Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Google Redirect Virus in IE and Chrome


(!)

WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
05-Jul-2012, 08:28 PM #1
Google Redirect Virus in IE and Chrome
Hello,
I believe I have a Google Redirect Virus. While I primarily use Chrome, my roommate used IE, and has reported redirects as well. I have tried the following programs, to no avail: FixTDDS (found nothing); TDDSKilller (found something, but wouldn't give me the option to "Cure." Later, found nothing); Malwarebytes (found nothing); Microsoft HOSTS fix (no help). In Chrome, I have an extension titled, "Default Extension 1.0" or similar. Trashing/Disabling it prevents redirects, but every time I load Chrome, it reinstalls and reloads. I run Avast!, fully updated, and since this started, it has been blocking things sporadically, but apparently not often enough. I have a feeling that fixing this will involve ComboFix, and I am given to understand that this isn't something I should monkey with without help. While I am not above scorched-earth tactics (reformatting), I would prefer to go through the ComboFix hassle, rather than wiping the slate clean. Perhaps I'll learn something. Thanks for any help you can provide. Here is my HighjackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:09 PM, on 7/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [Illusion Softworks] RunDLL32.exe "C:\Users\Brandon\AppData\Local\Illusion Softworks\pzrrcuec.dll",CheckCTCRCVersion
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-172965747-519820441-4015134259-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-172965747-519820441-4015134259-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12655 bytes

***

And here are is the dds stuff:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Brandon at 19:05:45 on 2012-07-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2007 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Illusion Softworks] RunDLL32.exe "C:\Users\Brandon\AppData\Local\Illusion Softworks\pzrrcuec.dll",CheckCTCRCVersion
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{CC2649B2-04CD-4FA4-9C2A-E6315E629EC2} : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{E0DF5D63-3AB0-4171-A4F7-E221447957E3} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs:
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
mRun-x64: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64:
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-13 44768]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-2 2253120]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-27 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-05 23:19:14 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-05 23:18:10 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-05 23:18:10 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-05 23:17:57 -------- d-----w- C:\Users\Brandon\AppData\Roaming\TestApp
2012-07-05 23:17:57 -------- d-----w- C:\ProgramData\PC Tools
2012-07-05 22:59:33 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 16:37:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 08:02:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-05 08:02:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 02:05:21 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2012-07-05 02:05:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-04 18:38:50 -------- d-----w- C:\Users\Brandon\AppData\Local\Illusion Softworks
2012-07-03 18:15:30 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E4246F7-BF81-4515-85CA-E24D45A24833}\mpengine.dll
2012-06-25 22:00:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 22:00:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 21:59:52 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 21:59:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-13 14:17:57 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-06-13 08:58:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 10:41:22 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-12 10:41:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-07-05 22:59:09 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 19:08:51.64 ===============

Attached file included

Wiffle
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
07-Jul-2012, 11:15 PM #2
It looks like I was mistaken regarding the Default Extension 1.0 thing. That hasn't fixed the problem. I'm still getting redirects after trashing that extension.

Wiffle
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Jul-2012, 10:32 AM #3
Hi Wiffle, my name is Mark and I will be helping you.

Please run the following and post the log.

Please download SystemLook for your operating system from one of the links below and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • Copy and paste everything in the codebox below into the main textfield:
    Code:
    :filefind
    services.exe
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
  • Please copy and paste the contents of that log in your next reply.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
10-Jul-2012, 02:19 PM #4
SystemLook 30.07.11 by jpshortstuff
Log created at 13:17 on 10/07/2012 by Brandon
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Jul-2012, 03:55 PM #5
I appreciate you have already run TDSSKiller but I would like you to run it again following these instructions, just to be certain you have the most up to date version please delete the icon on your desktop and procede as follows. Please then also run aswMBR following the instructions given.


STEP 1
Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.
Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

  • Click the Start Scan button.

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

STEP 2
How to scan & save log:
Please download aswMBR.exe and save it to your Desktop.
  • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • You will be asked if you wish to download the latest Avast Virus Definitions, please select Yes. It may take several minutes to complete.
  • Click the Scan button to start scan.
  • On completion of the scan, click the Save log button and save it to your Desktop.
  • Do not select any Fix options at this time.
  • Copy and paste the contents of that log in your next reply.
-- Important note: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as MBR.dat. Do not delete this file unless advised.
NOTE: Right-click on MBR.dat and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
  • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
  • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
  • When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
10-Jul-2012, 06:53 PM #6
[B]TDSSKiller Log:[B]


17:16:36.0180 3108 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:16:36.0495 3108 ============================================================
17:16:36.0495 3108 Current date / time: 2012/07/10 17:16:36.0495
17:16:36.0495 3108 SystemInfo:
17:16:36.0495 3108
17:16:36.0495 3108 OS Version: 6.1.7601 ServicePack: 1.0
17:16:36.0495 3108 Product type: Workstation
17:16:36.0495 3108 ComputerName: BRANDON-PC
17:16:36.0495 3108 UserName: Brandon
17:16:36.0495 3108 Windows directory: C:\Windows
17:16:36.0495 3108 System windows directory: C:\Windows
17:16:36.0495 3108 Running under WOW64
17:16:36.0495 3108 Processor architecture: Intel x64
17:16:36.0495 3108 Number of processors: 4
17:16:36.0495 3108 Page size: 0x1000
17:16:36.0495 3108 Boot type: Normal boot
17:16:36.0495 3108 ============================================================
17:16:37.0790 3108 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:16:37.0790 3108 Drive \Device\Harddisk1\DR1 - Size: 0x12A2377E00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:37.0820 3108 ============================================================
17:16:37.0820 3108 \Device\Harddisk0\DR0:
17:16:37.0820 3108 MBR partitions:
17:16:37.0820 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:16:37.0820 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
17:16:37.0820 3108 \Device\Harddisk1\DR1:
17:16:37.0840 3108 MBR partitions:
17:16:37.0840 3108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9511B81
17:16:37.0840 3108 ============================================================
17:16:37.0860 3108 C: <-> \Device\Harddisk0\DR0\Partition1
17:16:37.0875 3108 D: <-> \Device\Harddisk1\DR1\Partition0
17:16:37.0885 3108 ============================================================
17:16:37.0885 3108 Initialize success
17:16:37.0885 3108 ============================================================
17:17:16.0815 4860 ============================================================
17:17:16.0815 4860 Scan started
17:17:16.0815 4860 Mode: Manual; SigCheck; TDLFS;
17:17:16.0815 4860 ============================================================
17:17:18.0935 4860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:17:19.0075 4860 1394ohci - ok
17:17:19.0135 4860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:17:19.0170 4860 ACPI - ok
17:17:19.0205 4860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:17:19.0250 4860 AcpiPmi - ok
17:17:19.0365 4860 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:17:19.0385 4860 AdobeARMservice - ok
17:17:19.0515 4860 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:17:19.0535 4860 AdobeFlashPlayerUpdateSvc - ok
17:17:19.0590 4860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:17:19.0615 4860 adp94xx - ok
17:17:19.0640 4860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:17:19.0660 4860 adpahci - ok
17:17:19.0680 4860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:17:19.0695 4860 adpu320 - ok
17:17:19.0715 4860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:17:19.0755 4860 AeLookupSvc - ok
17:17:19.0830 4860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:17:19.0875 4860 AFD - ok
17:17:19.0915 4860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:17:19.0935 4860 agp440 - ok
17:17:19.0950 4860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:17:19.0990 4860 ALG - ok
17:17:20.0005 4860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:17:20.0025 4860 aliide - ok
17:17:20.0030 4860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:17:20.0050 4860 amdide - ok
17:17:20.0070 4860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:17:20.0095 4860 AmdK8 - ok
17:17:20.0115 4860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:17:20.0140 4860 AmdPPM - ok
17:17:20.0175 4860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:17:20.0185 4860 amdsata - ok
17:17:20.0210 4860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:17:20.0225 4860 amdsbs - ok
17:17:20.0235 4860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:17:20.0250 4860 amdxata - ok
17:17:20.0295 4860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:17:20.0365 4860 AppID - ok
17:17:20.0380 4860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:17:20.0435 4860 AppIDSvc - ok
17:17:20.0480 4860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:17:20.0540 4860 Appinfo - ok
17:17:20.0645 4860 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:20.0660 4860 Apple Mobile Device - ok
17:17:20.0705 4860 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:17:20.0740 4860 AppMgmt - ok
17:17:20.0780 4860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:17:20.0800 4860 arc - ok
17:17:20.0815 4860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:17:20.0830 4860 arcsas - ok
17:17:20.0935 4860 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:17:20.0970 4860 aspnet_state - ok
17:17:21.0015 4860 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
17:17:21.0040 4860 aswFsBlk - ok
17:17:21.0070 4860 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
17:17:21.0085 4860 aswMonFlt - ok
17:17:21.0115 4860 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
17:17:21.0125 4860 aswRdr - ok
17:17:21.0165 4860 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
17:17:21.0200 4860 aswSnx - ok
17:17:21.0220 4860 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
17:17:21.0235 4860 aswSP - ok
17:17:21.0240 4860 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
17:17:21.0250 4860 aswTdi - ok
17:17:21.0260 4860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:17:21.0310 4860 AsyncMac - ok
17:17:21.0345 4860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:17:21.0365 4860 atapi - ok
17:17:21.0415 4860 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
17:17:21.0445 4860 atksgt - ok
17:17:21.0515 4860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:17:21.0605 4860 AudioEndpointBuilder - ok
17:17:21.0610 4860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:17:21.0645 4860 AudioSrv - ok
17:17:21.0710 4860 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:17:21.0725 4860 avast! Antivirus - ok
17:17:21.0785 4860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:17:21.0830 4860 AxInstSV - ok
17:17:21.0870 4860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:17:21.0935 4860 b06bdrv - ok
17:17:21.0990 4860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:17:22.0035 4860 b57nd60a - ok
17:17:22.0080 4860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:17:22.0135 4860 BDESVC - ok
17:17:22.0160 4860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:17:22.0205 4860 Beep - ok
17:17:22.0300 4860 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:17:22.0370 4860 BFE - ok
17:17:22.0600 4860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:17:22.0710 4860 BITS - ok
17:17:22.0735 4860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:17:22.0765 4860 blbdrive - ok
17:17:22.0845 4860 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:17:22.0865 4860 Bonjour Service - ok
17:17:22.0885 4860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:17:22.0900 4860 bowser - ok
17:17:22.0915 4860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:17:22.0935 4860 BrFiltLo - ok
17:17:22.0950 4860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:17:22.0970 4860 BrFiltUp - ok
17:17:23.0015 4860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:17:23.0090 4860 Browser - ok
17:17:23.0120 4860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:17:23.0145 4860 Brserid - ok
17:17:23.0160 4860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:17:23.0180 4860 BrSerWdm - ok
17:17:23.0190 4860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:17:23.0215 4860 BrUsbMdm - ok
17:17:23.0220 4860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:17:23.0240 4860 BrUsbSer - ok
17:17:23.0250 4860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:17:23.0285 4860 BTHMODEM - ok
17:17:23.0325 4860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:17:23.0380 4860 bthserv - ok
17:17:23.0410 4860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:17:23.0475 4860 cdfs - ok
17:17:23.0530 4860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:17:23.0565 4860 cdrom - ok
17:17:23.0615 4860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:17:23.0660 4860 CertPropSvc - ok
17:17:23.0675 4860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:17:23.0690 4860 circlass - ok
17:17:23.0715 4860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:17:23.0735 4860 CLFS - ok
17:17:23.0800 4860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:23.0820 4860 clr_optimization_v2.0.50727_32 - ok
17:17:23.0860 4860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:23.0880 4860 clr_optimization_v2.0.50727_64 - ok
17:17:23.0955 4860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:24.0040 4860 clr_optimization_v4.0.30319_32 - ok
17:17:24.0080 4860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:24.0105 4860 clr_optimization_v4.0.30319_64 - ok
17:17:24.0130 4860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:17:24.0160 4860 CmBatt - ok
17:17:24.0205 4860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:17:24.0225 4860 cmdide - ok
17:17:24.0285 4860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:17:24.0355 4860 CNG - ok
17:17:24.0410 4860 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
17:17:24.0425 4860 COMMONFX - ok
17:17:24.0460 4860 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
17:17:24.0490 4860 COMMONFX.DLL - ok
17:17:24.0505 4860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:17:24.0520 4860 Compbatt - ok
17:17:24.0565 4860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:17:24.0600 4860 CompositeBus - ok
17:17:24.0615 4860 COMSysApp - ok
17:17:24.0625 4860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:17:24.0645 4860 crcdisk - ok
17:17:24.0705 4860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:17:24.0725 4860 CryptSvc - ok
17:17:24.0790 4860 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:17:24.0890 4860 CSC - ok
17:17:24.0960 4860 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:17:25.0015 4860 CscService - ok
17:17:25.0055 4860 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
17:17:25.0075 4860 CT20XUT.DLL - ok
17:17:25.0145 4860 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
17:17:25.0180 4860 ctac32k - ok
17:17:25.0225 4860 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
17:17:25.0260 4860 ctaud2k - ok
17:17:25.0325 4860 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
17:17:25.0365 4860 CTAUDFX - ok
17:17:25.0405 4860 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
17:17:25.0430 4860 CTAUDFX.DLL - ok
17:17:25.0450 4860 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
17:17:25.0465 4860 CTEAPSFX.DLL - ok
17:17:25.0505 4860 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
17:17:25.0520 4860 CTEDSPFX.DLL - ok
17:17:25.0545 4860 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
17:17:25.0555 4860 CTEDSPIO.DLL - ok
17:17:25.0585 4860 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
17:17:25.0600 4860 CTEDSPSY.DLL - ok
17:17:25.0615 4860 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
17:17:25.0630 4860 CTERFXFX - ok
17:17:25.0645 4860 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
17:17:25.0655 4860 CTERFXFX.DLL - ok
17:17:25.0735 4860 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
17:17:25.0775 4860 CTEXFIFX.DLL - ok
17:17:25.0855 4860 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
17:17:25.0875 4860 CTHWIUT.DLL - ok
17:17:25.0885 4860 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
17:17:25.0895 4860 ctprxy2k - ok
17:17:25.0935 4860 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
17:17:25.0960 4860 CTSBLFX - ok
17:17:26.0005 4860 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
17:17:26.0035 4860 CTSBLFX.DLL - ok
17:17:26.0055 4860 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
17:17:26.0070 4860 ctsfm2k - ok
17:17:26.0145 4860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:26.0200 4860 DcomLaunch - ok
17:17:26.0240 4860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:17:26.0275 4860 defragsvc - ok
17:17:26.0330 4860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:17:26.0390 4860 DfsC - ok
17:17:26.0455 4860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:17:26.0500 4860 Dhcp - ok
17:17:26.0515 4860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:17:26.0560 4860 discache - ok
17:17:26.0590 4860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:17:26.0615 4860 Disk - ok
17:17:26.0640 4860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:17:26.0675 4860 Dnscache - ok
17:17:26.0725 4860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:17:26.0785 4860 dot3svc - ok
17:17:26.0825 4860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:17:26.0870 4860 DPS - ok
17:17:26.0905 4860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:17:26.0930 4860 drmkaud - ok
17:17:27.0000 4860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:17:27.0030 4860 DXGKrnl - ok
17:17:27.0055 4860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:17:27.0100 4860 EapHost - ok
17:17:27.0275 4860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:17:27.0365 4860 ebdrv - ok
17:17:27.0455 4860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:17:27.0500 4860 EFS - ok
17:17:27.0575 4860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:17:27.0650 4860 ehRecvr - ok
17:17:27.0680 4860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:17:27.0700 4860 ehSched - ok
17:17:27.0760 4860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:17:27.0780 4860 elxstor - ok
17:17:27.0810 4860 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
17:17:27.0825 4860 emupia - ok
17:17:27.0855 4860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:17:27.0880 4860 ErrDev - ok
17:17:27.0930 4860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:17:27.0980 4860 EventSystem - ok
17:17:28.0005 4860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:17:28.0040 4860 exfat - ok
17:17:28.0065 4860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:17:28.0110 4860 fastfat - ok
17:17:28.0190 4860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:17:28.0220 4860 Fax - ok
17:17:28.0235 4860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:17:28.0255 4860 fdc - ok
17:17:28.0270 4860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:17:28.0305 4860 fdPHost - ok
17:17:28.0325 4860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:17:28.0385 4860 FDResPub - ok
17:17:28.0400 4860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:17:28.0415 4860 FileInfo - ok
17:17:28.0425 4860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:17:28.0455 4860 Filetrace - ok
17:17:28.0465 4860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:17:28.0480 4860 flpydisk - ok
17:17:28.0550 4860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:17:28.0575 4860 FltMgr - ok
17:17:28.0665 4860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:17:28.0725 4860 FontCache - ok
17:17:28.0805 4860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:28.0820 4860 FontCache3.0.0.0 - ok
17:17:28.0850 4860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:17:28.0870 4860 FsDepends - ok
17:17:28.0915 4860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:17:28.0925 4860 Fs_Rec - ok
17:17:28.0965 4860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:17:28.0995 4860 fvevol - ok
17:17:29.0035 4860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:17:29.0045 4860 gagp30kx - ok
17:17:29.0105 4860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:17:29.0120 4860 GEARAspiWDM - ok
17:17:29.0200 4860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:17:29.0300 4860 gpsvc - ok
17:17:29.0360 4860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:29.0375 4860 gupdate - ok
17:17:29.0400 4860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:29.0410 4860 gupdatem - ok
17:17:29.0480 4860 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
17:17:29.0520 4860 ha10kx2k - ok
17:17:29.0595 4860 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
17:17:29.0615 4860 hap16v2k - ok
17:17:29.0645 4860 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
17:17:29.0660 4860 hap17v2k - ok
17:17:29.0675 4860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:17:29.0705 4860 hcw85cir - ok
17:17:29.0750 4860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:17:29.0790 4860 HdAudAddService - ok
17:17:29.0845 4860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:17:29.0870 4860 HDAudBus - ok
17:17:29.0885 4860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:17:29.0910 4860 HidBatt - ok
17:17:29.0925 4860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:17:29.0955 4860 HidBth - ok
17:17:29.0965 4860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:17:29.0985 4860 HidIr - ok
17:17:30.0000 4860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:17:30.0050 4860 hidserv - ok
17:17:30.0120 4860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:17:30.0140 4860 HidUsb - ok
17:17:30.0185 4860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:17:30.0240 4860 hkmsvc - ok
17:17:30.0285 4860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:17:30.0320 4860 HomeGroupListener - ok
17:17:30.0365 4860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:17:30.0400 4860 HomeGroupProvider - ok
17:17:30.0480 4860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:17:30.0500 4860 HpSAMD - ok
17:17:30.0580 4860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:17:30.0640 4860 HTTP - ok
17:17:30.0675 4860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:17:30.0695 4860 hwpolicy - ok
17:17:30.0720 4860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:17:30.0735 4860 i8042prt - ok
17:17:30.0775 4860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:17:30.0805 4860 iaStorV - ok
17:17:30.0885 4860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:30.0925 4860 idsvc - ok
17:17:30.0950 4860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:17:30.0960 4860 iirsp - ok
17:17:31.0005 4860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:17:31.0070 4860 IKEEXT - ok
17:17:31.0140 4860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:17:31.0150 4860 intelide - ok
17:17:31.0175 4860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:17:31.0205 4860 intelppm - ok
17:17:31.0235 4860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:17:31.0270 4860 IPBusEnum - ok
17:17:31.0305 4860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:17:31.0350 4860 IpFilterDriver - ok
17:17:31.0405 4860 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:17:31.0470 4860 iphlpsvc - ok
17:17:31.0505 4860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:17:31.0535 4860 IPMIDRV - ok
17:17:31.0550 4860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:17:31.0595 4860 IPNAT - ok
17:17:31.0675 4860 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
17:17:31.0705 4860 iPod Service - ok
17:17:31.0725 4860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:17:31.0755 4860 IRENUM - ok
17:17:31.0765 4860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:17:31.0780 4860 isapnp - ok
17:17:31.0830 4860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:17:31.0845 4860 iScsiPrt - ok
17:17:31.0895 4860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:17:31.0915 4860 kbdclass - ok
17:17:31.0960 4860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:17:31.0990 4860 kbdhid - ok
17:17:32.0030 4860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:32.0045 4860 KeyIso - ok
17:17:32.0060 4860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:17:32.0075 4860 KSecDD - ok
17:17:32.0090 4860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:17:32.0105 4860 KSecPkg - ok
17:17:32.0110 4860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:17:32.0155 4860 ksthunk - ok
17:17:32.0190 4860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:17:32.0265 4860 KtmRm - ok
17:17:32.0310 4860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:17:32.0355 4860 LanmanServer - ok
17:17:32.0400 4860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:17:32.0445 4860 LanmanWorkstation - ok
17:17:32.0495 4860 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
17:17:32.0510 4860 lirsgt - ok
17:17:32.0535 4860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:17:32.0585 4860 lltdio - ok
17:17:32.0775 4860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:17:32.0825 4860 lltdsvc - ok
17:17:32.0845 4860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:17:32.0880 4860 lmhosts - ok
17:17:32.0905 4860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:17:32.0920 4860 LSI_FC - ok
17:17:32.0940 4860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:17:32.0955 4860 LSI_SAS - ok
17:17:32.0970 4860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:17:32.0980 4860 LSI_SAS2 - ok
17:17:33.0000 4860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:17:33.0010 4860 LSI_SCSI - ok
17:17:33.0040 4860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:17:33.0085 4860 luafv - ok
17:17:33.0130 4860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:17:33.0150 4860 MBAMProtector - ok
17:17:33.0240 4860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:17:33.0275 4860 MBAMService - ok
17:17:33.0315 4860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:17:33.0350 4860 Mcx2Svc - ok
17:17:33.0370 4860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:17:33.0380 4860 megasas - ok
17:17:33.0405 4860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:17:33.0425 4860 MegaSR - ok
17:17:33.0465 4860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:33.0500 4860 MMCSS - ok
17:17:33.0520 4860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:17:33.0550 4860 Modem - ok
17:17:33.0595 4860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:17:33.0635 4860 monitor - ok
17:17:33.0680 4860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:17:33.0700 4860 mouclass - ok
17:17:33.0725 4860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:17:33.0750 4860 mouhid - ok
17:17:33.0790 4860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:17:33.0810 4860 mountmgr - ok
17:17:33.0850 4860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:17:33.0865 4860 mpio - ok
17:17:33.0885 4860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:17:33.0920 4860 mpsdrv - ok
17:17:33.0995 4860 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:17:34.0070 4860 MpsSvc - ok
17:17:34.0110 4860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:17:34.0130 4860 MRxDAV - ok
17:17:34.0180 4860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:17:34.0200 4860 mrxsmb - ok
17:17:34.0260 4860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:17:34.0285 4860 mrxsmb10 - ok
17:17:34.0325 4860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:17:34.0345 4860 mrxsmb20 - ok
17:17:34.0395 4860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:17:34.0410 4860 msahci - ok
17:17:34.0455 4860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:17:34.0480 4860 msdsm - ok
17:17:34.0500 4860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:17:34.0520 4860 MSDTC - ok
17:17:34.0560 4860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:17:34.0590 4860 Msfs - ok
17:17:34.0605 4860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:17:34.0655 4860 mshidkmdf - ok
17:17:34.0680 4860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:17:34.0695 4860 msisadrv - ok
17:17:34.0745 4860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:17:34.0815 4860 MSiSCSI - ok
17:17:34.0815 4860 msiserver - ok
17:17:34.0840 4860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:17:34.0875 4860 MSKSSRV - ok
17:17:34.0890 4860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:17:34.0930 4860 MSPCLOCK - ok
17:17:34.0940 4860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:17:34.0980 4860 MSPQM - ok
17:17:35.0035 4860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:17:35.0070 4860 MsRPC - ok
17:17:35.0085 4860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:17:35.0100 4860 mssmbios - ok
17:17:35.0110 4860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:17:35.0150 4860 MSTEE - ok
17:17:35.0165 4860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:17:35.0180 4860 MTConfig - ok
17:17:35.0195 4860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:17:35.0210 4860 Mup - ok
17:17:35.0265 4860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:17:35.0330 4860 napagent - ok
17:17:35.0375 4860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:17:35.0395 4860 NativeWifiP - ok
17:17:35.0445 4860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:17:35.0480 4860 NDIS - ok
17:17:35.0500 4860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:17:35.0555 4860 NdisCap - ok
17:17:35.0580 4860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:17:35.0610 4860 NdisTapi - ok
17:17:35.0650 4860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:17:35.0700 4860 Ndisuio - ok
17:17:35.0740 4860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:17:35.0795 4860 NdisWan - ok
17:17:35.0840 4860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:17:35.0880 4860 NDProxy - ok
17:17:35.0890 4860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:17:35.0935 4860 NetBIOS - ok
17:17:35.0980 4860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:17:36.0080 4860 NetBT - ok
17:17:36.0120 4860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:36.0135 4860 Netlogon - ok
17:17:36.0195 4860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:17:36.0265 4860 Netman - ok
17:17:36.0355 4860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:36.0375 4860 NetMsmqActivator - ok
17:17:36.0380 4860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:36.0390 4860 NetPipeActivator - ok
17:17:36.0425 4860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:17:36.0480 4860 netprofm - ok
17:17:36.0500 4860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:36.0510 4860 NetTcpActivator - ok
17:17:36.0515 4860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:17:36.0525 4860 NetTcpPortSharing - ok
17:17:36.0570 4860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:17:36.0590 4860 nfrd960 - ok
17:17:36.0650 4860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:17:36.0715 4860 NlaSvc - ok
17:17:36.0730 4860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:17:36.0765 4860 Npfs - ok
17:17:36.0770 4860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:17:36.0805 4860 nsi - ok
17:17:36.0820 4860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:17:36.0860 4860 nsiproxy - ok
17:17:36.0965 4860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:17:37.0020 4860 Ntfs - ok
17:17:37.0075 4860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:17:37.0120 4860 Null - ok
17:17:37.0190 4860 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
17:17:37.0210 4860 NVHDA - ok
17:17:37.0655 4860 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:17:37.0995 4860 nvlddmkm - ok
17:17:38.0090 4860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:17:38.0105 4860 nvraid - ok
17:17:38.0125 4860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:17:38.0140 4860 nvstor - ok
17:17:38.0245 4860 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:17:38.0305 4860 nvsvc - ok
17:17:38.0445 4860 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:17:38.0515 4860 nvUpdatusService - ok
17:17:38.0575 4860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:17:38.0595 4860 nv_agp - ok
17:17:38.0635 4860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:17:38.0655 4860 ohci1394 - ok
17:17:38.0685 4860 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
17:17:38.0700 4860 ossrv - ok
17:17:38.0735 4860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:17:38.0765 4860 p2pimsvc - ok
17:17:38.0800 4860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:17:38.0825 4860 p2psvc - ok
17:17:38.0890 4860 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
17:17:38.0920 4860 PAC207 - ok
17:17:38.0955 4860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:17:38.0975 4860 Parport - ok
17:17:39.0025 4860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:17:39.0045 4860 partmgr - ok
17:17:39.0070 4860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:17:39.0100 4860 PcaSvc - ok
17:17:39.0155 4860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:17:39.0175 4860 pci - ok
17:17:39.0195 4860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:17:39.0210 4860 pciide - ok
17:17:39.0240 4860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:17:39.0255 4860 pcmcia - ok
17:17:39.0270 4860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:17:39.0280 4860 pcw - ok
17:17:39.0320 4860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:17:39.0380 4860 PEAUTH - ok
17:17:39.0460 4860 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:17:39.0505 4860 PeerDistSvc - ok
17:17:39.0590 4860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:17:39.0620 4860 PerfHost - ok
17:17:39.0750 4860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:17:39.0800 4860 pla - ok
17:17:39.0870 4860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:17:39.0915 4860 PlugPlay - ok
17:17:39.0925 4860 PnkBstrA - ok
17:17:39.0930 4860 PnkBstrB - ok
17:17:39.0955 4860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:17:39.0970 4860 PNRPAutoReg - ok
17:17:39.0995 4860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:17:40.0010 4860 PNRPsvc - ok
17:17:40.0045 4860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:17:40.0095 4860 PolicyAgent - ok
17:17:40.0130 4860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:17:40.0180 4860 Power - ok
17:17:40.0230 4860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:17:40.0275 4860 PptpMiniport - ok
17:17:40.0305 4860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:17:40.0330 4860 Processor - ok
17:17:40.0380 4860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:17:40.0410 4860 ProfSvc - ok
17:17:40.0445 4860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:40.0460 4860 ProtectedStorage - ok
17:17:40.0505 4860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:17:40.0555 4860 Psched - ok
17:17:40.0635 4860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:17:40.0680 4860 ql2300 - ok
17:17:40.0750 4860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:17:40.0770 4860 ql40xx - ok
17:17:40.0800 4860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:17:40.0835 4860 QWAVE - ok
17:17:40.0850 4860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:17:40.0865 4860 QWAVEdrv - ok
17:17:40.0875 4860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:17:40.0905 4860 RasAcd - ok
17:17:40.0930 4860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:17:40.0965 4860 RasAgileVpn - ok
17:17:40.0980 4860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:17:41.0025 4860 RasAuto - ok
17:17:41.0075 4860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:17:41.0105 4860 Rasl2tp - ok
17:17:41.0160 4860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:17:41.0220 4860 RasMan - ok
17:17:41.0245 4860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:17:41.0285 4860 RasPppoe - ok
17:17:41.0305 4860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:17:41.0350 4860 RasSstp - ok
17:17:41.0400 4860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:17:41.0440 4860 rdbss - ok
17:17:41.0450 4860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:17:41.0470 4860 rdpbus - ok
17:17:41.0490 4860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:17:41.0520 4860 RDPCDD - ok
17:17:41.0570 4860 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:17:41.0590 4860 RDPDR - ok
17:17:41.0605 4860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:17:41.0660 4860 RDPENCDD - ok
17:17:41.0665 4860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:17:41.0695 4860 RDPREFMP - ok
17:17:41.0735 4860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:17:41.0765 4860 RDPWD - ok
17:17:41.0810 4860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:17:41.0830 4860 rdyboost - ok
17:17:41.0850 4860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:17:41.0920 4860 RemoteAccess - ok
17:17:41.0945 4860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:17:41.0980 4860 RemoteRegistry - ok
17:17:42.0015 4860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:17:42.0065 4860 RpcEptMapper - ok
17:17:42.0085 4860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:17:42.0115 4860 RpcLocator - ok
17:17:42.0175 4860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:42.0220 4860 RpcSs - ok
17:17:42.0250 4860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:17:42.0290 4860 rspndr - ok
17:17:42.0345 4860 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:17:42.0385 4860 RTL8167 - ok
17:17:42.0460 4860 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
17:17:42.0490 4860 RTL8192su - ok
17:17:42.0530 4860 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:17:42.0550 4860 s3cap - ok
17:17:42.0590 4860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:42.0610 4860 SamSs - ok
17:17:42.0645 4860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:17:42.0660 4860 sbp2port - ok
17:17:42.0815 4860 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:17:42.0860 4860 SBSDWSCService - ok
17:17:42.0895 4860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:17:42.0955 4860 SCardSvr - ok
17:17:43.0030 4860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:17:43.0095 4860 scfilter - ok
17:17:43.0170 4860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:17:43.0260 4860 Schedule - ok
17:17:43.0300 4860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:17:43.0345 4860 SCPolicySvc - ok
17:17:43.0395 4860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:17:43.0435 4860 SDRSVC - ok
17:17:43.0485 4860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:17:43.0530 4860 secdrv - ok
17:17:43.0565 4860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:17:43.0610 4860 seclogon - ok
17:17:43.0625 4860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:17:43.0695 4860 SENS - ok
17:17:43.0720 4860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:17:43.0735 4860 SensrSvc - ok
17:17:43.0755 4860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:17:43.0790 4860 Serenum - ok
17:17:43.0810 4860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:17:43.0825 4860 Serial - ok
17:17:43.0865 4860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:17:43.0895 4860 sermouse - ok
17:17:43.0950 4860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:17:44.0000 4860 SessionEnv - ok
17:17:44.0040 4860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:17:44.0070 4860 sffdisk - ok
17:17:44.0080 4860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:17:44.0095 4860 sffp_mmc - ok
17:17:44.0110 4860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:17:44.0140 4860 sffp_sd - ok
17:17:44.0150 4860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:17:44.0165 4860 sfloppy - ok
17:17:44.0200 4860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:17:44.0270 4860 SharedAccess - ok
17:17:44.0310 4860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:17:44.0365 4860 ShellHWDetection - ok
17:17:44.0385 4860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:17:44.0400 4860 SiSRaid2 - ok
17:17:44.0415 4860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:17:44.0430 4860 SiSRaid4 - ok
17:17:44.0635 4860 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:17:44.0730 4860 Skype C2C Service - ok
17:17:44.0815 4860 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:17:44.0835 4860 SkypeUpdate - ok
17:17:44.0910 4860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:17:44.0985 4860 Smb - ok
17:17:45.0025 4860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:17:45.0045 4860 SNMPTRAP - ok
17:17:45.0065 4860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:17:45.0080 4860 spldr - ok
17:17:45.0145 4860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:17:45.0190 4860 Spooler - ok
17:17:45.0345 4860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:17:45.0455 4860 sppsvc - ok
17:17:45.0500 4860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:17:45.0535 4860 sppuinotify - ok
17:17:45.0575 4860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:17:45.0610 4860 srv - ok
17:17:45.0645 4860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:17:45.0680 4860 srv2 - ok
17:17:45.0700 4860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:17:45.0730 4860 srvnet - ok
17:17:45.0755 4860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:17:45.0805 4860 SSDPSRV - ok
17:17:45.0820 4860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:17:45.0855 4860 SstpSvc - ok
17:17:45.0900 4860 Steam Client Service - ok
17:17:45.0995 4860 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:17:46.0030 4860 Stereo Service - ok
17:17:46.0055 4860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:17:46.0070 4860 stexstor - ok
17:17:46.0140 4860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:17:46.0185 4860 stisvc - ok
17:17:46.0230 4860 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:17:46.0250 4860 storflt - ok
17:17:46.0280 4860 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:17:46.0320 4860 StorSvc - ok
17:17:46.0335 4860 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:17:46.0355 4860 storvsc - ok
17:17:46.0365 4860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:17:46.0375 4860 swenum - ok
17:17:46.0415 4860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:17:46.0475 4860 swprv - ok
17:17:46.0585 4860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:17:46.0655 4860 SysMain - ok
17:17:46.0755 4860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:17:46.0785 4860 TabletInputService - ok
17:17:46.0835 4860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:17:46.0885 4860 TapiSrv - ok
17:17:46.0895 4860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:17:46.0935 4860 TBS - ok
17:17:47.0055 4860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:17:47.0110 4860 Tcpip - ok
17:17:47.0215 4860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:17:47.0250 4860 TCPIP6 - ok
17:17:47.0315 4860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:17:47.0365 4860 tcpipreg - ok
17:17:47.0380 4860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:17:47.0410 4860 TDPIPE - ok
17:17:47.0440 4860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:17:47.0465 4860 TDTCP - ok
17:17:47.0510 4860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:17:47.0555 4860 tdx - ok
17:17:47.0590 4860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:17:47.0615 4860 TermDD - ok
17:17:47.0675 4860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:17:47.0770 4860 TermService - ok
17:17:47.0800 4860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:17:47.0825 4860 Themes - ok
17:17:47.0850 4860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:47.0880 4860 THREADORDER - ok
17:17:47.0895 4860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:17:47.0945 4860 TrkWks - ok
17:17:47.0985 4860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:17:48.0050 4860 TrustedInstaller - ok
17:17:48.0090 4860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:48.0145 4860 tssecsrv - ok
17:17:48.0210 4860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:17:48.0250 4860 TsUsbFlt - ok
17:17:48.0305 4860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:17:48.0355 4860 tunnel - ok
17:17:48.0375 4860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:17:48.0385 4860 uagp35 - ok
17:17:48.0435 4860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:17:48.0485 4860 udfs - ok
17:17:48.0510 4860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:17:48.0525 4860 UI0Detect - ok
17:17:48.0570 4860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:17:48.0585 4860 uliagpkx - ok
17:17:48.0635 4860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:17:48.0665 4860 umbus - ok
17:17:48.0680 4860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:17:48.0705 4860 UmPass - ok
17:17:48.0750 4860 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:17:48.0775 4860 UmRdpService - ok
17:17:48.0805 4860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:17:48.0860 4860 upnphost - ok
17:17:48.0905 4860 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:17:48.0925 4860 usbaudio - ok
17:17:48.0950 4860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:48.0970 4860 usbccgp - ok
17:17:49.0035 4860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:17:49.0060 4860 usbcir - ok
17:17:49.0085 4860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:17:49.0100 4860 usbehci - ok
17:17:49.0130 4860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:17:49.0160 4860 usbhub - ok
17:17:49.0175 4860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:17:49.0190 4860 usbohci - ok
17:17:49.0215 4860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:17:49.0240 4860 usbprint - ok
17:17:49.0270 4860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:49.0300 4860 USBSTOR - ok
17:17:49.0320 4860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:17:49.0345 4860 usbuhci - ok
17:17:49.0370 4860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:17:49.0405 4860 UxSms - ok
17:17:49.0445 4860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:49.0460 4860 VaultSvc - ok
17:17:49.0515 4860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:17:49.0525 4860 vdrvroot - ok
17:17:49.0585 4860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:17:49.0630 4860 vds - ok
17:17:49.0665 4860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:49.0685 4860 vga - ok
17:17:49.0695 4860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:17:49.0740 4860 VgaSave - ok
17:17:49.0790 4860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:17:49.0805 4860 vhdmp - ok
17:17:49.0820 4860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:17:49.0835 4860 viaide - ok
17:17:49.0885 4860 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:17:49.0900 4860 vmbus - ok
17:17:49.0940 4860 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:17:49.0965 4860 VMBusHID - ok
17:17:49.0985 4860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:17:50.0000 4860 volmgr - ok
17:17:50.0050 4860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:17:50.0070 4860 volmgrx - ok
17:17:50.0090 4860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:17:50.0110 4860 volsnap - ok
17:17:50.0130 4860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:17:50.0145 4860 vsmraid - ok
17:17:50.0240 4860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:17:50.0310 4860 VSS - ok
17:17:50.0390 4860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:17:50.0420 4860 vwifibus - ok
17:17:50.0445 4860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:17:50.0475 4860 vwififlt - ok
17:17:50.0520 4860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:17:50.0565 4860 W32Time - ok
17:17:50.0580 4860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:17:50.0615 4860 WacomPen - ok
17:17:50.0680 4860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:50.0725 4860 WANARP - ok
17:17:50.0735 4860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:50.0765 4860 Wanarpv6 - ok
17:17:50.0855 4860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:17:50.0900 4860 WatAdminSvc - ok
17:17:51.0000 4860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:17:51.0055 4860 wbengine - ok
17:17:51.0145 4860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:17:51.0170 4860 WbioSrvc - ok
17:17:51.0220 4860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:17:51.0270 4860 wcncsvc - ok
17:17:51.0285 4860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:17:51.0305 4860 WcsPlugInService - ok
17:17:51.0335 4860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:17:51.0345 4860 Wd - ok
17:17:51.0390 4860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:17:51.0420 4860 Wdf01000 - ok
17:17:51.0430 4860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:17:51.0465 4860 WdiServiceHost - ok
17:17:51.0470 4860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:17:51.0490 4860 WdiSystemHost - ok
17:17:51.0540 4860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:17:51.0590 4860 WebClient - ok
17:17:51.0610 4860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:17:51.0645 4860 Wecsvc - ok
17:17:51.0660 4860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:17:51.0705 4860 wercplsupport - ok
17:17:51.0730 4860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:17:51.0765 4860 WerSvc - ok
17:17:51.0785 4860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:17:51.0820 4860 WfpLwf - ok
17:17:51.0835 4860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:17:51.0845 4860 WIMMount - ok
17:17:51.0870 4860 WinDefend - ok
17:17:51.0880 4860 WinHttpAutoProxySvc - ok
17:17:51.0940 4860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:17:51.0990 4860 Winmgmt - ok
17:17:52.0105 4860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:17:52.0190 4860 WinRM - ok
17:17:52.0280 4860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:17:52.0305 4860 WinUsb - ok
17:17:52.0360 4860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:17:52.0410 4860 Wlansvc - ok
17:17:52.0595 4860 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:17:52.0675 4860 wlidsvc - ok
17:17:52.0760 4860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:17:52.0785 4860 WmiAcpi - ok
17:17:52.0830 4860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:17:52.0860 4860 wmiApSrv - ok
17:17:52.0895 4860 WMPNetworkSvc - ok
17:17:52.0915 4860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:17:52.0940 4860 WPCSvc - ok
17:17:53.0005 4860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:17:53.0030 4860 WPDBusEnum - ok
17:17:53.0055 4860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:17:53.0090 4860 ws2ifsl - ok
17:17:53.0105 4860 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:17:53.0135 4860 wscsvc - ok
17:17:53.0140 4860 WSearch - ok
17:17:53.0270 4860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:17:53.0365 4860 wuauserv - ok
17:17:53.0460 4860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:17:53.0525 4860 WudfPf - ok
17:17:53.0560 4860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:53.0610 4860 WUDFRd - ok
17:17:53.0635 4860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:17:53.0670 4860 wudfsvc - ok
17:17:53.0695 4860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:17:53.0750 4860 WwanSvc - ok
17:17:53.0780 4860 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:17:53.0805 4860 xusb21 - ok
17:17:53.0840 4860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:17:54.0080 4860 \Device\Harddisk0\DR0 - ok
17:17:54.0085 4860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:17:54.0245 4860 \Device\Harddisk1\DR1 - ok
17:17:54.0245 4860 Boot (0x1200) (95391c7d0cba21cd48cdb5d515feb5d6) \Device\Harddisk0\DR0\Partition0
17:17:54.0250 4860 \Device\Harddisk0\DR0\Partition0 - ok
17:17:54.0260 4860 Boot (0x1200) (65d57889e5a2443fae5ad1e651be8827) \Device\Harddisk0\DR0\Partition1
17:17:54.0260 4860 \Device\Harddisk0\DR0\Partition1 - ok
17:17:54.0265 4860 Boot (0x1200) (c1a34a5925661029008a3bec2338ed54) \Device\Harddisk1\DR1\Partition0
17:17:54.0265 4860 \Device\Harddisk1\DR1\Partition0 - ok
17:17:54.0270 4860 ============================================================
17:17:54.0270 4860 Scan finished
17:17:54.0270 4860 ============================================================
17:17:54.0280 3452 Detected object count: 0
17:17:54.0280 3452 Actual detected object count: 0
17:18:22.0825 5568 Deinitialize success

aswMBR Log


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-10 17:30:03
-----------------------------
17:30:03.247 OS Version: Windows x64 6.1.7601 Service Pack 1
17:30:03.247 Number of processors: 4 586 0xF0B
17:30:03.247 ComputerName: BRANDON-PC UserName: Brandon
17:30:04.117 Initialize success
17:30:04.192 AVAST engine defs: 12071001
17:30:11.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:30:11.372 Disk 0 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476938MB BusType: 3
17:30:11.377 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
17:30:11.382 Disk 1 Vendor: Maxtor_6Y080M0 YAR51BW0 Size: 76323MB BusType: 3
17:30:11.402 Disk 0 MBR read successfully
17:30:11.407 Disk 0 MBR scan
17:30:11.412 Disk 0 Windows 7 default MBR code
17:30:11.417 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:30:11.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
17:30:11.452 Disk 0 scanning C:\Windows\system32\drivers
17:30:19.462 Service scanning
17:30:33.032 Modules scanning
17:30:33.037 Disk 0 trace - called modules:
17:30:33.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:30:33.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048d4060]
17:30:33.062 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800466e580]
17:30:33.067 5 ACPI.sys[fffff88000f4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004670060]
17:30:33.747 AVAST engine scan C:\Windows
17:30:35.342 AVAST engine scan C:\Windows\system32
17:32:11.462 AVAST engine scan C:\Windows\system32\drivers
17:32:20.137 AVAST engine scan C:\Users\Brandon
17:47:11.587 AVAST engine scan C:\ProgramData
17:48:47.369 Scan finished successfully
17:49:16.729 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
17:49:16.734 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
10-Jul-2012, 07:44 PM #7
Everything is coming up clean as you also found.

Before considering any further scans I'd like you to try running IE with no Add-ons.

Follow the instructions in this guide to disable the Add-ons in IE and then run it for a while and see if the problem still exists.
How to run Firefox and Internet Explorer with no add-ons
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
11-Jul-2012, 12:36 AM #8
Hi. Thanks for all the help so far! Running Internet Explorer without extensions seems to yield no problems. Still getting occasional redirects in Chrome, though. They seem to be happening less frequently, but they're still there.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
11-Jul-2012, 01:58 AM #9
Ok, now follow this to disable the Add-ons in Google Chrome. (With Google Add-ons are referred to as Extensions)
Manage Extensions in Google Chrome

See if you can spot any particular Add-on that appears in both browsers. There is one in IE showing in your logs that just might be the cause: Searchqu.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
11-Jul-2012, 05:57 PM #10
After disabling extensions in Chrome, I seem to get no more redirects, although Avast does occasionally block a malicious URL, after which the Google hit I click on loads normally. I only have two extensions in the list, the first being "Default Extension 1.0," the second being Avast WebRep. As before, disabling "Default Extension" seems to solve the problem. It remains disabled when I restart Chrome. On the other hand, if I Trash the extension, it reloads and re-enables after restarting Chrome. Thanks!
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Jul-2012, 02:01 AM #11
Go into Chrome and get to the extensions page. Next to Default Extensions 1 click on the small dustbin to remove it. Restart Google and make sure it has not returned and let me know.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
12-Jul-2012, 02:58 AM #12
When I disable the check-mark next to "Default Extension," it stays disabled when I restart Chrome; however, when I remove it (trash symbol), and then restart Chrome, it shows up again and is enabled. Perhaps I can just leave it disabled (such that it doesn't have a check-mark next to it), as trashing it only brings it back in full force.
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Jul-2012, 03:09 AM #13
Not finiding much infomation on this problem, but try this and see if it comes back again.

Go into Chrome, click on the spanner in the corner and then select Settings. Under Users click on Delete this user.
WifflePerson's Avatar
WifflePerson WifflePerson is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
12-Jul-2012, 04:08 PM #14
I did as requested, and now "Default Extension" is gone. That may have fixed the problem. I'll post more if I get any redirects in the next day or so. Thank you!
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
12-Jul-2012, 06:15 PM #15
Good job, there is just one more thing I would advise you to do, remove the old versions of Java from your system and install the latest version. Please follow this guide.

Java
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for Java Platform, Standard Edition.
  • Click the Download JRE button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select the Windows(x86) Offline version.
  • NOTE: A 64bit version is available for use with 64bit browsers running on a 64bit version of Window's, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?
  • Close any programs you may have running - especially your web browser.
Click on or > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java, JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. Te program is set by default to notify you when an update is available. When a new update is installed always uninstall the old version.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑