Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plse Help - Multiple Issues: Cannot complete DDS, USB Not Recognized & More


  • Please log in to reply
17 replies to this topic

#1 ND_Fan

ND_Fan

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 11 November 2012 - 11:23 PM

Hello Bleeping Computer. I hope someone can help me please.

I tried to complete the instructions prior to posting a new topic, sorry but I am unable to complete the DDS step 7. It has been hung up for over 1 hr.

Below is my system info and symptoms:

System Info:

* Dell Inspiron 6000
* Windows 7
* 32-bit

Symptoms:

* System is very slow, CPU is running at 100% constantly.
* I ran Spybot Search & Destroy and Malwarebytes full scans...each scan found objects, I "removed" them, rebooted the PC, but symptoms still exist.
* Search engine results redirect to random websites.
* Random ads are being broadcast via audio only (I hear what sounds to be like a commercial or "radio-show" in the background, even when I am not viewing a website).
* I downloaded the Bleeping Computer diagnostic apps to a memory stick from a clean PC.
* The infected PC does not recognize the USB device/memory stick.
* I downloaded the Bleeping Computer diagnostic apps directly to the infected PC.
* I completed Step 6 and successfully ran DeFogger to disable CD Emulation Software.
* I attempted to run DDS, but could not complete it. It remained stuck for over 1 hr.

It appears I'm infected with something pretty nasty. I'd really appreciate someone to help me diagnose and clean my system.

I'm ready for the first step!

Thanks!
ND_Fan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 12 November 2012 - 07:01 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 12 November 2012 - 02:53 PM

narenxp - thank you for the reply.

I attempted to follow your instructions, however I could not complete each step on my infected PC. I tried multiple times to no avail (very frustrating). Below is my report on each step.

1) TDSSkiller
I downloaded it successfully to the infected PC, but could not launch in normal mode. I double-clicked and nothing launched. I attempted again in safe mode with networking and received the following error:
"RJyxANdm.exe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."
I could not advance beyond this step.

2) aswMBR
I downloaded it successfully to the infected PC, but could not launch in normal mode. I double-clicked and nothing launched. I attempted again in safe mode with networking and nothing launched either. I could not advance beyond this step.

3) ESET online scanner
I downloaded it successfully to the infected PC, but could not launch in normal mode. I double-clicked and nothing launched. I attempted again in safe mode with networking and the scan completed after 1.5 hrs. However posting the log was quite challenging since I cannot attach the ESET log to my web email, and my infected PC does not recognize the USB for me to transfer to the memory stick. However I rebooted and tried again in normal mode, but I could only copy/paste the text in my web email (web email crashes when I attempt to attach a file in a new email). Below is the ESET log:

C:\Users\Steve\474cc1d6-5762.exe Win32/Simda.P trojan
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCBDNVYP\37822-15[1].js HTML/ScrInject.B.Gen virus
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR707IWO\4[1].htm HTML/Iframe.B.Gen virus
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9QW8BSJ\ttj[1].js HTML/Iframe.B.Gen virus
C:\Users\Steve\AppData\Local\Temp\3180f5ed-5762.tmp Win32/Simda.P trojan
C:\Users\Steve\AppData\Local\Temp\3F4F8328F2.tmp Win32/Simda.P trojan
Operating memory multiple threats

Looks like I have a bunch of nasty invasions. I hope this log helps inform you of our next step. I'm on standby and will await your next set of instructions.

Thanks!
ND_Fan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 12 November 2012 - 09:00 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#5 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 12 November 2012 - 09:43 PM

narenxp - thank you for the reply.

Below is the ListParts 32-bit log:


ListParts by Farbar Version: 30-10-2012
Ran by Steve (administrator) on 12-11-2012 at 20:37:52
Windows 7 (X86)
Running From: C:\Users\Steve\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 94%
Total physical RAM: 1023.44 MB
Available physical RAM: 61.14 MB
Total Pagefile: 2047.44 MB
Available Pagefile: 742.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.46 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:74.42 GB) (Free:28.42 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 3072 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 74 GB 101 MB
Partition 3 Primary 10 MB 74 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 74 GB Healthy Boot
======================================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
======================================================================================================
****** End Of Log ******


Ready for the next step.

Thanks,
ND_Fan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 12 November 2012 - 10:06 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 13 November 2012 - 12:03 AM.


#7 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 12 November 2012 - 11:58 PM

narenxp - thank you for the reply.

All went well, except I encountered an error on the ESET step. Please see below.


1) TDSSFix

I followed your instructions, it found the rootkit, and I clicked "CURE", and rebooted.

2) TDSSKiller

I followed your instructions, it scanned successfully. Below is the TDSSKiller log:

22:02:52.0703 2936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:02:53.0062 2936 ============================================================
22:02:53.0062 2936 Current date / time: 2012/11/12 22:02:53.0062
22:02:53.0062 2936 SystemInfo:
22:02:53.0062 2936
22:02:53.0062 2936 OS Version: 6.1.7601 ServicePack: 1.0
22:02:53.0062 2936 Product type: Workstation
22:02:53.0062 2936 ComputerName: STEVE-PC
22:02:53.0062 2936 UserName: Steve
22:02:53.0062 2936 Windows directory: C:\Windows
22:02:53.0062 2936 System windows directory: C:\Windows
22:02:53.0062 2936 Processor architecture: Intel x86
22:02:53.0062 2936 Number of processors: 1
22:02:53.0062 2936 Page size: 0x1000
22:02:53.0062 2936 Boot type: Normal boot
22:02:53.0062 2936 ============================================================
22:02:54.0796 2936 BG loaded
22:02:55.0296 2936 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:02:55.0296 2936 ============================================================
22:02:55.0296 2936 \Device\Harddisk0\DR0:
22:02:55.0296 2936 MBR partitions:
22:02:55.0296 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:02:55.0312 2936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94D58B0
22:02:55.0312 2936 ============================================================
22:02:55.0328 2936 C: <-> \Device\Harddisk0\DR0\Partition2
22:02:55.0328 2936 ============================================================
22:02:55.0328 2936 Initialize success
22:02:55.0328 2936 ============================================================
22:03:33.0498 2992 ============================================================
22:03:33.0498 2992 Scan started
22:03:33.0498 2992 Mode: Manual; TDLFS;
22:03:33.0498 2992 ============================================================
22:03:34.0498 2992 ================ Scan system memory ========================
22:03:34.0498 2992 System memory - ok
22:03:34.0513 2992 ================ Scan services =============================
22:03:34.0779 2992 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:03:34.0779 2992 1394ohci - ok
22:03:34.0873 2992 5762 - ok
22:03:34.0966 2992 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:03:34.0982 2992 ACPI - ok
22:03:35.0060 2992 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:03:35.0060 2992 AcpiPmi - ok
22:03:35.0232 2992 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:03:35.0232 2992 AdobeARMservice - ok
22:03:35.0326 2992 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:03:35.0373 2992 adp94xx - ok
22:03:35.0419 2992 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:03:35.0451 2992 adpahci - ok
22:03:35.0482 2992 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:03:35.0498 2992 adpu320 - ok
22:03:35.0544 2992 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:03:35.0544 2992 AeLookupSvc - ok
22:03:35.0625 2992 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:03:35.0641 2992 AFD - ok
22:03:35.0688 2992 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:03:35.0704 2992 agp440 - ok
22:03:35.0735 2992 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:03:35.0750 2992 aic78xx - ok
22:03:35.0813 2992 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:03:35.0813 2992 ALG - ok
22:03:35.0860 2992 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:03:35.0860 2992 aliide - ok
22:03:35.0922 2992 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:03:35.0938 2992 amdagp - ok
22:03:35.0985 2992 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:03:35.0985 2992 amdide - ok
22:03:36.0016 2992 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:03:36.0016 2992 AmdK8 - ok
22:03:36.0047 2992 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:03:36.0047 2992 AmdPPM - ok
22:03:36.0110 2992 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:03:36.0110 2992 amdsata - ok
22:03:36.0157 2992 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:03:36.0172 2992 amdsbs - ok
22:03:36.0204 2992 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:03:36.0204 2992 amdxata - ok
22:03:36.0282 2992 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:03:36.0297 2992 AppID - ok
22:03:36.0344 2992 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:03:36.0344 2992 AppIDSvc - ok
22:03:36.0422 2992 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:03:36.0422 2992 Appinfo - ok
22:03:36.0532 2992 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:03:36.0532 2992 Apple Mobile Device - ok
22:03:36.0625 2992 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:03:36.0625 2992 arc - ok
22:03:36.0657 2992 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:03:36.0657 2992 arcsas - ok
22:03:36.0704 2992 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:36.0704 2992 AsyncMac - ok
22:03:36.0750 2992 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:03:36.0766 2992 atapi - ok
22:03:36.0860 2992 [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:03:36.0907 2992 Ati External Event Utility - ok
22:03:37.0141 2992 [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:03:37.0329 2992 atikmdag - ok
22:03:37.0422 2992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:03:37.0454 2992 AudioEndpointBuilder - ok
22:03:37.0500 2992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:03:37.0516 2992 Audiosrv - ok
22:03:37.0579 2992 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:03:37.0594 2992 AxInstSV - ok
22:03:37.0641 2992 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:03:37.0672 2992 b06bdrv - ok
22:03:37.0719 2992 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:03:37.0719 2992 b57nd60x - ok
22:03:37.0891 2992 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:03:38.0032 2992 BCM43XX - ok
22:03:38.0094 2992 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:03:38.0094 2992 bcm4sbxp - ok
22:03:38.0204 2992 [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
22:03:38.0204 2992 BcmSqlStartupSvc - ok
22:03:38.0266 2992 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:03:38.0282 2992 BDESVC - ok
22:03:38.0313 2992 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:03:38.0313 2992 Beep - ok
22:03:38.0469 2992 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:03:38.0500 2992 BFE - ok
22:03:38.0625 2992 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:03:38.0672 2992 BITS - ok
22:03:38.0719 2992 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:03:38.0719 2992 blbdrive - ok
22:03:38.0891 2992 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:03:38.0922 2992 Bonjour Service - ok
22:03:38.0985 2992 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:03:38.0985 2992 bowser - ok
22:03:39.0032 2992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:03:39.0032 2992 BrFiltLo - ok
22:03:39.0047 2992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:03:39.0047 2992 BrFiltUp - ok
22:03:39.0079 2992 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:03:39.0079 2992 BridgeMP - ok
22:03:39.0157 2992 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:03:39.0157 2992 Browser - ok
22:03:39.0219 2992 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:03:39.0219 2992 Brserid - ok
22:03:39.0250 2992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:03:39.0250 2992 BrSerWdm - ok
22:03:39.0282 2992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:03:39.0282 2992 BrUsbMdm - ok
22:03:39.0297 2992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:03:39.0297 2992 BrUsbSer - ok
22:03:39.0329 2992 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:03:39.0329 2992 BTHMODEM - ok
22:03:39.0391 2992 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:03:39.0391 2992 bthserv - ok
22:03:39.0438 2992 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:03:39.0438 2992 cdfs - ok
22:03:39.0516 2992 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:03:39.0516 2992 cdrom - ok
22:03:39.0579 2992 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:03:39.0579 2992 CertPropSvc - ok
22:03:39.0610 2992 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:03:39.0610 2992 circlass - ok
22:03:39.0660 2992 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:03:39.0660 2992 CLFS - ok
22:03:39.0738 2992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:03:39.0753 2992 clr_optimization_v2.0.50727_32 - ok
22:03:39.0925 2992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:03:39.0972 2992 clr_optimization_v4.0.30319_32 - ok
22:03:40.0003 2992 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:03:40.0003 2992 CmBatt - ok
22:03:40.0066 2992 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:03:40.0066 2992 cmdide - ok
22:03:40.0144 2992 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:03:40.0175 2992 CNG - ok
22:03:40.0253 2992 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:03:40.0253 2992 Compbatt - ok
22:03:40.0332 2992 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:03:40.0332 2992 CompositeBus - ok
22:03:40.0363 2992 COMSysApp - ok
22:03:40.0410 2992 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:03:40.0410 2992 crcdisk - ok
22:03:40.0503 2992 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:03:40.0519 2992 CryptSvc - ok
22:03:40.0628 2992 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:03:40.0644 2992 DcomLaunch - ok
22:03:40.0691 2992 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:03:40.0691 2992 defragsvc - ok
22:03:40.0753 2992 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:03:40.0769 2992 DfsC - ok
22:03:40.0863 2992 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:03:40.0878 2992 Dhcp - ok
22:03:40.0894 2992 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:03:40.0910 2992 discache - ok
22:03:40.0972 2992 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:03:40.0972 2992 Disk - ok
22:03:41.0035 2992 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:03:41.0035 2992 Dnscache - ok
22:03:41.0128 2992 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:03:41.0128 2992 dot3svc - ok
22:03:41.0191 2992 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:03:41.0207 2992 DPS - ok
22:03:41.0253 2992 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:03:41.0253 2992 drmkaud - ok
22:03:41.0363 2992 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:03:41.0410 2992 DXGKrnl - ok
22:03:41.0457 2992 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:03:41.0457 2992 EapHost - ok
22:03:41.0660 2992 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:03:41.0800 2992 ebdrv - ok
22:03:41.0878 2992 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:03:41.0878 2992 EFS - ok
22:03:41.0972 2992 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:03:42.0003 2992 ehRecvr - ok
22:03:42.0066 2992 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:03:42.0082 2992 ehSched - ok
22:03:42.0160 2992 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:03:42.0191 2992 elxstor - ok
22:03:42.0238 2992 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:03:42.0253 2992 ErrDev - ok
22:03:42.0316 2992 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:03:42.0332 2992 EventSystem - ok
22:03:42.0363 2992 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:03:42.0363 2992 exfat - ok
22:03:42.0410 2992 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:03:42.0410 2992 fastfat - ok
22:03:42.0488 2992 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:03:42.0503 2992 Fax - ok
22:03:42.0535 2992 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:03:42.0535 2992 fdc - ok
22:03:42.0582 2992 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:03:42.0582 2992 fdPHost - ok
22:03:42.0613 2992 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:03:42.0628 2992 FDResPub - ok
22:03:42.0644 2992 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:03:42.0644 2992 FileInfo - ok
22:03:42.0675 2992 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:03:42.0675 2992 Filetrace - ok
22:03:42.0691 2992 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:03:42.0707 2992 flpydisk - ok
22:03:42.0738 2992 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:03:42.0738 2992 FltMgr - ok
22:03:42.0832 2992 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:03:42.0878 2992 FontCache - ok
22:03:42.0957 2992 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:03:42.0957 2992 FontCache3.0.0.0 - ok
22:03:43.0019 2992 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:03:43.0019 2992 FsDepends - ok
22:03:43.0082 2992 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:03:43.0082 2992 Fs_Rec - ok
22:03:43.0175 2992 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:03:43.0175 2992 fvevol - ok
22:03:43.0222 2992 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:03:43.0222 2992 gagp30kx - ok
22:03:43.0316 2992 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:03:43.0316 2992 GEARAspiWDM - ok
22:03:43.0410 2992 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:03:43.0441 2992 gpsvc - ok
22:03:43.0597 2992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:03:43.0597 2992 gupdate - ok
22:03:43.0628 2992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:03:43.0628 2992 gupdatem - ok
22:03:43.0738 2992 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:03:43.0738 2992 gusvc - ok
22:03:43.0785 2992 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:03:43.0785 2992 hcw85cir - ok
22:03:43.0847 2992 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:03:43.0863 2992 HDAudBus - ok
22:03:43.0894 2992 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:03:43.0894 2992 HidBatt - ok
22:03:43.0925 2992 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:03:43.0925 2992 HidBth - ok
22:03:43.0972 2992 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:03:43.0972 2992 HidIr - ok
22:03:44.0003 2992 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:03:44.0019 2992 hidserv - ok
22:03:44.0066 2992 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:03:44.0066 2992 HidUsb - ok
22:03:44.0128 2992 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:03:44.0144 2992 hkmsvc - ok
22:03:44.0222 2992 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:03:44.0238 2992 HomeGroupListener - ok
22:03:44.0316 2992 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:03:44.0332 2992 HomeGroupProvider - ok
22:03:44.0410 2992 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:03:44.0410 2992 HpSAMD - ok
22:03:44.0488 2992 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:03:44.0519 2992 HTTP - ok
22:03:44.0597 2992 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:03:44.0597 2992 hwpolicy - ok
22:03:44.0691 2992 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:03:44.0691 2992 i8042prt - ok
22:03:44.0769 2992 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:03:44.0769 2992 iaStorV - ok
22:03:44.0894 2992 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:03:44.0925 2992 idsvc - ok
22:03:44.0972 2992 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:03:44.0972 2992 iirsp - ok
22:03:45.0066 2992 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:03:45.0113 2992 IKEEXT - ok
22:03:45.0191 2992 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:03:45.0191 2992 intelide - ok
22:03:45.0222 2992 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:03:45.0222 2992 intelppm - ok
22:03:45.0363 2992 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:03:45.0363 2992 IntuitUpdateService - ok
22:03:45.0425 2992 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:03:45.0441 2992 IPBusEnum - ok
22:03:45.0472 2992 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:45.0472 2992 IpFilterDriver - ok
22:03:45.0613 2992 [ 4D65A07B795D6674312F879D09AA7663 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
22:03:45.0644 2992 IpHlpSvc - ok
22:03:45.0707 2992 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:03:45.0707 2992 IPMIDRV - ok
22:03:45.0753 2992 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:03:45.0769 2992 IPNAT - ok
22:03:45.0878 2992 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:03:45.0925 2992 iPod Service - ok
22:03:45.0957 2992 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:03:45.0957 2992 IRENUM - ok
22:03:46.0019 2992 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:03:46.0019 2992 isapnp - ok
22:03:46.0097 2992 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:03:46.0113 2992 iScsiPrt - ok
22:03:46.0222 2992 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:03:46.0222 2992 kbdclass - ok
22:03:46.0300 2992 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:03:46.0300 2992 kbdhid - ok
22:03:46.0332 2992 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:03:46.0332 2992 KeyIso - ok
22:03:46.0394 2992 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:03:46.0394 2992 KSecDD - ok
22:03:46.0457 2992 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:03:46.0457 2992 KSecPkg - ok
22:03:46.0503 2992 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:03:46.0519 2992 KtmRm - ok
22:03:46.0597 2992 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:03:46.0597 2992 LanmanServer - ok
22:03:46.0660 2992 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:03:46.0660 2992 LanmanWorkstation - ok
22:03:46.0722 2992 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:03:46.0722 2992 lltdio - ok
22:03:46.0769 2992 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:03:46.0769 2992 lltdsvc - ok
22:03:46.0832 2992 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:03:46.0832 2992 lmhosts - ok
22:03:46.0878 2992 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:03:46.0878 2992 LSI_FC - ok
22:03:46.0910 2992 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:03:46.0925 2992 LSI_SAS - ok
22:03:46.0957 2992 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:03:46.0957 2992 LSI_SAS2 - ok
22:03:46.0988 2992 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:03:46.0988 2992 LSI_SCSI - ok
22:03:47.0019 2992 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:03:47.0019 2992 luafv - ok
22:03:47.0113 2992 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
22:03:47.0113 2992 MBAMSwissArmy - ok
22:03:47.0191 2992 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:03:47.0207 2992 Mcx2Svc - ok
22:03:47.0238 2992 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:03:47.0238 2992 megasas - ok
22:03:47.0285 2992 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:03:47.0285 2992 MegaSR - ok
22:03:47.0410 2992 Microsoft SharePoint Workspace Audit Service - ok
22:03:47.0472 2992 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:03:47.0472 2992 MMCSS - ok
22:03:47.0488 2992 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:03:47.0503 2992 Modem - ok
22:03:47.0550 2992 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:03:47.0550 2992 monitor - ok
22:03:47.0613 2992 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:03:47.0613 2992 mouclass - ok
22:03:47.0644 2992 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:03:47.0644 2992 mouhid - ok
22:03:47.0708 2992 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:03:47.0724 2992 mountmgr - ok
22:03:47.0849 2992 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:03:47.0865 2992 MpFilter - ok
22:03:47.0927 2992 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:03:47.0927 2992 mpio - ok
22:03:48.0162 2992 [ A69630D039C38018689190234F866D77 ] MpKsl41261c73 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DC56EA1-8AED-48D5-8B62-89F86EFAB9AA}\MpKsl41261c73.sys
22:03:48.0162 2992 MpKsl41261c73 - ok
22:03:48.0224 2992 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:03:48.0224 2992 mpsdrv - ok
22:03:48.0318 2992 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:03:48.0349 2992 MpsSvc - ok
22:03:48.0412 2992 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:03:48.0412 2992 MRxDAV - ok
22:03:48.0474 2992 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:48.0490 2992 mrxsmb - ok
22:03:48.0537 2992 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:48.0552 2992 mrxsmb10 - ok
22:03:48.0599 2992 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:48.0599 2992 mrxsmb20 - ok
22:03:48.0630 2992 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:03:48.0630 2992 msahci - ok
22:03:48.0693 2992 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:03:48.0693 2992 msdsm - ok
22:03:48.0740 2992 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:03:48.0740 2992 MSDTC - ok
22:03:48.0802 2992 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:03:48.0802 2992 Msfs - ok
22:03:48.0833 2992 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:03:48.0833 2992 mshidkmdf - ok
22:03:48.0880 2992 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:03:48.0880 2992 msisadrv - ok
22:03:48.0943 2992 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:03:48.0958 2992 MSiSCSI - ok
22:03:48.0958 2992 msiserver - ok
22:03:49.0005 2992 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:03:49.0005 2992 MSKSSRV - ok
22:03:49.0130 2992 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:03:49.0130 2992 MsMpSvc - ok
22:03:49.0177 2992 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:49.0177 2992 MSPCLOCK - ok
22:03:49.0208 2992 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:03:49.0208 2992 MSPQM - ok
22:03:49.0240 2992 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:03:49.0255 2992 MsRPC - ok
22:03:49.0302 2992 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:03:49.0302 2992 mssmbios - ok
22:03:49.0412 2992 MSSQL$MSSMLBIZ - ok
22:03:49.0568 2992 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:03:49.0568 2992 MSSQLServerADHelper100 - ok
22:03:49.0646 2992 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:03:49.0646 2992 MSTEE - ok
22:03:49.0677 2992 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:03:49.0677 2992 MTConfig - ok
22:03:49.0693 2992 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:03:49.0708 2992 Mup - ok
22:03:49.0771 2992 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:03:49.0802 2992 napagent - ok
22:03:49.0880 2992 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:03:49.0896 2992 NativeWifiP - ok
22:03:49.0990 2992 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:03:50.0037 2992 NDIS - ok
22:03:50.0083 2992 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:03:50.0083 2992 NdisCap - ok
22:03:50.0115 2992 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:50.0115 2992 NdisTapi - ok
22:03:50.0177 2992 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:50.0177 2992 Ndisuio - ok
22:03:50.0255 2992 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:50.0271 2992 NdisWan - ok
22:03:50.0318 2992 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:03:50.0318 2992 NDProxy - ok
22:03:50.0365 2992 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:03:50.0365 2992 NetBIOS - ok
22:03:50.0427 2992 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:03:50.0427 2992 NetBT - ok
22:03:50.0474 2992 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:03:50.0474 2992 Netlogon - ok
22:03:50.0537 2992 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:03:50.0552 2992 Netman - ok
22:03:50.0599 2992 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:03:50.0630 2992 netprofm - ok
22:03:50.0711 2992 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:03:50.0714 2992 NetTcpPortSharing - ok
22:03:50.0761 2992 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:03:50.0761 2992 nfrd960 - ok
22:03:50.0839 2992 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:03:50.0855 2992 NisDrv - ok
22:03:50.0933 2992 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:03:50.0964 2992 NisSrv - ok
22:03:51.0042 2992 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:03:51.0042 2992 NlaSvc - ok
22:03:51.0074 2992 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:03:51.0074 2992 Npfs - ok
22:03:51.0121 2992 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:03:51.0121 2992 nsi - ok
22:03:51.0152 2992 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:03:51.0152 2992 nsiproxy - ok
22:03:51.0292 2992 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:03:51.0371 2992 Ntfs - ok
22:03:51.0402 2992 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:03:51.0402 2992 Null - ok
22:03:51.0464 2992 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:03:51.0464 2992 nvraid - ok
22:03:51.0527 2992 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:03:51.0527 2992 nvstor - ok
22:03:51.0589 2992 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:03:51.0605 2992 nv_agp - ok
22:03:51.0652 2992 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:03:51.0652 2992 ohci1394 - ok
22:03:51.0762 2992 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:03:51.0778 2992 ose - ok
22:03:52.0075 2992 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:03:52.0293 2992 osppsvc - ok
22:03:52.0356 2992 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:03:52.0372 2992 p2pimsvc - ok
22:03:52.0418 2992 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:03:52.0434 2992 p2psvc - ok
22:03:52.0481 2992 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:03:52.0481 2992 Parport - ok
22:03:52.0528 2992 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:03:52.0528 2992 partmgr - ok
22:03:52.0575 2992 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:03:52.0575 2992 Parvdm - ok
22:03:52.0606 2992 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:03:52.0622 2992 PcaSvc - ok
22:03:52.0684 2992 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:03:52.0684 2992 pci - ok
22:03:52.0762 2992 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:03:52.0762 2992 pciide - ok
22:03:52.0825 2992 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:03:52.0825 2992 pcmcia - ok
22:03:52.0856 2992 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:03:52.0856 2992 pcw - ok
22:03:52.0903 2992 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:03:52.0934 2992 PEAUTH - ok
22:03:53.0153 2992 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:03:53.0247 2992 pla - ok
22:03:53.0340 2992 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:03:53.0356 2992 PlugPlay - ok
22:03:53.0387 2992 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:03:53.0403 2992 PNRPAutoReg - ok
22:03:53.0418 2992 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:03:53.0434 2992 PNRPsvc - ok
22:03:53.0465 2992 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:03:53.0481 2992 PolicyAgent - ok
22:03:53.0559 2992 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:03:53.0559 2992 Power - ok
22:03:53.0606 2992 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:03:53.0606 2992 PptpMiniport - ok
22:03:53.0653 2992 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:03:53.0653 2992 Processor - ok
22:03:53.0731 2992 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:03:53.0747 2992 ProfSvc - ok
22:03:53.0762 2992 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:03:53.0778 2992 ProtectedStorage - ok
22:03:53.0809 2992 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:03:53.0825 2992 Psched - ok
22:03:53.0934 2992 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:03:53.0997 2992 ql2300 - ok
22:03:54.0028 2992 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:03:54.0028 2992 ql40xx - ok
22:03:54.0090 2992 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:03:54.0090 2992 QWAVE - ok
22:03:54.0137 2992 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:03:54.0137 2992 QWAVEdrv - ok
22:03:54.0168 2992 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:03:54.0168 2992 RasAcd - ok
22:03:54.0215 2992 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:03:54.0215 2992 RasAgileVpn - ok
22:03:54.0247 2992 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:03:54.0247 2992 RasAuto - ok
22:03:54.0278 2992 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:54.0278 2992 Rasl2tp - ok
22:03:54.0356 2992 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:03:54.0387 2992 RasMan - ok
22:03:54.0418 2992 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:54.0418 2992 RasPppoe - ok
22:03:54.0450 2992 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:03:54.0450 2992 RasSstp - ok
22:03:54.0512 2992 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:03:54.0543 2992 rdbss - ok
22:03:54.0606 2992 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:03:54.0606 2992 rdpbus - ok
22:03:54.0653 2992 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:54.0653 2992 RDPCDD - ok
22:03:54.0700 2992 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:03:54.0700 2992 RDPENCDD - ok
22:03:54.0715 2992 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:03:54.0715 2992 RDPREFMP - ok
22:03:54.0793 2992 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:03:54.0793 2992 RDPWD - ok
22:03:54.0887 2992 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:03:54.0903 2992 rdyboost - ok
22:03:54.0950 2992 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:03:54.0950 2992 RemoteAccess - ok
22:03:54.0997 2992 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:03:55.0012 2992 RemoteRegistry - ok
22:03:55.0090 2992 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
22:03:55.0090 2992 RimUsb - ok
22:03:55.0137 2992 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:03:55.0137 2992 RpcEptMapper - ok
22:03:55.0168 2992 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:03:55.0168 2992 RpcLocator - ok
22:03:55.0215 2992 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:03:55.0215 2992 RpcSs - ok
22:03:55.0293 2992 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
22:03:55.0309 2992 RsFx0103 - ok
22:03:55.0372 2992 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:03:55.0387 2992 rspndr - ok
22:03:55.0403 2992 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:03:55.0403 2992 SamSs - ok
22:03:55.0481 2992 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:03:55.0481 2992 sbp2port - ok
22:03:55.0622 2992 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
22:03:55.0700 2992 SBSDWSCService - ok
22:03:55.0747 2992 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:03:55.0762 2992 SCardSvr - ok
22:03:55.0793 2992 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:03:55.0793 2992 scfilter - ok
22:03:55.0887 2992 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:03:55.0918 2992 Schedule - ok
22:03:55.0965 2992 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:03:55.0981 2992 SCPolicySvc - ok
22:03:56.0043 2992 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:03:56.0059 2992 sdbus - ok
22:03:56.0122 2992 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:03:56.0137 2992 SDRSVC - ok
22:03:56.0184 2992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:03:56.0184 2992 secdrv - ok
22:03:56.0215 2992 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:03:56.0215 2992 seclogon - ok
22:03:56.0262 2992 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:03:56.0262 2992 SENS - ok
22:03:56.0309 2992 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:03:56.0309 2992 SensrSvc - ok
22:03:56.0340 2992 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:03:56.0340 2992 Serenum - ok
22:03:56.0372 2992 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:03:56.0372 2992 Serial - ok
22:03:56.0434 2992 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:03:56.0434 2992 sermouse - ok
22:03:56.0497 2992 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:03:56.0497 2992 SessionEnv - ok
22:03:56.0543 2992 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:03:56.0543 2992 sffdisk - ok
22:03:56.0606 2992 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:03:56.0606 2992 sffp_mmc - ok
22:03:56.0637 2992 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:03:56.0637 2992 sffp_sd - ok
22:03:56.0668 2992 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:03:56.0668 2992 sfloppy - ok
22:03:56.0715 2992 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:03:56.0731 2992 SharedAccess - ok
22:03:56.0762 2992 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:03:56.0793 2992 ShellHWDetection - ok
22:03:56.0840 2992 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:03:56.0872 2992 sisagp - ok
22:03:56.0903 2992 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:03:56.0903 2992 SiSRaid2 - ok
22:03:56.0934 2992 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:03:56.0934 2992 SiSRaid4 - ok
22:03:56.0965 2992 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:03:56.0965 2992 Smb - ok
22:03:57.0028 2992 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:03:57.0028 2992 SNMPTRAP - ok
22:03:57.0090 2992 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:03:57.0106 2992 spldr - ok
22:03:57.0153 2992 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:03:57.0184 2992 Spooler - ok
22:03:57.0356 2992 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:03:57.0387 2992 sppsvc - ok
22:03:57.0450 2992 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:03:57.0450 2992 sppuinotify - ok
22:03:57.0528 2992 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
22:03:57.0559 2992 SQLAgent$MSSMLBIZ - ok
22:03:57.0700 2992 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:03:57.0715 2992 SQLBrowser - ok
22:03:57.0793 2992 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:03:57.0793 2992 SQLWriter - ok
22:03:57.0872 2992 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:03:57.0903 2992 srv - ok
22:03:57.0965 2992 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:03:57.0981 2992 srv2 - ok
22:03:58.0028 2992 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:03:58.0028 2992 srvnet - ok
22:03:58.0075 2992 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:03:58.0075 2992 SSDPSRV - ok
22:03:58.0106 2992 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:03:58.0122 2992 SstpSvc - ok
22:03:58.0168 2992 [ 305CC42945A713347F978D78566113F3 ] STAC97 C:\Windows\system32\drivers\STAC97.sys
22:03:58.0184 2992 STAC97 - ok
22:03:58.0215 2992 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:03:58.0231 2992 stexstor - ok
22:03:58.0325 2992 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:03:58.0356 2992 StiSvc - ok
22:03:58.0418 2992 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:03:58.0418 2992 swenum - ok
22:03:58.0450 2992 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:03:58.0481 2992 swprv - ok
22:03:58.0575 2992 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:03:58.0653 2992 SysMain - ok
22:03:58.0700 2992 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:03:58.0715 2992 TabletInputService - ok
22:03:58.0779 2992 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:03:58.0794 2992 TapiSrv - ok
22:03:58.0826 2992 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:03:58.0826 2992 TBS - ok
22:03:58.0966 2992 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:03:59.0013 2992 Tcpip - ok
22:03:59.0091 2992 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:03:59.0123 2992 TCPIP6 - ok
22:03:59.0201 2992 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:03:59.0216 2992 tcpipreg - ok
22:03:59.0279 2992 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:03:59.0279 2992 TDPIPE - ok
22:03:59.0341 2992 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:03:59.0357 2992 TDTCP - ok
22:03:59.0435 2992 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:03:59.0435 2992 tdx - ok
22:03:59.0498 2992 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:03:59.0513 2992 TermDD - ok
22:03:59.0607 2992 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:03:59.0638 2992 TermService - ok
22:03:59.0701 2992 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:03:59.0701 2992 Themes - ok
22:03:59.0732 2992 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:03:59.0732 2992 THREADORDER - ok
22:03:59.0763 2992 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:03:59.0763 2992 TrkWks - ok
22:03:59.0857 2992 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:03:59.0873 2992 TrustedInstaller - ok
22:03:59.0951 2992 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:59.0951 2992 tssecsrv - ok
22:04:00.0044 2992 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:04:00.0044 2992 TsUsbFlt - ok
22:04:00.0138 2992 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:04:00.0138 2992 tunnel - ok
22:04:00.0201 2992 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:04:00.0201 2992 uagp35 - ok
22:04:00.0263 2992 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:04:00.0294 2992 udfs - ok
22:04:00.0341 2992 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:04:00.0357 2992 UI0Detect - ok
22:04:00.0404 2992 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:04:00.0419 2992 uliagpkx - ok
22:04:00.0466 2992 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:04:00.0466 2992 umbus - ok
22:04:00.0498 2992 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:04:00.0498 2992 UmPass - ok
22:04:00.0529 2992 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:04:00.0544 2992 upnphost - ok
22:04:00.0607 2992 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:00.0623 2992 usbccgp - ok
22:04:00.0701 2992 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:04:00.0701 2992 usbcir - ok
22:04:00.0763 2992 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:04:00.0763 2992 usbehci - ok
22:04:00.0810 2992 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:04:00.0810 2992 usbhub - ok
22:04:00.0873 2992 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:04:00.0873 2992 usbohci - ok
22:04:00.0919 2992 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:04:00.0935 2992 usbprint - ok
22:04:00.0982 2992 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:04:00.0998 2992 usbscan - ok
22:04:01.0013 2992 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
22:04:01.0029 2992 USBSTOR - ok
22:04:01.0091 2992 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:01.0091 2992 usbuhci - ok
22:04:01.0138 2992 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:04:01.0138 2992 UxSms - ok
22:04:01.0169 2992 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:04:01.0169 2992 VaultSvc - ok
22:04:01.0232 2992 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:04:01.0232 2992 vdrvroot - ok
22:04:01.0310 2992 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:04:01.0341 2992 vds - ok
22:04:01.0404 2992 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:01.0404 2992 vga - ok
22:04:01.0419 2992 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:04:01.0435 2992 VgaSave - ok
22:04:01.0482 2992 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:04:01.0498 2992 vhdmp - ok
22:04:01.0544 2992 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:04:01.0544 2992 viaagp - ok
22:04:01.0576 2992 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:04:01.0576 2992 ViaC7 - ok
22:04:01.0638 2992 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:04:01.0638 2992 viaide - ok
22:04:01.0701 2992 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:04:01.0716 2992 volmgr - ok
22:04:01.0763 2992 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:04:01.0763 2992 volmgrx - ok
22:04:01.0873 2992 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:04:01.0888 2992 volsnap - ok
22:04:01.0998 2992 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:02.0029 2992 vsmraid - ok
22:04:02.0154 2992 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:04:02.0232 2992 VSS - ok
22:04:02.0279 2992 [ A864E0BFE76383ED7D5FFCA51DCC0D5B ] VSTHWICH C:\Windows\system32\DRIVERS\VSTICH3.SYS
22:04:02.0294 2992 VSTHWICH - ok
22:04:02.0341 2992 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:04:02.0404 2992 VST_DPV - ok
22:04:02.0435 2992 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:04:02.0435 2992 vwifibus - ok
22:04:02.0482 2992 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:04:02.0482 2992 vwififlt - ok
22:04:02.0560 2992 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:04:02.0576 2992 W32Time - ok
22:04:02.0623 2992 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:04:02.0623 2992 WacomPen - ok
22:04:02.0685 2992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:04:02.0685 2992 WANARP - ok
22:04:02.0716 2992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:04:02.0716 2992 Wanarpv6 - ok
22:04:02.0904 2992 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:04:02.0951 2992 WatAdminSvc - ok
22:04:03.0044 2992 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:04:03.0123 2992 wbengine - ok
22:04:03.0154 2992 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:04:03.0169 2992 WbioSrvc - ok
22:04:03.0248 2992 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:04:03.0263 2992 wcncsvc - ok
22:04:03.0294 2992 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:04:03.0294 2992 WcsPlugInService - ok
22:04:03.0341 2992 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:04:03.0341 2992 Wd - ok
22:04:03.0388 2992 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:04:03.0404 2992 Wdf01000 - ok
22:04:03.0435 2992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:04:03.0435 2992 WdiServiceHost - ok
22:04:03.0451 2992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:04:03.0466 2992 WdiSystemHost - ok
22:04:03.0529 2992 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:04:03.0560 2992 WebClient - ok
22:04:03.0623 2992 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:04:03.0638 2992 Wecsvc - ok
22:04:03.0654 2992 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:04:03.0669 2992 wercplsupport - ok
22:04:03.0701 2992 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:04:03.0716 2992 WerSvc - ok
22:04:03.0748 2992 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:03.0748 2992 WfpLwf - ok
22:04:03.0779 2992 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:04:03.0779 2992 WIMMount - ok
22:04:03.0857 2992 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:04:03.0919 2992 winachsf - ok
22:04:04.0060 2992 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:04:04.0091 2992 WinDefend - ok
22:04:04.0138 2992 WinHttpAutoProxySvc - ok
22:04:04.0248 2992 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:04:04.0248 2992 Winmgmt - ok
22:04:04.0373 2992 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:04:04.0451 2992 WinRM - ok
22:04:04.0544 2992 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:04:04.0591 2992 Wlansvc - ok
22:04:04.0654 2992 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:04:04.0669 2992 WmiAcpi - ok
22:04:04.0732 2992 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:04:04.0732 2992 wmiApSrv - ok
22:04:04.0843 2992 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:04:04.0906 2992 WMPNetworkSvc - ok
22:04:04.0921 2992 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:04:04.0937 2992 WPCSvc - ok
22:04:05.0000 2992 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:04:05.0015 2992 WPDBusEnum - ok
22:04:05.0062 2992 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:04:05.0062 2992 ws2ifsl - ok
22:04:05.0109 2992 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:04:05.0109 2992 wscsvc - ok
22:04:05.0125 2992 WSearch - ok
22:04:05.0328 2992 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:04:05.0359 2992 wuauserv - ok
22:04:05.0421 2992 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:04:05.0421 2992 WudfPf - ok
22:04:05.0515 2992 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:05.0515 2992 WUDFRd - ok
22:04:05.0609 2992 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:04:05.0609 2992 wudfsvc - ok
22:04:05.0671 2992 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:04:05.0671 2992 WwanSvc - ok
22:04:05.0796 2992 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:04:05.0843 2992 YahooAUService - ok
22:04:05.0890 2992 ================ Scan global ===============================
22:04:05.0953 2992 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:04:06.0000 2992 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:04:06.0031 2992 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:04:06.0093 2992 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:04:06.0156 2992 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:04:06.0171 2992 [Global] - ok
22:04:06.0171 2992 ================ Scan MBR ==================================
22:04:06.0234 2992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:04:06.0546 2992 \Device\Harddisk0\DR0 - ok
22:04:06.0546 2992 ================ Scan VBR ==================================
22:04:06.0562 2992 [ 29604FEBAF4E38735FEA8DD3C63DEB1D ] \Device\Harddisk0\DR0\Partition1
22:04:06.0562 2992 \Device\Harddisk0\DR0\Partition1 - ok
22:04:06.0609 2992 [ D450459CD8003CB5F529D9666E1E40A7 ] \Device\Harddisk0\DR0\Partition2
22:04:06.0609 2992 \Device\Harddisk0\DR0\Partition2 - ok
22:04:06.0609 2992 ============================================================
22:04:06.0609 2992 Scan finished
22:04:06.0609 2992 ============================================================
22:04:06.0640 3476 Detected object count: 0
22:04:06.0640 3476 Actual detected object count: 0


3) aswMBR

I followed your instructions, it scanned successfully. Below is the aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-12 22:09:45
-----------------------------
22:09:45.247 OS Version: Windows 6.1.7601 Service Pack 1
22:09:45.247 Number of processors: 1 586 0xD08
22:09:45.262 ComputerName: STEVE-PC UserName: Steve
22:10:42.164 Initialize success
22:12:34.351 AVAST engine defs: 12111201
22:13:02.861 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:13:02.876 Disk 0 Vendor: WDC_WD800VE-75HDT1 11.07D11 Size: 76319MB BusType: 3
22:13:02.892 Disk 0 MBR read successfully
22:13:02.908 Disk 0 MBR scan
22:13:03.017 Disk 0 Windows 7 default MBR code
22:13:03.048 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:13:03.142 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76203 MB offset 206848
22:13:03.220 Disk 0 scanning sectors +156270768
22:13:03.392 Disk 0 scanning C:\Windows\system32\drivers
22:13:31.174 Service scanning
22:13:59.500 Service MpKsl41261c73 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DC56EA1-8AED-48D5-8B62-89F86EFAB9AA}\MpKsl41261c73.sys **LOCKED** 32
22:14:39.832 Modules scanning
22:14:51.805 Disk 0 trace - called modules:
22:14:52.383 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
22:14:52.415 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84eff030]
22:14:52.430 3 CLASSPNP.SYS[8723b59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x841a0610]
22:14:53.383 AVAST engine scan C:\Windows
22:14:56.133 AVAST engine scan C:\Windows\system32
22:21:53.195 AVAST engine scan C:\Windows\system32\drivers
22:22:23.131 AVAST engine scan C:\Users\Steve
22:25:04.184 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
22:25:04.356 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"


4) ESET online scanner

I followed your instructions, but I encountered an error upon Initialization:

"Can not get update. Is proxy configured? Note: ESET Online Scanner has already been run on this computer in the past. Only files necessary to the current version will be downloaded."

Ready for the next step.

Thanks,
ND_Fan

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 13 November 2012 - 12:04 AM

Try to run ESET from safemode with networking

Following scans should be run from normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 November 2012 - 12:52 PM

narenxp - thank you for the reply.

All steps went well, the system seems to be performing much better now. Below are my logs.


ESET Scanner Log:

C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.Y trojan
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.AA trojan
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0011.dta Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmasco.AA trojan
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0015.dta Win64/Olmasco.Z trojan
C:\Users\Steve\474cc1d6-5762.exe Win32/Simda.P trojan
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCBDNVYP\37822-15[1].js HTML/ScrInject.B.Gen virus
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR707IWO\4[1].htm HTML/Iframe.B.Gen virus
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9QW8BSJ\ttj[1].js HTML/Iframe.B.Gen virus
C:\Users\Steve\AppData\Local\Temp\3180f5ed-5762.tmp Win32/Simda.P trojan



Malwarebytes Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

11/13/2012 12:40:48 AM
mbam-log-2012-11-13 (08-58-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295397
Time elapsed: 1 hour(s), 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\$RECYCLE.BIN\S-1-5-18\$1c92cf55fbb8c233387e4e2b6ed37bd6\U\00000004.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$1c92cf55fbb8c233387e4e2b6ed37bd6\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$1c92cf55fbb8c233387e4e2b6ed37bd6\U\000000cb.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$1c92cf55fbb8c233387e4e2b6ed37bd6\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$1c92cf55fbb8c233387e4e2b6ed37bd6\U\80000032.@ (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0006.dta (Trojan.TDSS) -> No action taken.
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> No action taken.
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0015.dta (Rootkit.TDSS) -> No action taken.
C:\Users\Steve\Desktop\tdssfix.exe (Heuristics.Shuriken) -> No action taken.

(end)



Mini ToolBox Log:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Steve (administrator) on 13-11-2012 at 09:10:41
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1370 WLAN Mini-PCI Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Steve-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card
Physical Address. . . . . . . . . : 00-16-CE-19-78-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81ae:4062:9eb:4773%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 13, 2012 9:00:55 AM
Lease Expires . . . . . . . . . . : Wednesday, November 14, 2012 9:00:55 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 201332430
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-38-64-42-00-14-22-F0-37-5E
DNS Servers . . . . . . . . . . . : 192.168.2.1
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-14-22-F0-37-5E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A8E02D92-613C-4E34-B874-ABD4D910BB4A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF56B380-3A58-479C-9E65-99E66A1A2BA4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2872:2b3f:bc58:15c3(Preferred)
Link-local IPv6 Address . . . . . : fe80::2872:2b3f:bc58:15c3%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4009:800::1003
74.125.225.70
74.125.225.68
74.125.225.78
74.125.225.65
74.125.225.69
74.125.225.73
74.125.225.67
74.125.225.72
74.125.225.66
74.125.225.64
74.125.225.71


Pinging google.com [74.125.225.70] with 32 bytes of data:
Reply from 74.125.225.70: bytes=32 time=27ms TTL=55
Reply from 74.125.225.70: bytes=32 time=41ms TTL=55

Ping statistics for 74.125.225.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 41ms, Average = 34ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=159ms TTL=51
Reply from 98.139.183.24: bytes=32 time=182ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 159ms, Maximum = 182ms, Average = 170ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 16 ce 19 78 fa ......Dell Wireless 1370 WLAN Mini-PCI Card
10...00 14 22 f0 37 5e ......Broadcom 440x 10/100 Integrated Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.3 286
192.168.2.3 255.255.255.255 On-link 192.168.2.3 286
192.168.2.255 255.255.255.255 On-link 192.168.2.3 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.3 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.3 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:2872:2b3f:bc58:15c3/128
On-link
11 286 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::2872:2b3f:bc58:15c3/128
On-link
11 286 fe80::81ae:4062:9eb:4773/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21630656

Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21630656

Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15953

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15953

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 11:02:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/12/2012 11:00:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/12/2012 09:47:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2046703

Error: (11/12/2012 09:47:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2046703


System errors:
=============
Error: (11/13/2012 09:00:53 AM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (11/13/2012 09:00:35 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/13/2012 09:00:27 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/13/2012 09:00:27 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/13/2012 08:57:06 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (11/13/2012 00:36:26 AM) (Source: Service Control Manager) (User: )
Description: The 5762 service failed to start due to the following error:
%%2

Error: (11/13/2012 00:36:14 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/13/2012 00:36:03 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/13/2012 00:36:03 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/12/2012 11:11:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21630656

Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21630656

Error: (11/13/2012 08:02:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15953

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15953

Error: (11/13/2012 02:01:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2012 11:02:50 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (11/12/2012 11:00:41 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/12/2012 09:47:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2046703

Error: (11/12/2012 09:47:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2046703


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced WindowsCare Personal 2.6.0 (Version: 2.6.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AusLogics Disk Defrag (Version: version 1.4)
Belarc Advisor 7.2
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0)
C-Major Audio (Version: 42xx)
CCleaner (Version: 3.21)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
DTCLookup
ESET Online Scanner v3
Free Window Registry Repair
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Media Player Classic - Home Cinema v1.4.2499.0 (Version: 1.4.2499.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Lync 2010 (Version: 4.0.7577.4109)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2531.0)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (Version: 4.0.11308.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Revo Uninstaller 1.85 (Version: 1.85)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
TurboTax 2010
TurboTax 2010 wiliper (Version: 010.000.1266)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WinPatrol (Version: 25.0.2012.5)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 1023.44 MB
Available physical RAM: 430.5 MB
Total Pagefile: 2047.44 MB
Available Pagefile: 1277.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.72 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.42 GB) (Free:28.3 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE-PC

Administrator Guest Steve

========================= Restore Points ==================================

26-10-2012 03:44:14 Windows Update
30-10-2012 06:44:04 Windows Update
05-11-2012 06:09:22 Windows Update
10-11-2012 04:30:36 Windows Update
11-11-2012 15:43:34 Made by Regsofts

**** End of log ****

Farbar Service Scanner Log:

Farbar Service Scanner Version: 09-11-2012
Ran by Steve (administrator) on 13-11-2012 at 09:35:26
Running from "C:\Users\Steve\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-11 23:23] - [2012-08-22 11:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-09 20:44] - [2012-06-01 22:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




Adware Cleaner Log:

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 09:38:06
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [646 octets] - [13/11/2012 09:38:06]

########## EOF - C:\AdwCleaner[S1].txt - [705 octets] ##########




Junkware Removal Tool Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.6 (11.12.2012)
OS: Windows 7 Home Premium x86
Ran by Steve on Tue 11/13/2012 at 9:48:00.68
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\visi_coupon"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/13/2012 at 9:49:57.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Ready for the next step

Thanks,
ND_Fan

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 13 November 2012 - 08:57 PM

Please run malwarebytes once again and post the clean log

Run ESET scanner again and checkmark REMOVE THREATS option and post the log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 November 2012 - 12:18 AM

narenxp - thank you for the reply.

All steps went well, the system seems to be performing much better now. Below are my logs.

Malwarebytes Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

11/13/2012 8:12:40 PM
mbam-log-2012-11-13 (20-12-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297551
Time elapsed: 1 hour(s), 16 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Scanner Log:


C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.AA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0011.dta Win32/Olmasco.Q trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\12.11.2012_21.53.46\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmasco.AA trojan cleaned by deleting - quarantined
C:\Users\Steve\474cc1d6-5762.exe Win32/Simda.P trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCBDNVYP\37822-15[1].js HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR707IWO\4[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9QW8BSJ\ttj[1].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Steve\AppData\Local\Temp\3180f5ed-5762.tmp Win32/Simda.P trojan cleaned by deleting - quarantined


RKill Log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2012 11:07:53 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/13/2012 11:08:15 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)


Autoruns Log:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "WinPatrol" "WinPatrol System Monitor" "BillP Studios" "c:\program files\billp studios\winpatrol\winpatrol.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "belarc" "Belarc VoilaX Control" "Belarc, Inc." "c:\program files\belarc\advisor\system\bavoilax.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Lync Browser Helper" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "YTNavAssistPlugin Class" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Lync add-on" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2iexp.dll"
"Task Scheduler" "" "" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql10.mssmlbiz\mssql\binn\sqlservr.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdwinsec.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5762" "" "" "File not found: C:\Users\Steve\AppData\Local\Temp\5762.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MpKsl41261c73" "" "" "File not found: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DC56EA1-8AED-48D5-8B62-89F86EFAB9AA}\MpKsl41261c73.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VST_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstich3.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "flishni" "" "" "c:\users\steve\appdata\local\flishni.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Fax Language Monitor1" "Canon Inkjet Fax Driver" "CANON INC." "c:\windows\system32\cnhf1lm.dll"
+ "BJ Language Monitor4" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm4.dll"

Ready for the next step!

Thanks,
ND_Fan

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 14 November 2012 - 12:34 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#13 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 14 November 2012 - 12:58 AM

narenxp - I really appreciate the help.

However before I perform those final steps, I still have an open issue I hope you can assist.

I am still unable to access my memory stick from the USB port on this PC. I rebooted and the USB drive is not recognized in Windows Explorer. My system recognized the memory stick before I was infected.

To experiment, I successfully plugged in my mouse to that same USB port and it worked, so I know the system recognized the mouse successfully from that same USB port. And I am able to access the memory stick from another PC. But for some reason, this PC does not recognize the memory stick/drive from that same USB port.

Any ideas on how to resolve this issue please?

Thanks,
ND_Fan

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:43 PM

Posted 14 November 2012 - 01:26 AM

I would suggest you to connect the memory stick to different PC backup the data and format it.Reconnect the memory stick to your system and see if that helps.

#15 ND_Fan

ND_Fan
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 17 November 2012 - 12:24 AM

Hello narenxp, thanks for the suggestion.

I followed your instructions. I reformatted the memory stick on another PC to NTFS. I tested it on another PC and the memory stick was recognized properly.

However when I inserted the newly reformatted memory stick back to the previously infected PC, it still was not recognized. It recognizes other devices in the USB ports (mouse, keyboard), but for some reason not this memory stick (but it did recognize it peviously before it was infected).

Any other ideas to resolve this final issue please?

Thanks,
ND_Fan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users