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:55:44.0442 3512 atapi - ok
08:55:44.0505 3512 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
08:55:44.0520 3512 athr - ok
08:55:44.0567 3512 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
08:55:44.0567 3512 AtiHdmiService - ok
08:55:44.0692 3512 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:55:44.0770 3512 atikmdag - ok
08:55:44.0801 3512 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:55:44.0801 3512 AtiPcie - ok
08:55:44.0863 3512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:55:44.0863 3512 AudioEndpointBuilder - ok
08:55:44.0879 3512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:55:44.0879 3512 AudioSrv - ok
08:55:44.0941 3512 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:55:44.0941 3512 avast! Antivirus - ok
08:55:45.0004 3512 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:55:45.0004 3512 AxInstSV - ok
08:55:45.0051 3512 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:55:45.0051 3512 b06bdrv - ok
08:55:45.0097 3512 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:55:45.0097 3512 b57nd60a - ok
08:55:45.0129 3512 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:55:45.0129 3512 BDESVC - ok
08:55:45.0144 3512 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:55:45.0144 3512 Beep - ok
08:55:45.0222 3512 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:55:45.0238 3512 BFE - ok
08:55:45.0331 3512 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:55:45.0347 3512 BITS - ok
08:55:45.0378 3512 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:55:45.0378 3512 blbdrive - ok
08:55:45.0425 3512 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
08:55:45.0425 3512 Bonjour Service - ok
08:55:45.0487 3512 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:55:45.0487 3512 bowser - ok
08:55:45.0503 3512 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:55:45.0503 3512 BrFiltLo - ok
08:55:45.0519 3512 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:55:45.0519 3512 BrFiltUp - ok
08:55:45.0550 3512 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:55:45.0565 3512 BridgeMP - ok
08:55:45.0628 3512 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
08:55:45.0628 3512 Browser - ok
08:55:45.0659 3512 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:55:45.0659 3512 Brserid - ok
08:55:45.0675 3512 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:55:45.0675 3512 BrSerWdm - ok
08:55:45.0690 3512 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:55:45.0690 3512 BrUsbMdm - ok
08:55:45.0690 3512 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:55:45.0706 3512 BrUsbSer - ok
08:55:45.0706 3512 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:55:45.0706 3512 BTHMODEM - ok
08:55:45.0737 3512 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:55:45.0737 3512 bthserv - ok
08:55:45.0753 3512 catchme - ok
08:55:45.0753 3512 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:55:45.0768 3512 cdfs - ok
08:55:45.0831 3512 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:55:45.0831 3512 cdrom - ok
08:55:45.0893 3512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:55:45.0909 3512 CertPropSvc - ok
08:55:45.0924 3512 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:55:45.0924 3512 circlass - ok
08:55:45.0955 3512 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:55:45.0971 3512 CLFS - ok
08:55:46.0033 3512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:55:46.0033 3512 clr_optimization_v2.0.50727_32 - ok
08:55:46.0065 3512 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:55:46.0065 3512 clr_optimization_v2.0.50727_64 - ok
08:55:46.0189 3512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:55:46.0236 3512 clr_optimization_v4.0.30319_32 - ok
08:55:46.0267 3512 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:55:46.0283 3512 clr_optimization_v4.0.30319_64 - ok
08:55:46.0314 3512 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:55:46.0314 3512 CmBatt - ok
08:55:46.0439 3512 [ 825142D1CB2D507DC4EEB8F3316F3B56 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
08:55:46.0486 3512 cmdAgent - ok
08:55:46.0517 3512 [ F5E7E85BCD94A829EEA83819CAB7E4DF ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
08:55:46.0517 3512 cmdGuard - ok
08:55:46.0548 3512 [ 77A022DEDF973E07F13B377B63EE71AA ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
08:55:46.0548 3512 cmdHlp - ok
08:55:46.0595 3512 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:55:46.0595 3512 cmdide - ok
08:55:46.0657 3512 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:55:46.0673 3512 CNG - ok
08:55:46.0704 3512 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:55:46.0720 3512 Com4QLBEx - ok
08:55:46.0735 3512 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:55:46.0751 3512 Compbatt - ok
08:55:46.0813 3512 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:55:46.0829 3512 CompositeBus - ok
08:55:46.0829 3512 COMSysApp - ok
08:55:46.0860 3512 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:55:46.0860 3512 crcdisk - ok
08:55:46.0907 3512 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:55:46.0907 3512 CryptSvc - ok
08:55:46.0969 3512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:55:46.0985 3512 DcomLaunch - ok
08:55:47.0032 3512 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:55:47.0032 3512 defragsvc - ok
08:55:47.0079 3512 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:55:47.0094 3512 DfsC - ok
08:55:47.0094 3512 dgderdrv - ok
08:55:47.0157 3512 [ 388039F99CE8769024EE0438352ACA99 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
08:55:47.0157 3512 dg_ssudbus - ok
08:55:47.0219 3512 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:55:47.0235 3512 Dhcp - ok
08:55:47.0250 3512 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:55:47.0250 3512 discache - ok
08:55:47.0266 3512 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:55:47.0266 3512 Disk - ok
08:55:47.0313 3512 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:55:47.0328 3512 Dnscache - ok
08:55:47.0375 3512 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:55:47.0391 3512 dot3svc - ok
08:55:47.0437 3512 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:55:47.0437 3512 DPS - ok
08:55:47.0469 3512 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:55:47.0469 3512 drmkaud - ok
08:55:47.0547 3512 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:55:47.0578 3512 DXGKrnl - ok
08:55:47.0593 3512 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:55:47.0609 3512 EapHost - ok
08:55:47.0609 3512 easytether - ok
08:55:47.0687 3512 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:55:47.0749 3512 ebdrv - ok
08:55:47.0812 3512 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:55:47.0812 3512 EFS - ok
08:55:47.0890 3512 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:55:47.0905 3512 ehRecvr - ok
08:55:47.0937 3512 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:55:47.0937 3512 ehSched - ok
08:55:47.0983 3512 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:55:47.0983 3512 elxstor - ok
08:55:48.0030 3512 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:55:48.0030 3512 ErrDev - ok
08:55:48.0093 3512 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:55:48.0108 3512 EventSystem - ok
08:55:48.0124 3512 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:55:48.0124 3512 exfat - ok
08:55:48.0155 3512 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:55:48.0155 3512 fastfat - ok
08:55:48.0218 3512 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:55:48.0233 3512 Fax - ok
08:55:48.0249 3512 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:55:48.0249 3512 fdc - ok
08:55:48.0264 3512 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:55:48.0264 3512 fdPHost - ok
08:55:48.0280 3512 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:55:48.0280 3512 FDResPub - ok
08:55:48.0311 3512 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:55:48.0311 3512 FileInfo - ok
08:55:48.0327 3512 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:55:48.0327 3512 Filetrace - ok
08:55:48.0327 3512 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:55:48.0327 3512 flpydisk - ok
08:55:48.0358 3512 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:55:48.0358 3512 FltMgr - ok
08:55:48.0436 3512 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:55:48.0467 3512 FontCache - ok
08:55:48.0530 3512 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:55:48.0530 3512 FontCache3.0.0.0 - ok
08:55:48.0545 3512 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:55:48.0545 3512 FsDepends - ok
08:55:48.0608 3512 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:55:48.0623 3512 Fs_Rec - ok
08:55:48.0686 3512 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:55:48.0686 3512 fvevol - ok
08:55:48.0717 3512 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:55:48.0717 3512 gagp30kx - ok
08:55:48.0764 3512 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:55:48.0764 3512 GEARAspiWDM - ok
08:55:48.0842 3512 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:55:48.0857 3512 gpsvc - ok
08:55:48.0873 3512 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:55:48.0873 3512 hcw85cir - ok
08:55:48.0935 3512 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:55:48.0951 3512 HdAudAddService - ok
08:55:48.0982 3512 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:55:48.0982 3512 HDAudBus - ok
08:55:48.0998 3512 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:55:48.0998 3512 HidBatt - ok
08:55:48.0998 3512 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:55:49.0013 3512 HidBth - ok
08:55:49.0044 3512 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:55:49.0044 3512 HidIr - ok
08:55:49.0060 3512 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:55:49.0060 3512 hidserv - ok
08:55:49.0076 3512 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
08:55:49.0076 3512 HidUsb - ok
08:55:49.0122 3512 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
08:55:49.0122 3512 hitmanpro36 - ok
08:55:49.0169 3512 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:55:49.0185 3512 hkmsvc - ok
08:55:49.0232 3512 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:55:49.0247 3512 HomeGroupListener - ok
08:55:49.0294 3512 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:55:49.0310 3512 HomeGroupProvider - ok
08:55:49.0356 3512 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:55:49.0356 3512 HpqKbFiltr - ok
08:55:49.0388 3512 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:55:49.0403 3512 hpqwmiex - ok
08:55:49.0450 3512 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:55:49.0450 3512 HpSAMD - ok
08:55:49.0512 3512 [ CF44B25AE808765D7308F412AD492DDB ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:55:49.0512 3512 HTCAND64 - ok
08:55:49.0606 3512 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:55:49.0622 3512 HTTP - ok
08:55:49.0668 3512 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:55:49.0668 3512 hwpolicy - ok
08:55:49.0731 3512 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:55:49.0731 3512 i8042prt - ok
08:55:49.0778 3512 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:55:49.0778 3512 iaStorV - ok
08:55:49.0856 3512 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:55:49.0871 3512 idsvc - ok
08:55:50.0043 3512 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:55:50.0136 3512 igfx - ok
08:55:50.0152 3512 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:55:50.0152 3512 iirsp - ok
08:55:50.0214 3512 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:55:50.0246 3512 IKEEXT - ok
08:55:50.0261 3512 [ CD9A470CD342224B2052E37C907426D0 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
08:55:50.0277 3512 inspect - ok
08:55:50.0292 3512 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:55:50.0292 3512 intelide - ok
08:55:50.0324 3512 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:55:50.0339 3512 intelppm - ok
08:55:50.0355 3512 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:55:50.0370 3512 IPBusEnum - ok
08:55:50.0417 3512 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:55:50.0417 3512 IpFilterDriver - ok
08:55:50.0464 3512 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:55:50.0464 3512 IPMIDRV - ok
08:55:50.0480 3512 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:55:50.0480 3512 IPNAT - ok
08:55:50.0542 3512 [ 81826A13598A7FEAA9E391190E9B539A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:55:50.0558 3512 iPod Service - ok
08:55:50.0589 3512 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:55:50.0589 3512 IRENUM - ok
08:55:50.0636 3512 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:55:50.0651 3512 isapnp - ok
08:55:50.0667 3512 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:55:50.0682 3512 iScsiPrt - ok
08:55:50.0698 3512 ISODisk - ok
08:55:50.0729 3512 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:55:50.0729 3512 kbdclass - ok
08:55:50.0745 3512 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:55:50.0760 3512 kbdhid - ok
08:55:50.0776 3512 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:55:50.0776 3512 KeyIso - ok
08:55:50.0823 3512 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:55:50.0838 3512 KSecDD - ok
08:55:50.0885 3512 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:55:50.0901 3512 KSecPkg - ok
08:55:50.0901 3512 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:55:50.0916 3512 ksthunk - ok
08:55:50.0948 3512 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:55:50.0948 3512 KtmRm - ok
08:55:51.0010 3512 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:55:51.0010 3512 LanmanServer - ok
08:55:51.0057 3512 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:55:51.0057 3512 LanmanWorkstation - ok
08:55:51.0088 3512 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:55:51.0104 3512 lltdio - ok
08:55:51.0135 3512 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:55:51.0135 3512 lltdsvc - ok
08:55:51.0150 3512 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:55:51.0166 3512 lmhosts - ok
08:55:51.0197 3512 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:55:51.0197 3512 LSI_FC - ok
08:55:51.0197 3512 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:55:51.0197 3512 LSI_SAS - ok
08:55:51.0213 3512 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:55:51.0213 3512 LSI_SAS2 - ok
08:55:51.0228 3512 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:55:51.0228 3512 LSI_SCSI - ok
08:55:51.0244 3512 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:55:51.0244 3512 luafv - ok
08:55:51.0306 3512 [ BB6F30527EEA0D3F61095A8AFA31E2D6 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
08:55:51.0306 3512 massfilter - ok
08:55:51.0369 3512 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:55:51.0369 3512 MBAMProtector - ok
08:55:51.0447 3512 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:55:51.0447 3512 MBAMScheduler - ok
08:55:51.0525 3512 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:55:51.0540 3512 MBAMService - ok
08:55:51.0587 3512 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:55:51.0587 3512 Mcx2Svc - ok
08:55:51.0618 3512 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:55:51.0618 3512 megasas - ok
08:55:51.0634 3512 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:55:51.0634 3512 MegaSR - ok
08:55:51.0665 3512 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:55:51.0665 3512 MMCSS - ok
08:55:51.0681 3512 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:55:51.0681 3512 Modem - ok
08:55:51.0696 3512 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:55:51.0712 3512 monitor - ok
08:55:51.0728 3512 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:55:51.0743 3512 mouclass - ok
08:55:51.0759 3512 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:55:51.0759 3512 mouhid - ok
08:55:51.0806 3512 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:55:51.0806 3512 mountmgr - ok
08:55:51.0868 3512 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:55:51.0868 3512 MozillaMaintenance - ok
08:55:51.0915 3512 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:55:51.0915 3512 mpio - ok
08:55:51.0946 3512 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:55:51.0946 3512 mpsdrv - ok
08:55:52.0008 3512 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:55:52.0040 3512 MpsSvc - ok
08:55:52.0086 3512 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:55:52.0102 3512 MRxDAV - ok
08:55:52.0149 3512 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:55:52.0164 3512 mrxsmb - ok
08:55:52.0227 3512 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:55:52.0227 3512 mrxsmb10 - ok
08:55:52.0289 3512 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:55:52.0289 3512 mrxsmb20 - ok
08:55:52.0336 3512 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:55:52.0336 3512 msahci - ok
08:55:52.0352 3512 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:55:52.0352 3512 msdsm - ok
08:55:52.0367 3512 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:55:52.0383 3512 MSDTC - ok
08:55:52.0414 3512 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:55:52.0414 3512 Msfs - ok
08:55:52.0430 3512 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:55:52.0430 3512 mshidkmdf - ok
08:55:52.0476 3512 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:55:52.0476 3512 msisadrv - ok
08:55:52.0508 3512 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:55:52.0508 3512 MSiSCSI - ok
08:55:52.0523 3512 msiserver - ok
08:55:52.0539 3512 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:55:52.0539 3512 MSKSSRV - ok
08:55:52.0539 3512 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:55:52.0554 3512 MSPCLOCK - ok
08:55:52.0570 3512 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:55:52.0570 3512 MSPQM - ok
08:55:52.0617 3512 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:55:52.0632 3512 MsRPC - ok
08:55:52.0648 3512 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:55:52.0648 3512 mssmbios - ok
08:55:52.0679 3512 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:55:52.0679 3512 MSTEE - ok
08:55:52.0695 3512 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:55:52.0695 3512 MTConfig - ok
08:55:52.0726 3512 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:55:52.0726 3512 Mup - ok
08:55:52.0773 3512 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:55:52.0788 3512 napagent - ok
08:55:52.0835 3512 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:55:52.0851 3512 NativeWifiP - ok
08:55:52.0882 3512 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:55:52.0913 3512 NDIS - ok
08:55:52.0929 3512 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:55:52.0929 3512 NdisCap - ok
08:55:52.0960 3512 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:55:52.0960 3512 NdisTapi - ok
08:55:53.0007 3512 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:55:53.0007 3512 Ndisuio - ok
08:55:53.0069 3512 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:55:53.0069 3512 NdisWan - ok
08:55:53.0116 3512 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:55:53.0132 3512 NDProxy - ok
08:55:53.0147 3512 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:55:53.0163 3512 NetBIOS - ok
08:55:53.0210 3512 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:55:53.0210 3512 NetBT - ok
08:55:53.0241 3512 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:55:53.0241 3512 Netlogon - ok
08:55:53.0272 3512 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:55:53.0288 3512 Netman - ok
08:55:53.0303 3512 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:55:53.0303 3512 netprofm - ok
08:55:53.0334 3512 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:55:53.0334 3512 NetTcpPortSharing - ok
08:55:53.0475 3512 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
08:55:53.0537 3512 netw5v64 - ok
08:55:53.0553 3512 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:55:53.0553 3512 nfrd960 - ok
08:55:53.0600 3512 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:55:53.0615 3512 NlaSvc - ok
08:55:53.0631 3512 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:55:53.0631 3512 Npfs - ok
08:55:53.0646 3512 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:55:53.0646 3512 nsi - ok
08:55:53.0678 3512 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:55:53.0678 3512 nsiproxy - ok
08:55:53.0771 3512 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:55:53.0787 3512 Ntfs - ok
08:55:53.0802 3512 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:55:53.0802 3512 Null - ok
08:55:53.0880 3512 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:55:53.0880 3512 nvraid - ok
08:55:53.0912 3512 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:55:53.0912 3512 nvstor - ok
08:55:53.0943 3512 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:55:53.0943 3512 nv_agp - ok
08:55:54.0021 3512 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:55:54.0036 3512 odserv - ok
08:55:54.0083 3512 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:55:54.0083 3512 ohci1394 - ok
08:55:54.0114 3512 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:55:54.0114 3512 ose - ok
08:55:54.0161 3512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:55:54.0161 3512 p2pimsvc - ok
08:55:54.0192 3512 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:55:54.0208 3512 p2psvc - ok
08:55:54.0224 3512 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:55:54.0224 3512 Parport - ok
08:55:54.0270 3512 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:55:54.0270 3512 partmgr - ok
08:55:54.0286 3512 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:55:54.0302 3512 PcaSvc - ok
08:55:54.0348 3512 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:55:54.0348 3512 pci - ok
08:55:54.0380 3512 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:55:54.0380 3512 pciide - ok
08:55:54.0395 3512 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:55:54.0395 3512 pcmcia - ok
08:55:54.0411 3512 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:55:54.0411 3512 pcw - ok
08:55:54.0426 3512 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:55:54.0442 3512 PEAUTH - ok
08:55:54.0504 3512 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:55:54.0504 3512 PerfHost - ok
08:55:54.0598 3512 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:55:54.0629 3512 pla - ok
08:55:54.0692 3512 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:55:54.0707 3512 PlugPlay - ok
08:55:54.0738 3512 [ FE74BA87CDAA80AC9261F49167F0608A ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
08:55:54.0738 3512 pneteth - ok
08:55:54.0770 3512 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:55:54.0770 3512 PNRPAutoReg - ok
08:55:54.0801 3512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:55:54.0801 3512 PNRPsvc - ok
08:55:54.0848 3512 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:55:54.0863 3512 PolicyAgent - ok
08:55:54.0894 3512 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:55:54.0894 3512 Power - ok
08:55:54.0926 3512 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:55:54.0926 3512 PptpMiniport - ok
08:55:54.0941 3512 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:55:54.0957 3512 Processor - ok
08:55:55.0004 3512 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:55:55.0004 3512 ProfSvc - ok
08:55:55.0019 3512 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:55:55.0019 3512 ProtectedStorage - ok
08:55:55.0082 3512 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:55:55.0097 3512 Psched - ok
08:55:55.0144 3512 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:55:55.0160 3512 ql2300 - ok
08:55:55.0175 3512 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:55:55.0175 3512 ql40xx - ok
08:55:55.0206 3512 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:55:55.0206 3512 QWAVE - ok
08:55:55.0222 3512 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:55:55.0222 3512 QWAVEdrv - ok
08:55:55.0238 3512 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:55:55.0238 3512 RasAcd - ok
08:55:55.0284 3512 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:55:55.0284 3512 RasAgileVpn - ok
08:55:55.0300 3512 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:55:55.0300 3512 RasAuto - ok
08:55:55.0362 3512 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:55:55.0378 3512 Rasl2tp - ok
08:55:55.0550 3512 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:55:55.0581 3512 RasMan - ok
08:55:55.0612 3512 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:55:55.0628 3512 RasPppoe - ok
08:55:55.0721 3512 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:55:55.0752 3512 RasSstp - ok
08:55:55.0799 3512 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:55:55.0830 3512 rdbss - ok
08:55:55.0862 3512 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:55:55.0862 3512 rdpbus - ok
08:55:55.0955 3512 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:55:55.0986 3512 RDPCDD - ok
08:55:56.0033 3512 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:55:56.0049 3512 RDPENCDD - ok
08:55:56.0080 3512 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:55:56.0080 3512 RDPREFMP - ok
08:55:56.0158 3512 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:55:56.0158 3512 RDPWD - ok
08:55:56.0267 3512 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:55:56.0267 3512 rdyboost - ok
08:55:56.0314 3512 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:55:56.0330 3512 RemoteAccess - ok
08:55:56.0392 3512 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:55:56.0392 3512 RemoteRegistry - ok
08:55:56.0423 3512 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:55:56.0439 3512 RpcEptMapper - ok
08:55:56.0470 3512 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:55:56.0486 3512 RpcLocator - ok
08:55:56.0610 3512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:55:56.0626 3512 RpcSs - ok
08:55:56.0688 3512 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:55:56.0704 3512 rspndr - ok
08:55:56.0735 3512 RSUSBSTOR - ok
08:55:56.0751 3512 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:55:56.0766 3512 RTL8167 - ok
08:55:56.0782 3512 RtsUIR - ok
08:55:56.0813 3512 [ 6C4C1DA569E219D738325FCFDC3543F6 ] S2usbser C:\Windows\system32\DRIVERS\S2usbser.sys
08:55:56.0813 3512 S2usbser - ok
08:55:56.0844 3512 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:55:56.0844 3512 SamSs - ok
08:55:56.0891 3512 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
08:55:56.0891 3512 SASDIFSV - ok
08:55:56.0922 3512 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:55:56.0922 3512 SASKUTIL - ok
08:55:56.0969 3512 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:55:56.0985 3512 sbp2port - ok
08:55:57.0032 3512 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:55:57.0032 3512 SCardSvr - ok
08:55:57.0094 3512 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:55:57.0094 3512 scfilter - ok
08:55:57.0172 3512 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:55:57.0203 3512 Schedule - ok
08:55:57.0250 3512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:55:57.0250 3512 SCPolicySvc - ok
08:55:57.0328 3512 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
08:55:57.0328 3512 sdbus - ok
08:55:57.0375 3512 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:55:57.0390 3512 SDRSVC - ok
08:55:57.0422 3512 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:55:57.0422 3512 secdrv - ok
08:55:57.0484 3512 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:55:57.0484 3512 seclogon - ok
08:55:57.0515 3512 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:55:57.0531 3512 SENS - ok
08:55:57.0546 3512 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:55:57.0562 3512 SensrSvc - ok
08:55:57.0578 3512 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:55:57.0593 3512 Serenum - ok
08:55:57.0609 3512 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:55:57.0609 3512 Serial - ok
08:55:57.0671 3512 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:55:57.0671 3512 sermouse - ok
08:55:57.0765 3512 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:55:57.0765 3512 SessionEnv - ok
08:55:57.0780 3512 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:55:57.0780 3512 sffdisk - ok
08:55:57.0796 3512 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:55:57.0796 3512 sffp_mmc - ok
08:55:57.0812 3512 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:55:57.0812 3512 sffp_sd - ok
08:55:57.0843 3512 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:55:57.0843 3512 sfloppy - ok
08:55:57.0890 3512 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:55:57.0890 3512 SharedAccess - ok
08:55:57.0905 3512 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:55:57.0921 3512 ShellHWDetection - ok
08:55:57.0936 3512 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:55:57.0936 3512 SiSRaid2 - ok
08:55:57.0952 3512 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:55:57.0952 3512 SiSRaid4 - ok
08:55:58.0014 3512 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:55:58.0030 3512 SkypeUpdate - ok
08:55:58.0108 3512 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
08:55:58.0108 3512 SmartDefragDriver - ok
08:55:58.0124 3512 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:55:58.0139 3512 Smb - ok
08:55:58.0186 3512 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:55:58.0186 3512 SNMPTRAP - ok
08:55:58.0217 3512 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:55:58.0217 3512 spldr - ok
08:55:58.0280 3512 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
08:55:58.0280 3512 Spooler - ok
08:55:58.0404 3512 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:55:58.0451 3512 sppsvc - ok
08:55:58.0467 3512 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:55:58.0482 3512 sppuinotify - ok
08:55:58.0545 3512 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
08:55:58.0560 3512 sptd - ok
08:55:58.0607 3512 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:55:58.0623 3512 srv - ok
08:55:58.0685 3512 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:55:58.0685 3512 srv2 - ok
08:55:58.0732 3512 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:55:58.0732 3512 SrvHsfHDA - ok
08:55:58.0763 3512 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:55:58.0779 3512 SrvHsfV92 - ok
08:55:58.0810 3512 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:55:58.0826 3512 SrvHsfWinac - ok
08:55:58.0872 3512 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:55:58.0872 3512 srvnet - ok
08:55:58.0919 3512 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:55:58.0919 3512 SSDPSRV - ok
08:55:58.0935 3512 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:55:58.0935 3512 SstpSvc - ok
08:55:58.0997 3512 [ AD42CA614E086BCADBD53FFFC404AC24 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
08:55:59.0013 3512 ssudmdm - ok
08:55:59.0106 3512 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
08:55:59.0106 3512 STacSV - ok
08:55:59.0138 3512 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:55:59.0138 3512 stexstor - ok
08:55:59.0184 3512 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:55:59.0200 3512 STHDA - ok
08:55:59.0262 3512 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:55:59.0278 3512 stisvc - ok
08:55:59.0309 3512 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:55:59.0309 3512 swenum - ok
08:55:59.0356 3512 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:55:59.0372 3512 swprv - ok
08:55:59.0450 3512 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:55:59.0465 3512 SynTP - ok
08:55:59.0559 3512 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:55:59.0574 3512 SysMain - ok
08:55:59.0637 3512 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:55:59.0637 3512 TabletInputService - ok
08:55:59.0668 3512 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:55:59.0684 3512 TapiSrv - ok
08:55:59.0699 3512 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:55:59.0715 3512 TBS - ok
08:55:59.0840 3512 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:55:59.0855 3512 Tcpip - ok
08:55:59.0902 3512 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:55:59.0918 3512 TCPIP6 - ok
08:55:59.0980 3512 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:55:59.0980 3512 tcpipreg - ok
08:56:00.0214 3512 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:56:00.0214 3512 TDPIPE - ok
08:56:00.0261 3512 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:56:00.0261 3512 TDTCP - ok
08:56:00.0323 3512 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:56:00.0323 3512 tdx - ok
08:56:00.0370 3512 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:56:00.0386 3512 TermDD - ok
08:56:00.0448 3512 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:56:00.0464 3512 TermService - ok
08:56:00.0495 3512 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:56:00.0495 3512 Themes - ok
08:56:00.0510 3512 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:56:00.0510 3512 THREADORDER - ok
08:56:00.0526 3512 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:56:00.0526 3512 TrkWks - ok
08:56:00.0604 3512 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:56:00.0604 3512 TrustedInstaller - ok
08:56:00.0666 3512 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:56:00.0666 3512 tssecsrv - ok
08:56:00.0729 3512 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:56:00.0729 3512 TsUsbFlt - ok
08:56:00.0791 3512 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:56:00.0791 3512 tunnel - ok
08:56:00.0822 3512 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:56:00.0838 3512 uagp35 - ok
08:56:00.0900 3512 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:56:00.0900 3512 udfs - ok
08:56:00.0947 3512 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:56:00.0947 3512 UI0Detect - ok
08:56:00.0978 3512 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:56:00.0978 3512 uliagpkx - ok
08:56:01.0041 3512 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:56:01.0041 3512 umbus - ok
08:56:01.0072 3512 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:56:01.0072 3512 UmPass - ok
08:56:01.0103 3512 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:56:01.0119 3512 upnphost - ok
08:56:01.0150 3512 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:56:01.0150 3512 USBAAPL64 - ok
08:56:01.0166 3512 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:56:01.0166 3512 usbccgp - ok
08:56:01.0166 3512 USBCCID - ok
08:56:01.0197 3512 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:56:01.0197 3512 usbcir - ok
08:56:01.0228 3512 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:56:01.0228 3512 usbehci - ok
08:56:01.0259 3512 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
08:56:01.0259 3512 usbfilter - ok
08:56:01.0275 3512 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:56:01.0275 3512 usbhub - ok
08:56:01.0290 3512 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:56:01.0290 3512 usbohci - ok
08:56:01.0337 3512 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:56:01.0337 3512 usbprint - ok
08:56:01.0384 3512 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:56:01.0400 3512 USBSTOR - ok
08:56:01.0415 3512 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:56:01.0415 3512 usbuhci - ok
08:56:01.0446 3512 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:56:01.0446 3512 usbvideo - ok
08:56:01.0462 3512 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
08:56:01.0478 3512 usb_rndisx - ok
08:56:01.0493 3512 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:56:01.0493 3512 UxSms - ok
08:56:01.0524 3512 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:56:01.0524 3512 VaultSvc - ok
08:56:01.0556 3512 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
08:56:01.0556 3512 VClone - ok
08:56:01.0587 3512 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:56:01.0587 3512 vdrvroot - ok
08:56:01.0649 3512 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:56:01.0665 3512 vds - ok
08:56:01.0696 3512 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:56:01.0696 3512 vga - ok
08:56:01.0712 3512 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:56:01.0712 3512 VgaSave - ok
08:56:01.0758 3512 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:56:01.0774 3512 vhdmp - ok
08:56:01.0821 3512 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:56:01.0836 3512 viaide - ok
08:56:01.0899 3512 [ 63A26AD5494933FE99B1FF3B0660F45A ] vodafone_K380x-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
08:56:01.0914 3512 vodafone_K380x-z_dc_enum - ok
08:56:01.0930 3512 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:56:01.0930 3512 volmgr - ok
08:56:01.0992 3512 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:56:01.0992 3512 volmgrx - ok
08:56:02.0039 3512 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:56:02.0039 3512 volsnap - ok
08:56:02.0070 3512 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:56:02.0070 3512 vsmraid - ok
08:56:02.0164 3512 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:56:02.0180 3512 VSS - ok
08:56:02.0211 3512 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:56:02.0211 3512 vwifibus - ok
08:56:02.0226 3512 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:56:02.0226 3512 vwififlt - ok
08:56:02.0258 3512 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:56:02.0273 3512 W32Time - ok
08:56:02.0289 3512 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:56:02.0289 3512 WacomPen - ok
08:56:02.0351 3512 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:56:02.0351 3512 WANARP - ok
08:56:02.0351 3512 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:56:02.0351 3512 Wanarpv6 - ok
08:56:02.0429 3512 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:56:02.0445 3512 WatAdminSvc - ok
08:56:02.0523 3512 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:56:02.0554 3512 wbengine - ok
08:56:02.0570 3512 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:56:02.0585 3512 WbioSrvc - ok
08:56:02.0632 3512 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:56:02.0648 3512 wcncsvc - ok
08:56:02.0663 3512 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:56:02.0679 3512 WcsPlugInService - ok
08:56:02.0694 3512 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:56:02.0694 3512 Wd - ok
08:56:02.0726 3512 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:56:02.0741 3512 Wdf01000 - ok
08:56:02.0757 3512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:56:02.0757 3512 WdiServiceHost - ok
08:56:02.0772 3512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:56:02.0772 3512 WdiSystemHost - ok
08:56:02.0819 3512 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:56:02.0835 3512 WebClient - ok
08:56:02.0850 3512 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:56:02.0866 3512 Wecsvc - ok
08:56:02.0882 3512 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:56:02.0882 3512 wercplsupport - ok
08:56:02.0913 3512 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:56:02.0913 3512 WerSvc - ok
08:56:02.0944 3512 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:56:02.0944 3512 WfpLwf - ok
08:56:02.0960 3512 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:56:02.0960 3512 WIMMount - ok
08:56:02.0991 3512 WinDefend - ok
08:56:02.0991 3512 WinHttpAutoProxySvc - ok
08:56:03.0038 3512 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:56:03.0038 3512 Winmgmt - ok
08:56:03.0147 3512 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:56:03.0178 3512 WinRM - ok
08:56:03.0256 3512 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:56:03.0256 3512 WinUsb - ok
08:56:03.0287 3512 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:56:03.0303 3512 Wlansvc - ok
08:56:03.0490 3512 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:56:03.0537 3512 wlidsvc - ok
08:56:03.0584 3512 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:56:03.0584 3512 WmiAcpi - ok
08:56:03.0630 3512 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:56:03.0630 3512 wmiApSrv - ok
08:56:03.0662 3512 WMPNetworkSvc - ok
08:56:03.0693 3512 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:56:03.0693 3512 WPCSvc - ok
08:56:03.0755 3512 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:56:03.0755 3512 WPDBusEnum - ok
08:56:03.0786 3512 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:56:03.0786 3512 ws2ifsl - ok
08:56:03.0818 3512 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:56:03.0818 3512 wscsvc - ok
08:56:03.0833 3512 WSearch - ok
08:56:03.0942 3512 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:56:03.0974 3512 wuauserv - ok
08:56:04.0005 3512 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:56:04.0005 3512 WudfPf - ok
08:56:04.0067 3512 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:56:04.0083 3512 WUDFRd - ok
08:56:04.0130 3512 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:56:04.0130 3512 wudfsvc - ok
08:56:04.0176 3512 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:56:04.0176 3512 WwanSvc - ok
08:56:04.0223 3512 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:56:04.0223 3512 yukonw7 - ok
08:56:04.0286 3512 [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
08:56:04.0286 3512 ZTEusbmdm6k - ok
08:56:04.0364 3512 [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
08:56:04.0364 3512 ZTEusbnmea - ok
08:56:04.0395 3512 [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
08:56:04.0410 3512 ZTEusbser6k - ok
08:56:04.0442 3512 [ 8A9E7E6169F92E64D5B5305562E363BB ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
08:56:04.0442 3512 ZTEusbvoice - ok
08:56:04.0457 3512 [ B685EB7AAC37E980E33A84E263D92110 ] ZTEusbwwan C:\Windows\system32\DRIVERS\ZTEusbwwan.sys
08:56:04.0457 3512 ZTEusbwwan - ok
08:56:04.0488 3512 ================ Scan global ===============================
08:56:04.0520 3512 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:56:04.0566 3512 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:56:04.0566 3512 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:56:04.0598 3512 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:56:04.0644 3512 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:56:04.0660 3512 [Global] - ok
08:56:04.0660 3512 ================ Scan MBR ==================================
08:56:04.0676 3512 [ 7D9AB4D37BD50F4B8E37EAB264EDADD4 ] \Device\Harddisk0\DR0
08:56:04.0941 3512 \Device\Harddisk0\DR0 - ok
08:56:04.0941 3512 ================ Scan VBR ==================================
08:56:04.0956 3512 [ 6CE64EE765D9A10C8FFB624CD046F045 ] \Device\Harddisk0\DR0\Partition1
08:56:04.0956 3512 \Device\Harddisk0\DR0\Partition1 - ok
08:56:04.0972 3512 [ BD48B22F5D104CE315DFCC3E7A51526F ] \Device\Harddisk0\DR0\Partition2
08:56:04.0972 3512 \Device\Harddisk0\DR0\Partition2 - ok
08:56:05.0003 3512 [ A8C6F3E0AB946C8290737C13CAE2AF06 ] \Device\Harddisk0\DR0\Partition3
08:56:05.0003 3512 \Device\Harddisk0\DR0\Partition3 - ok
08:56:05.0019 3512 [ C6F439B81D6FD91FE6DBE29FD9111830 ] \Device\Harddisk0\DR0\Partition4
08:56:05.0019 3512 \Device\Harddisk0\DR0\Partition4 - ok
08:56:05.0019 3512 ============================================================
08:56:05.0019 3512 Scan finished
08:56:05.0019 3512 ============================================================
08:56:05.0034 3908 Detected object count: 0
08:56:05.0034 3908 Actual detected object count: 0
08:56:19.0480 1384 Deinitialize success


ASWMBR LOG


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-08 08:57:55
-----------------------------
08:57:55.498 OS Version: Windows x64 6.1.7601 Service Pack 1
08:57:55.498 Number of processors: 2 586 0x602
08:57:55.514 ComputerName: KEV-PC UserName: Work
08:57:57.479 Initialize success
08:57:59.071 AVAST engine defs: 12100702
08:58:45.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:58:45.418 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC72E Size: 305245MB BusType: 11
08:58:45.434 Disk 0 MBR read successfully
08:58:45.434 Disk 0 MBR scan
08:58:45.449 Disk 0 unknown MBR code
08:58:45.465 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:58:45.481 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291309 MB offset 409600
08:58:45.512 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13632 MB offset 597010432
08:58:45.527 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
08:58:45.574 Disk 0 scanning C:\Windows\system32\drivers
08:58:59.536 Service scanning
08:59:24.262 Modules scanning
08:59:24.262 Disk 0 trace - called modules:
08:59:24.824 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:59:24.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80024673f0]
08:59:24.839 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800244e680]
08:59:25.931 AVAST engine scan C:\Windows
08:59:29.597 AVAST engine scan C:\Windows\system32
09:03:26.640 AVAST engine scan C:\Windows\system32\drivers
09:03:39.416 AVAST engine scan C:\Users\Work
09:09:13.508 AVAST engine scan C:\ProgramData
09:10:44.877 Scan finished successfully
09:12:49.933 Disk 0 MBR has been saved successfully to "C:\Users\Work\Desktop\MBR.dat"
09:12:49.933 The log file has been saved successfully to "C:\Users\Work\Desktop\aswMBR.txt"



Eset Results


C:\Users\kev\AppData\Local\{3E49885F-D894-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\kev\AppData\Roaming\Mozilla\Firefox\Profiles\d0649jkj.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined
C:\Users\kev\Downloads\cnet2_Web2BookSetup24_msi.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Work\AppData\Local\{3E49885F-D894-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q63hagxw.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined
C:\Users\Work\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 07:36 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 10:25 AM

MalwareBites report



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Work :: KEV-PC [administrator]

08/10/2012 13:40:23
mbam-log-2012-10-08 (13-40-23).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495071
Time elapsed: 1 hour(s), 13 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox Report


MiniToolBox by Farbar Version: 23-07-2012
Ran by Work (administrator) on 08-10-2012 at 15:01:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : kev-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : F0-7B-CB-66-7B-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8591:2c33:b8cf:bdb5%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.43.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 October 2012 06:58:46
Lease Expires . . . . . . . . . . : 08 October 2012 15:49:36
Default Gateway . . . . . . . . . : 192.168.43.1
DHCP Server . . . . . . . . . . . : 192.168.43.1
DHCPv6 IAID . . . . . . . . . . . : 317750219
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-CD-15-7F-C8-0A-A9-49-8C-4D
DNS Servers . . . . . . . . . . . : 192.168.43.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : C8-0A-A9-49-8C-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{90C61090-E73C-4894-BCED-114026F387C2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A84479FC-259C-43FA-8654-E989293414F6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.43.1

Name: google.com
Addresses: 2a00:1450:4009:803::1005
173.194.34.165
173.194.34.166
173.194.34.167
173.194.34.168
173.194.34.169
173.194.34.174
173.194.34.160
173.194.34.161
173.194.34.162
173.194.34.163
173.194.34.164


Pinging google.com [173.194.34.164] with 32 bytes of data:
Reply from 173.194.34.164: bytes=32 time=603ms TTL=56
Reply from 173.194.34.164: bytes=32 time=695ms TTL=56

Ping statistics for 173.194.34.164:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 603ms, Maximum = 695ms, Average = 649ms
Server: UnKnown
Address: 192.168.43.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=897ms TTL=47
Reply from 98.139.183.24: bytes=32 time=1041ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 897ms, Maximum = 1041ms, Average = 969ms
Server: UnKnown
Address: 192.168.43.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...f0 7b cb 66 7b 48 ......Atheros AR9285 802.11b/g/n WiFi Adapter
10...c8 0a a9 49 8c 4d ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.89 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.43.0 255.255.255.0 On-link 192.168.43.89 281
192.168.43.89 255.255.255.255 On-link 192.168.43.89 281
192.168.43.255 255.255.255.255 On-link 192.168.43.89 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.43.89 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.43.89 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::8591:2c33:b8cf:bdb5/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/08/2012 11:34:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2012 11:13:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/08/2012 11:11:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2012 09:13:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2012 07:19:39 AM) (Source: Application Error) (User: )
Description: Faulting application name: adwcleaner.exe, version: 2.0.0.4, time stamp: 0x4f25baec
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x0002e17a
Faulting process id: 0xdcc
Faulting application start time: 0xadwcleaner.exe0
Faulting application path: adwcleaner.exe1
Faulting module path: adwcleaner.exe2
Report Id: adwcleaner.exe3

Error: (10/08/2012 07:18:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: adwcleaner.exe, version: 2.0.0.4, time stamp: 0x4f25baec
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc00000fd
Fault offset: 0x0002e17a
Faulting process id: 0x968
Faulting application start time: 0xadwcleaner.exe0
Faulting application path: adwcleaner.exe1
Faulting module path: adwcleaner.exe2
Report Id: adwcleaner.exe3

Error: (10/08/2012 06:42:51 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (10/08/2012 06:42:51 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (10/08/2012 06:42:51 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (10/07/2012 10:42:23 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).


System errors:
=============
Error: (10/08/2012 10:26:05 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/08/2012 10:26:05 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/08/2012 07:00:28 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/08/2012 07:00:28 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/08/2012 06:59:20 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ISODisk

Error: (10/08/2012 06:58:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (10/08/2012 06:58:22 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (10/08/2012 06:58:10 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ISODisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/08/2012 06:50:49 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/08/2012 06:48:09 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
1&1 EasyLogin
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AMD USB Filter Driver (Version: 1.0.10.84)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
ATI Catalyst Install Manager (Version: 3.0.732.0)
µTorrent (Version: 3.1.3)
Audacity 1.3.13 (Unicode)
avast! Free Antivirus (Version: 7.0.1466.0)
Bonjour (Version: 2.0.4.0)
Bullzip PDF Printer 7.2.0.1304 (Version: 7.2.0.1304)
CamStudio
Casino at bet365
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full New (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Light (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Common (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0804.2223.38385)
Catalyst Control Center InstallProxy (Version: 2009.0804.2223.38385)
Catalyst Control Center Localization All (Version: 2009.0804.2223.38385)
ccc-core-static (Version: 2009.0804.2223.38385)
ccc-utility64 (Version: 2009.0804.2223.38385)
CCC Help Chinese Standard (Version: 2009.0804.2222.38385)
CCC Help Chinese Traditional (Version: 2009.0804.2222.38385)
CCC Help Czech (Version: 2009.0804.2222.38385)
CCC Help Danish (Version: 2009.0804.2222.38385)
CCC Help Dutch (Version: 2009.0804.2222.38385)
CCC Help English (Version: 2009.0804.2222.38385)
CCC Help Finnish (Version: 2009.0804.2222.38385)
CCC Help French (Version: 2009.0804.2222.38385)
CCC Help German (Version: 2009.0804.2222.38385)
CCC Help Greek (Version: 2009.0804.2222.38385)
CCC Help Hungarian (Version: 2009.0804.2222.38385)
CCC Help Italian (Version: 2009.0804.2222.38385)
CCC Help Japanese (Version: 2009.0804.2222.38385)
CCC Help Korean (Version: 2009.0804.2222.38385)
CCC Help Norwegian (Version: 2009.0804.2222.38385)
CCC Help Polish (Version: 2009.0804.2222.38385)
CCC Help Portuguese (Version: 2009.0804.2222.38385)
CCC Help Russian (Version: 2009.0804.2222.38385)
CCC Help Spanish (Version: 2009.0804.2222.38385)
CCC Help Swedish (Version: 2009.0804.2222.38385)
CCC Help Thai (Version: 2009.0804.2222.38385)
CCC Help Turkish (Version: 2009.0804.2222.38385)
CCleaner (Version: 3.21)
COMODO Internet Security (Version: 5.0.32580.1142)
CyberLink YouCam (Version: 3.0.2201)
D3DX10 (Version: 15.4.2368.0902)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
e - v2.0.2
ESET Online Scanner v3
Feedback Tool (Version: 1.1.0)
Fiddler (Version: 2.4.1.1)
FileZilla Client 3.5.0 (Version: 3.5.0)
Foxit Reader 5.0 (Version: 5.0.2.718)
GIMP 2.8.0 (Version: 2.8.0)
GPL Ghostscript Lite 8.70
HiJackThis (Version: 1.0.0)
HP Customer Experience Enhancements (Version: 6.0.1.1)
HP Quick Launch Buttons (Version: 6.50.7.1)
HP Wireless Assistant (Version: 3.50.9.1)
HTC Driver Installer (Version: 2.0.7.016)
HTC Sync (Version: 2.0.33)
IDT Audio (Version: 1.0.6225.0)
ImgBurn (Version: 2.5.5.0)
ISODisk 1.1
iTunes (Version: 10.2.0.34)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (Version: 6.0.220)
JavaFX 2.1.0 (Version: 2.1.0)
LightScribe System Software (Version: 1.18.8.1)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MKVToolNix 5.5.0 (Version: 5.5.0)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Mp3 My Mp3 3.1 (Version: 3.1)
MSVCRT (Version: 15.4.2862.0708)
NetObjects Fusion 1&1 Edition (Version: 11.0)
NetObjects Fusion Essentials
Notepad++ (Version: 6.1.8)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.69.80.9)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094)
Recovery Manager (Version: 5.5.2202)
S2 Mobile Modem (Version: 1.10.0000)
Samsung Kies (Version: 2.2.0.12014_18)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0)
Skype™ 5.10 (Version: 5.10.116)
Smart Defrag 2 (Version: 2.2)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (Version: 4.0)
Spotify (Version: 0.5.1)
Spotify (Version: 0.8.3.222.g317ab79d)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1108)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
TunerFree MCE (Version: 4.4.5)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 81%
Total physical RAM: 1788.2 MB
Available physical RAM: 328.77 MB
Total Pagefile: 3576.4 MB
Available Pagefile: 1081.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:284.48 GB) (Free:44.3 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.31 GB) (Free:2.2 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\KEV-PC

Administrator Guest kev
Mcx1-KEV-PC Sophie Work

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

01-09-2012 11:45:26 Removed SmartFTP Client
16-09-2012 07:35:48 Scheduled Checkpoint
23-09-2012 23:00:07 Scheduled Checkpoint
01-10-2012 12:05:58 Scheduled Checkpoint
01-10-2012 15:24:35 Installed Java 7 Update 7
07-10-2012 16:49:08 Installed HiJackThis
08-10-2012 06:45:14 avast! Free Antivirus Setup

**** End of log ****

FarBar Report



Farbar Service Scanner Version: 07-10-2012
Ran by Work (administrator) on 08-10-2012 at 15:05:51
Running from "C:\Users\Work\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


AdwareCleaner gets the the end then crashes??




JRT.txt



Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.2 (10.08.2012)
OS: Windows 7 Home Premium x64
Ran by Work on 08/10/2012 at 15:29:23.87
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files:

Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 08/10/2012 at 15:30:03.42
End of Report

Edited by Frustration_, 08 October 2012 - 10:29 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 10:27 AM

Run ADWARE cleaner in safemode and post the log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 12:54 PM

Adware Log



# AdwCleaner v2.004 - Logfile created 10/08/2012 at 18:37:02
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Work - KEV-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Work\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\kev\AppData\Roaming\Mozilla\Firefox\Profiles\d0649jkj.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Sophie\AppData\Roaming\Mozilla\Firefox\Profiles\qdzxczdo.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Work\AppData\Roaming\Mozilla\Firefox\Profiles\q63hagxw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R5].txt - [1285 octets] - [08/10/2012 17:12:37]
AdwCleaner[R6].txt - [1036 octets] - [08/10/2012 18:37:02]

########## EOF - C:\AdwCleaner[R6].txt - [1096 octets] ##########

Rkill log


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/08/2012 06:38:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Work\Downloads\adwcleaner(1).exe (PID: 1924) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/08/2012 06:38:26 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)


Farbar log



Farbar Service Scanner Version: 07-10-2012
Ran by Work (administrator) on 08-10-2012 at 18:47:41
Running from "C:\Users\Work\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Autoruns log



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
X "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "COMODO Internet Security" "COMODO Internet Security" "COMODO" "c:\program files\comodo\comodo internet security\cfp.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
X "Google Desktop Search" "" "" "File not found: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe"
X "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
X "KiesTrayAgent" "Kies TrayAgent Application" "Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\kies\kiestrayagent.exe"
X "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
X "Mobile Connectivity Suite" "Application Launcher" "Teleca Sweden AB" "c:\program files (x86)\htc\htc sync\application launcher\application launcher.exe"
+ "QlbCtrl.exe" "Quick Launch Buttons" " Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe"
X "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "WirelessAssistant" "HP Wireless Assistant Main Program" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
X "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
X "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lsrunonce.exe"
X "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
X "Google Update" "" "" "File not found: C:\Users\Work\AppData\Local\Google\Update\GoogleUpdate.exe"
X "KiesHelper" "Kies" "Samsung" "c:\program files (x86)\samsung\kies\kieshelper.exe"
X "KiesPDLR" "KiesPDLR" "" "c:\program files (x86)\samsung\kies\external\firmwareupdate\kiespdlr.exe"
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
+ "Spotify Web Helper" "" "" "c:\program files (x86)\spotify\data\spotifywebhelper.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Report" "" "" "c:\adwcleaner[s1].txt"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "ANotepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_05.dll"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files (x86)\winrar\rarext64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files (x86)\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Fiddler" "Fiddler" "Telerik" "c:\program files (x86)\fiddler2\fiddler.exe"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Fiddler" "Fiddler" "Telerik" "c:\program files (x86)\fiddler2\fiddler.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\aestsr64.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "cmdAgent" "COMODO Internet Security Helper Service" "COMODO" "c:\program files\comodo\comodo internet security\cmdagent.exe"
+ "Com4QLBEx" "Com for QLB application" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlbex.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys"
+ "aswRdr" "avast! WFP Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr2.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdGuard" "COMODO Internet Security Sandbox Driver" "COMODO" "c:\windows\system32\drivers\cmdguard.sys"
+ "cmdHlp" "COMODO Internet Security Helper Driver" "COMODO" "c:\windows\system32\drivers\cmdhlp.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "dgderdrv" "" "" "File not found: System32\drivers\dgderdrv.sys"
+ "easytether" "" "" "File not found: system32\DRIVERS\easytthr.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hitmanpro36" "HitmanPro 3.6 Support Driver" "" "c:\windows\system32\drivers\hitmanpro36.sys"
+ "HpqKbFiltr" "HpqKbFiltr Keyboard Filter Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\hpqkbfiltr.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HTCAND64" "ADB Interface" "HTC, Corporation" "c:\windows\system32\drivers\androidusb.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "inspect" "COMODO Internet Security Firewall Driver" "COMODO" "c:\windows\system32\drivers\inspect.sys"
+ "ISODisk" "" "" "File not found: C:\Windows\System32\Drivers\ISODisk.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "massfilter" "CDROM Filter" "MBB Incorporated" "c:\windows\system32\drivers\massfilter.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pneteth" "PdaNet Broadband Adapter Driver" "June Fabrics Technology Inc." "c:\windows\system32\drivers\pneteth.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RtsUStor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RtsUIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "S2usbser" "USB Modem/Serial Device Driver" "AMOI Incorporated" "c:\windows\system32\drivers\s2usbser.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SmartDefragDriver" "File driver of SmartDefrag" "" "c:\windows\system32\drivers\smartdefragdriver.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\RtsUCcid.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vodafone_K380x-z_dc_enum" "DC Class Enumerator Driver" "Vodafone" "c:\windows\system32\drivers\vodafone_k380x-z_dc_enum.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
+ "ZTEusbmdm6k" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbmdm6k.sys"
+ "ZTEusbnmea" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbnmea.sys"
+ "ZTEusbser6k" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbser6k.sys"
+ "ZTEusbvoice" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbvoice.sys"
+ "ZTEusbwwan" "USB NDIS Miniport Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbwwan.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "MACSReaderMP3 Filter" "MACSReaderMP3 Filter" "" "c:\program files (x86)\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MusicCity MPEG Splitter" "PCube MPEG Splitter Filter" "© MusicCity" "c:\windows\syswow64\muzmpgsp.ax"
+ "MusicCity OGG Splitter" "OGG Splitter" "© PeeringPortal" "c:\windows\syswow64\muzoggsp.ax"
+ "NEDFilter4Samsung Filter" "MACSReaderMP3 Filter" "L544™ Technology" "c:\program files (x86)\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "P3Audio" "PCube Audio Decoder Filter" "© MusicCity" "c:\windows\syswow64\muzdecode.ax"
+ "P3AudioEffect" "P3AudioEffect Filter" "© MUSICCITY" "c:\windows\syswow64\muzeffect.ax"
+ "P3MP4Splitter" "P3MP4Splitter Filter" "© MusicCity" "c:\windows\syswow64\muzmp4sp.ax"
+ "P3Sourcer" "AOD Sourcer Filter" "Musiccity Co.Ltd." "c:\windows\syswow64\muzaf1.dll"
+ "P3WMTSplitter" "P3WMTSplitter Filter" " © MusicCity" "c:\windows\syswow64\muzwmts.dll"
+ "SelfMusicVideo Dump Filter" "SelfMusicVideo Dump Filter (DShow)" "ENJsoft Corporation" "c:\program files (x86)\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "SpatialStereo Filter" "" "" "c:\windows\syswow64\3daudio.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\Windows\System32\guard64.dll" "COMODO Internet Security" "COMODO" "c:\windows\system32\guard64.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\Windows\SysWOW64\guard32.dll" "COMODO Internet Security" "COMODO" "c:\windows\syswow64\guard32.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Bullzip PDF Print Monitor" "Bullzip PDF Writer" "Bullzip" "c:\windows\system32\bzpdf.dll"
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "PCL hpz3lwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3lwn7.dll"
"C:\Users\Work\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 12:59 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 08 October 2012 - 01:54 PM

Thank you so much for all your help. Quite a process getting rid.

one last question. i have heard that when other people log into different profiles, it can come back again quickly.

is the virus gone from all user profiles?

Thanks again for all your help!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 08 October 2012 - 01:55 PM

Our scanners scans all the user profiles.So yes redirects should be gone from all the accounts

safe surfing.

#13 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 11 October 2012 - 07:41 AM

I think its back again, arrrrrr.

My computer svchost went crazy so i checked out what was running under each one and found this

C:\Users\Work>cd..

C:\Users>cd..

C:\>tasklist -svc

Image Name PID Services
========================= ======== =======================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 344 N/A
csrss.exe 432 N/A
wininit.exe 488 N/A
csrss.exe 512 N/A
services.exe 556 N/A
lsass.exe 572 EFS, KeyIso, SamSs
lsm.exe 580 N/A
winlogon.exe 668 N/A
svchost.exe 748 DcomLaunch, PlugPlay, Power
svchost.exe 844 RpcEptMapper, RpcSs
cmdagent.exe 940 cmdAgent
svchost.exe 988 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, TermService
atiesrxx.exe 368 AMD External Events Utility
svchost.exe 436 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 656 AudioEndpointBuilder, HomeGroupListener
IPBusEnum, Netman, PcaSvc, SysMain, Trk
UxSms, Wlansvc, wudfsvc
stacsv64.exe 928 STacSV
svchost.exe 1276 EventSystem, fdPHost, netprofm, nsi,
WdiServiceHost
svchost.exe 1444 BFE, DPS, MpsSvc, WwanSvc
AvastSvc.exe 1496 avast! Antivirus
spoolsv.exe 1580 Spooler
AESTSr64.exe 1672 AESTFilters
WLIDSVC.EXE 1924 wlidsvc
WLIDSVCM.EXE 2076 N/A
atieclxx.exe 2732 N/A
taskhost.exe 2860 N/A
dwm.exe 2964 N/A
explorer.exe 3056 N/A
SynTPEnh.exe 3032 N/A
sttray64.exe 2492 N/A
SynTPHelper.exe 2828 N/A
cfp.exe 3008 N/A
LightScribeControlPanel.e 3116 N/A
SpotifyWebHelper.exe 3160 N/A
Skype.exe 3168 N/A
QLBCtrl.exe 3312 N/A
HPWAMain.exe 3408 N/A
AvastUI.exe 3416 N/A
jusched.exe 3476 N/A
SearchIndexer.exe 3556 WSearch
hpqWmiEx.exe 3880 hpqwmiex
HpqToaster.exe 3636 N/A
MOM.exe 4228 N/A
CCC.exe 4316 N/A
wmpnetwk.exe 4820 WMPNetworkSvc
svchost.exe 4644 p2pimsvc, p2psvc, PNRPsvc
firefox.exe 4772 N/A
Recorder.exe 3752 N/A
e.exe 4604 N/A
iexplore.exe 1668 N/A
iexplore.exe 4584 N/A
iexplore.exe 2128 N/A
iexplore.exe 3040 N/A
taskmgr.exe 5596 N/A
BetterInstaller.exe 6060 N/A
svchost.exe 3496 FDResPub, FontCache, Mcx2Svc, SSDPSRV,
upnphost
svchost.exe 4300 BITS, CertPropSvc, EapHost, gpsvc,
iphlpsvc, LanmanServer, ProfSvc, Schedu
seclogon, SENS, SessionEnv, Themes,
Winmgmt, wuauserv
perfmon.exe 744 N/A
taskeng.exe 916 N/A
cmd.exe 2208 N/A
conhost.exe 5588 N/A
tasklist.exe 5920 N/A
WmiPrvSE.exe 5896 N/A

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:55 PM

Posted 11 October 2012 - 07:43 AM

Explain to me the exact issue.

#15 Frustration_

Frustration_
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 11 October 2012 - 08:21 AM

Well my computer started running really slow. Crawling along?

I was unsure why so I looked at what was runningn and knowticed betterinstaller.exe (host) running.

Decided to run eset just incase, it has already found 1 virus :-(

Edited by Frustration_, 11 October 2012 - 08:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users