1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio ads playing in background

Discussion in 'Virus & Other Malware Removal' started by kernal23, Mar 28, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    I have recently had audio only ads running in the background. No application open - no browser or media player.

    I have run Spybot and Malwarebytes. Upon searching further I have found your site. I have installed Hijackthis and here is my log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:29:10 PM, on 28/03/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16470)
    Boot mode: Normal

    Running processes:
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    F:\F-Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: 119.42.146.34 www.warez-bb.org
    O1 - Hosts: 119.42.146.34 warez-bb.org
    O1 - Hosts: 119.42.146.36 www.warez-bb.org
    O1 - Hosts: 119.42.146.36 warez-bb.org
    O1 - Hosts: 58.65.233.185 warez-bb.org
    O1 - Hosts: 58.65.233.185 www.warez-bb.org
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe"
    O4 - HKLM\..\Run: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
    O4 - HKLM\..\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Sound Blaster Recon3D Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\Windows\6010RMT.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Barden\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [NkjEfiym] C:\Users\Barden\AppData\Local\ferruipv\nkjefiym.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - Startup: CurseClientStartup.ccip
    O4 - Global Startup: MyTV Schedule Agent.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1935DE00-72AA-4893-B9B8-ED52FB8D49F9}: NameServer = 123.200.191.17 123.200.191.18
    O17 - HKLM\System\CCS\Services\Tcpip\..\{679280A1-B4B0-4068-8848-2CC1516E17A6}: NameServer = 123.200.191.17 123.200.191.18
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1935DE00-72AA-4893-B9B8-ED52FB8D49F9}: NameServer = 123.200.191.17 123.200.191.18
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1935DE00-72AA-4893-B9B8-ED52FB8D49F9}: NameServer = 123.200.191.17 123.200.191.18
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Virgin Mobile. OUC (Virgin Mobile. RunOuc) - Unknown owner - F:\Program Files (x86)\Virgin Mobile\UpdateDog\ouc.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16267 bytes
     
  2. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_37
    Run by Barden at 23:41:38 on 2013-03-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16301.13733 [GMT 11:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\Windows\SysWOW64\nlssrv32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ProgramData\Virgin Mobile\OnlineUpdate\ouc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    C:\Users\Barden\AppData\Local\Apps\2.0\YYKD38AN.7EJ\2BQ99RT3.8QD\curs..tion_9e9e83ddf3ed3ead_0005.0001_f98d05d4713e76ec\CurseClient.exe
    F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Google Update] "C:\Users\Barden\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [AdobeBridge] <no file>
    mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe"
    mRun: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
    mRun: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Sound Blaster Recon3D Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [TV Card Remote Control Device Monitor] C:\Windows\6010RMT.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "F:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\Barden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYTVSC~1.LNK - F:\Program Files (x86)\MyTV\ADTVScheduleAgent.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{1935DE00-72AA-4893-B9B8-ED52FB8D49F9} : NameServer = 123.200.191.17 123.200.191.18
    TCP: Interfaces\{4277FA61-72B7-46BE-951B-6B7251BD201E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{679280A1-B4B0-4068-8848-2CC1516E17A6} : NameServer = 123.200.191.17 123.200.191.18
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 119.42.146.34 www.warez-bb.org
    Hosts: 119.42.146.34 warez-bb.org
    Hosts: 119.42.146.36 www.warez-bb.org
    Hosts: 119.42.146.36 warez-bb.org
    Hosts: 58.65.233.185 warez-bb.org
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Barden\AppData\Roaming\Mozilla\Firefox\Profiles\3yf6asc9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Barden\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - plugin: F:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: F:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-26 56208]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-3-1 21104]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-16 283200]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-20 240640]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
    R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-1-31 66560]
    R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2012-9-16 229888]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-28 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-28 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-28 168384]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-7-13 11576]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-1 2655768]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-9-12 86016]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-1 317440]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-1 535656]
    R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2011-7-13 13168]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2011-7-13 16368]
    R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2011-7-13 24944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Virgin Mobile. RunOuc;Virgin Mobile. OUC;F:\Program Files (x86)\Virgin Mobile\UpdateDog\ouc.exe [2012-9-12 218624]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-1-7 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-1-7 79360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-9-12 117248]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2012-9-12 421376]
    S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2013-1-7 1758208]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TridVid;USB TV Tuner;C:\Windows\System32\drivers\tridvid6010.sys [2011-1-21 411648]
    S3 TridVid64;TM6000 TV Service;C:\Windows\System32\drivers\TridVid64.sys [2013-1-9 323840]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-2 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    ShellExec: dreamweaver.exe: Open="F:\Program Files\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-03-28 10:59:14 -------- d-----w- C:\Users\Barden\AppData\Local\{5F3AC432-D4C3-4BDC-A886-07E4EE8D2591}
    2013-03-28 09:38:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-03-28 09:38:36 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-03-28 09:38:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-03-28 09:36:49 -------- d-----w- C:\Users\Barden\AppData\Roaming\Malwarebytes
    2013-03-28 09:36:40 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-28 09:36:40 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-28 09:36:16 -------- d-----w- C:\Users\Barden\AppData\Local\Programs
    2013-03-27 22:58:50 -------- d-----w- C:\Users\Barden\AppData\Local\{B9268FD2-4823-41CB-8FB2-80181922F0A6}
    2013-03-27 10:58:38 -------- d-----w- C:\Users\Barden\AppData\Local\{C546446D-F6E8-45BF-BF20-6ECBB4930228}
    2013-03-26 22:58:26 -------- d-----w- C:\Users\Barden\AppData\Local\{B89FD26B-E6ED-48E8-AD64-9D41F5AD3969}
    2013-03-26 18:32:49 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1E715D5-0C29-4313-82BA-26FE42E8E7C8}\mpengine.dll
    2013-03-26 10:58:14 -------- d-----w- C:\Users\Barden\AppData\Local\{81513352-5AFF-497D-81C1-831BDC181EC2}
    2013-03-25 22:58:03 -------- d-----w- C:\Users\Barden\AppData\Local\{29D45C7D-D8BC-4BB9-9C8D-16C01C9EF35F}
    2013-03-25 10:57:51 -------- d-----w- C:\Users\Barden\AppData\Local\{AD143079-366B-4C86-8BAF-6355DB19FC92}
    2013-03-24 22:57:39 -------- d-----w- C:\Users\Barden\AppData\Local\{988419B6-2D2C-4E9E-AF77-D3B0195A4D43}
    2013-03-24 10:57:15 -------- d-----w- C:\Users\Barden\AppData\Local\{B857D073-BA46-452F-BE0A-6762FC6F265C}
    2013-03-23 22:57:02 -------- d-----w- C:\Users\Barden\AppData\Local\{6CF78C24-ADA1-4B81-95C6-2D2639ECCE47}
    2013-03-23 10:56:48 -------- d-----w- C:\Users\Barden\AppData\Local\{8D103AA2-032D-4A3B-95C5-00567C783765}
    2013-03-22 21:09:47 -------- d-----w- C:\Users\Barden\AppData\Local\{5225741E-FE8A-47F5-AE41-09C39731288D}
    2013-03-22 09:09:35 -------- d-----w- C:\Users\Barden\AppData\Local\{F32EE643-0812-4F65-9122-8C9F529B4914}
    2013-03-21 21:09:10 -------- d-----w- C:\Users\Barden\AppData\Local\{BC395D51-7AD4-4E60-A32C-31E8E2C3DCFA}
    2013-03-20 20:49:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-03-18 10:14:39 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-03-15 01:52:04 -------- d-----w- C:\Users\Barden\AppData\Local\{B3715841-5AB1-4F6A-8B9B-C8DB65FF2196}
    2013-03-14 06:24:09 -------- d-----w- C:\Users\Barden\AppData\Local\{FF5AAF40-6D9D-46B3-9B5D-D30E8AF08B59}
    2013-03-13 18:23:56 -------- d-----w- C:\Users\Barden\AppData\Local\{1F6C78FC-6ED4-43BD-8646-131B855C4FDD}
    2013-03-13 06:23:32 -------- d-----w- C:\Users\Barden\AppData\Local\{01A7A770-2BC2-4C74-821D-266CB5D29B91}
    2013-03-12 18:23:20 -------- d-----w- C:\Users\Barden\AppData\Local\{B5CB6840-70D4-4ACD-8C1F-7E8A108782F1}
    2013-03-12 06:23:08 -------- d-----w- C:\Users\Barden\AppData\Local\{FD24168C-A430-48C3-BD33-2612E76F7311}
    2013-03-11 18:22:56 -------- d-----w- C:\Users\Barden\AppData\Local\{092A2896-D78B-4597-BC98-E179662C241B}
    2013-03-11 06:22:44 -------- d-----w- C:\Users\Barden\AppData\Local\{F9DBE986-4F57-412C-BF93-8FB0E05326A2}
    2013-03-10 18:22:32 -------- d-----w- C:\Users\Barden\AppData\Local\{9854FAE3-B059-45CD-B7FB-9507675D7746}
    2013-03-10 06:22:21 -------- d-----w- C:\Users\Barden\AppData\Local\{191F1F46-47BC-4674-BCC9-248F90091715}
    2013-03-09 18:22:09 -------- d-----w- C:\Users\Barden\AppData\Local\{0B8BA845-F38A-470E-9DB2-4303F80AB781}
    2013-03-09 06:21:57 -------- d-----w- C:\Users\Barden\AppData\Local\{1424A86F-159B-4201-B867-848C1F9DAC31}
    2013-03-08 18:21:45 -------- d-----w- C:\Users\Barden\AppData\Local\{112D19E0-3979-4413-99EF-5FF812D3A751}
    2013-03-08 06:21:21 -------- d-----w- C:\Users\Barden\AppData\Local\{8281C12B-718A-4ACB-AF86-D67D5A6B299F}
    2013-03-07 18:21:09 -------- d-----w- C:\Users\Barden\AppData\Local\{15D6F18D-8466-42FA-AD94-39380F7D238B}
    2013-03-07 06:20:57 -------- d-----w- C:\Users\Barden\AppData\Local\{6E04C270-F5EC-4C03-8602-7123C858A4AC}
    2013-03-06 18:20:45 -------- d-----w- C:\Users\Barden\AppData\Local\{F8FCF044-8FED-489F-8CDE-33E3B9ED2C87}
    2013-03-06 06:20:33 -------- d-----w- C:\Users\Barden\AppData\Local\{DA4893FE-6ACC-4D65-9681-A919AD65D618}
    2013-03-05 18:20:21 -------- d-----w- C:\Users\Barden\AppData\Local\{C4682206-B56D-4F90-8300-B6F642804E26}
    2013-03-05 06:20:10 -------- d-----w- C:\Users\Barden\AppData\Local\{C30968D1-C226-4C02-9816-C77C97F377ED}
    2013-03-04 18:19:58 -------- d-----w- C:\Users\Barden\AppData\Local\{61CCDF70-0B12-4EFB-86AB-E160B189B011}
    2013-03-04 06:19:46 -------- d-----w- C:\Users\Barden\AppData\Local\{88BB10C2-BE9B-498C-A649-B64527D262FE}
    2013-03-03 18:19:34 -------- d-----w- C:\Users\Barden\AppData\Local\{D99B95A2-393E-4A51-A76D-2BB682426251}
    2013-03-03 06:19:22 -------- d-----w- C:\Users\Barden\AppData\Local\{7176E038-001A-407D-96D6-15F877D95A90}
    2013-03-02 18:19:10 -------- d-----w- C:\Users\Barden\AppData\Local\{D5DF243E-B373-4E89-93B3-F24368D046B9}
    2013-03-02 06:18:58 -------- d-----w- C:\Users\Barden\AppData\Local\{3318495B-7872-4664-B2FD-8DA25F4041A7}
    2013-03-01 18:18:46 -------- d-----w- C:\Users\Barden\AppData\Local\{B25EA358-409B-4636-A2A9-EAAB09DBA354}
    2013-03-01 06:18:35 -------- d-----w- C:\Users\Barden\AppData\Local\{01A25EDE-3285-4E78-B230-14A900092833}
    2013-02-28 18:18:23 -------- d-----w- C:\Users\Barden\AppData\Local\{E59CED24-ADC7-4F0C-84C7-C6C1E80583DA}
    2013-02-28 06:18:11 -------- d-----w- C:\Users\Barden\AppData\Local\{F5ADE5B4-A348-4EC3-9F23-1439A596E635}
    2013-02-27 18:17:59 -------- d-----w- C:\Users\Barden\AppData\Local\{523396F9-B4B2-4E7D-BFAA-EFBE9F69004C}
    2013-02-27 06:17:35 -------- d-----w- C:\Users\Barden\AppData\Local\{F821A1DA-B74B-4AD2-84AC-DBB4B7FB76C7}
    2013-02-26 18:17:23 -------- d-----w- C:\Users\Barden\AppData\Local\{0967A754-BBD2-432F-B31F-3D05ECDE5A05}
    .
    ==================== Find3M ====================
    .
    2013-03-13 02:33:28 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 02:33:28 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-16 14:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-07 05:20:38 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2013-01-07 05:20:38 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2013-01-07 05:20:38 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2013-01-07 05:20:38 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 23:41:47.53 ===============
     
  3. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    /bump 48hrs

    problem still occurring every so often. I opened a docx file with Microsoft Office earlier today and away it went.

    Often it ends up playing non-english ads in the end - possible spanish not sure though.

    I do appreciate that this is run by volunteers and I am happy to wait patiently, I often help others when I my skills are useful, it is a nice feeling to help people. Thanks :)
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    Malwarebytes Anti-Rootkit Tool

    1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:
    • Internet access
    • Windows Update
    • Windows Firewall
    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    [​IMG]

    15. The following Window will open, Select "Y" from your Keyboard, tap Enter.

    [​IMG]

    16. The fix will be applied, select any key to Exit.

    [​IMG]

    15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  5. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    Hi Derek

    Thanks for your reply. I really appreciate your time.

    The scan did not find anything, here are the two logs.

    Malwarebytes Anti-Rootkit BETA 1.01.0.1022
    www.malwarebytes.org

    Database version: v2013.04.02.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Barden :: BARDEN-PC [administrator]

    3/04/2013 12:09:05 AM
    mbar-log-2013-04-03 (00-09-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31918
    Time elapsed: 10 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1022

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16521

    Java version: 1.6.0_37

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, M:\ DRIVE_FIXED
    CPU speed: 3.392000 GHz
    Memory total: 17092960256, free: 13497511936

    ------------ Kernel report ------------
    04/02/2013 23:57:19
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\ehdrv.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\AppleCharger.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\System32\Drivers\EtronXHCI.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\SMARTVTabletPCx64.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\System32\Drivers\pcouffin.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\EtronHub3.sys
    \SystemRoot\System32\Drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\SMARTMouseFilterx64.sys
    \SystemRoot\system32\DRIVERS\MTConfig.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\eamonm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\epfwwfpr.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \??\C:\Windows\system32\Drivers\SSPORT.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\umpass.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800d2f6060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-9\
    Lower Device Object: 0xfffffa800d0c2060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa800d2f5060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-4\
    Lower Device Object: 0xfffffa800d0ce680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800d2f4060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-3\
    Lower Device Object: 0xfffffa800d0ca060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800d2d6790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
    Lower Device Object: 0xfffffa800d0c6680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Downloaded database version: v2013.04.02.06
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 2, partition: 1
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa800d2f5060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800d2f5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800d2f5060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800ccb27f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d0ce680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0100d4550, 0xfffffa800d2f5060, 0xfffffa8010739790
    Lower DeviceData: 0xfffff8a012c0d470, 0xfffffa800d0ce680, 0xfffffa80107a5a00
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 2, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800d2d6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800d2d62c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800d2d6790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d0c9520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d0c6680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a010104cd0, 0xfffffa800d2d6790, 0xfffffa80118f0090
    Lower DeviceData: 0xfffff8a014371240, 0xfffffa800d0c6680, 0xfffffa80107985e0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CAD7FBC3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 3906818048

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa800d2f4060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800d2f4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800d2f4060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800d0cb520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d0ca060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a010e925b0, 0xfffffa800d2f4060, 0xfffffa801066b790
    Lower DeviceData: 0xfffff8a015309c00, 0xfffffa800d0ca060, 0xfffffa801079ee40
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 5FDB4320

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 234436608

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CAD7FBDB

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 234436608

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa800d2f6060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800d2f6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800d2f6060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800ccfa040, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800d0c2060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-9\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0100f1170, 0xfffffa800d2f6060, 0xfffffa80107ca790
    Lower DeviceData: 0xfffff8a00dfd2990, 0xfffffa800d0c2060, 0xfffffa80107cde40
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 674780BA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3907022848

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    first use the Microsoft fixit tool on http://support.microsoft.com/kb/972034 to reset hosts to default

    then

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  7. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    Thanks for your swift reply.

    Hosts file done and here is the log file.


    # AdwCleaner v2.200 - Logfile created 04/03/2013 at 17:08:08
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Barden - BARDEN-PC
    # Boot Mode : Normal
    # Running from : F:\F-Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16521

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-GB)

    File : C:\Users\Barden\AppData\Roaming\Mozilla\Firefox\Profiles\3yf6asc9.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v26.0.1410.43

    File : C:\Users\Barden\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [969 octets] - [03/04/2013 17:08:08]

    ########## EOF - C:\AdwCleaner[R1].txt - [1028 octets] ##########
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  9. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
  11. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    Thanks for the link :)

    Here is the log file:

    18:24:16.0810 2624 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02
    18:24:17.0557 2624 ============================================================
    18:24:17.0557 2624 Current date / time: 2013/04/04 18:24:17.0557
    18:24:17.0557 2624 SystemInfo:
    18:24:17.0557 2624
    18:24:17.0557 2624 OS Version: 6.1.7601 ServicePack: 1.0
    18:24:17.0557 2624 Product type: Workstation
    18:24:17.0558 2624 ComputerName: BARDEN-PC
    18:24:17.0558 2624 UserName: Barden
    18:24:17.0558 2624 Windows directory: C:\Windows
    18:24:17.0558 2624 System windows directory: C:\Windows
    18:24:17.0558 2624 Running under WOW64
    18:24:17.0558 2624 Processor architecture: Intel x64
    18:24:17.0558 2624 Number of processors: 8
    18:24:17.0558 2624 Page size: 0x1000
    18:24:17.0558 2624 Boot type: Normal boot
    18:24:17.0558 2624 ============================================================
    18:24:17.0744 2624 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3F161, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    18:24:17.0760 2624 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:24:17.0761 2624 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:24:25.0557 2624 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:24:25.0571 2624 Drive \Device\Harddisk5\DR6 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:24:29.0367 2624 ============================================================
    18:24:29.0367 2624 \Device\Harddisk0\DR0:
    18:24:29.0368 2624 MBR partitions:
    18:24:29.0368 2624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:24:29.0368 2624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5000
    18:24:29.0368 2624 \Device\Harddisk1\DR1:
    18:24:29.0370 2624 MBR partitions:
    18:24:29.0370 2624 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
    18:24:29.0370 2624 \Device\Harddisk2\DR2:
    18:24:29.0371 2624 MBR partitions:
    18:24:29.0371 2624 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
    18:24:29.0371 2624 \Device\Harddisk3\DR3:
    18:24:29.0372 2624 MBR partitions:
    18:24:29.0372 2624 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
    18:24:29.0372 2624 \Device\Harddisk5\DR6:
    18:24:29.0372 2624 MBR partitions:
    18:24:29.0372 2624 \Device\Harddisk5\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830
    18:24:29.0372 2624 ============================================================
    18:24:29.0373 2624 C: <-> \Device\Harddisk2\DR2\Partition1
    18:24:29.0374 2624 E: <-> \Device\Harddisk1\DR1\Partition1
    18:24:29.0445 2624 F: <-> \Device\Harddisk0\DR0\Partition2
    18:24:29.0476 2624 I: <-> \Device\Harddisk5\DR6\Partition1
    18:24:29.0528 2624 M: <-> \Device\Harddisk3\DR3\Partition1
    18:24:29.0529 2624 ============================================================
    18:24:29.0529 2624 Initialize success
    18:24:29.0529 2624 ============================================================
    18:24:50.0721 5364 ============================================================
    18:24:50.0721 5364 Scan started
    18:24:50.0721 5364 Mode: Manual;
    18:24:50.0721 5364 ============================================================
    18:24:54.0416 5364 ================ Scan system memory ========================
    18:24:54.0416 5364 System memory - ok
    18:24:54.0416 5364 ================ Scan services =============================
    18:24:54.0453 5364 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    18:24:54.0455 5364 1394ohci - ok
    18:24:54.0461 5364 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:24:54.0465 5364 ACPI - ok
    18:24:54.0467 5364 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:24:54.0468 5364 AcpiPmi - ok
    18:24:54.0475 5364 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:24:54.0475 5364 AdobeARMservice - ok
    18:24:54.0500 5364 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:24:54.0502 5364 AdobeFlashPlayerUpdateSvc - ok
    18:24:54.0509 5364 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    18:24:54.0514 5364 adp94xx - ok
    18:24:54.0519 5364 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    18:24:54.0522 5364 adpahci - ok
    18:24:54.0526 5364 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    18:24:54.0528 5364 adpu320 - ok
    18:24:54.0533 5364 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:24:54.0535 5364 AeLookupSvc - ok
    18:24:54.0543 5364 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:24:54.0548 5364 AFD - ok
    18:24:54.0550 5364 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:24:54.0552 5364 agp440 - ok
    18:24:54.0554 5364 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:24:54.0555 5364 ALG - ok
    18:24:54.0558 5364 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:24:54.0558 5364 aliide - ok
    18:24:54.0562 5364 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:24:54.0564 5364 AMD External Events Utility - ok
    18:24:54.0566 5364 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:24:54.0568 5364 amdide - ok
    18:24:54.0570 5364 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    18:24:54.0571 5364 AmdK8 - ok
    18:24:54.0669 5364 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:24:54.0761 5364 amdkmdag - ok
    18:24:54.0769 5364 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    18:24:54.0773 5364 amdkmdap - ok
    18:24:54.0776 5364 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    18:24:54.0778 5364 AmdPPM - ok
    18:24:54.0780 5364 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:24:54.0782 5364 amdsata - ok
    18:24:54.0786 5364 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    18:24:54.0788 5364 amdsbs - ok
    18:24:54.0792 5364 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:24:54.0792 5364 amdxata - ok
    18:24:54.0794 5364 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:24:54.0796 5364 AppID - ok
    18:24:54.0798 5364 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:24:54.0798 5364 AppIDSvc - ok
    18:24:54.0801 5364 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:24:54.0802 5364 Appinfo - ok
    18:24:54.0806 5364 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:24:54.0807 5364 Apple Mobile Device - ok
    18:24:54.0809 5364 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    18:24:54.0810 5364 AppleCharger - ok
    18:24:54.0812 5364 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    18:24:54.0813 5364 AppleChargerSrv - ok
    18:24:54.0815 5364 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    18:24:54.0817 5364 arc - ok
    18:24:54.0820 5364 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    18:24:54.0821 5364 arcsas - ok
    18:24:54.0834 5364 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:24:54.0835 5364 aspnet_state - ok
    18:24:54.0837 5364 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:24:54.0838 5364 AsyncMac - ok
    18:24:54.0840 5364 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:24:54.0841 5364 atapi - ok
    18:24:54.0844 5364 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    18:24:54.0846 5364 AtiHDAudioService - ok
    18:24:54.0855 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:24:54.0862 5364 AudioEndpointBuilder - ok
    18:24:54.0870 5364 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:24:54.0872 5364 AudioSrv - ok
    18:24:54.0875 5364 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:24:54.0877 5364 AxInstSV - ok
    18:24:54.0884 5364 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    18:24:54.0889 5364 b06bdrv - ok
    18:24:54.0893 5364 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:24:54.0896 5364 b57nd60a - ok
    18:24:54.0902 5364 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:24:54.0903 5364 BDESVC - ok
    18:24:54.0905 5364 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:24:54.0905 5364 Beep - ok
    18:24:54.0914 5364 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:24:54.0920 5364 BFE - ok
    18:24:54.0932 5364 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    18:24:54.0942 5364 BITS - ok
    18:24:54.0945 5364 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:24:54.0946 5364 blbdrive - ok
    18:24:54.0953 5364 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:24:54.0956 5364 Bonjour Service - ok
    18:24:54.0959 5364 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:24:54.0960 5364 bowser - ok
    18:24:54.0962 5364 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    18:24:54.0963 5364 BrFiltLo - ok
    18:24:54.0965 5364 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    18:24:54.0966 5364 BrFiltUp - ok
    18:24:54.0970 5364 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    18:24:54.0971 5364 Browser - ok
    18:24:54.0975 5364 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:24:54.0978 5364 Brserid - ok
    18:24:54.0981 5364 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:24:54.0982 5364 BrSerWdm - ok
    18:24:54.0984 5364 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:24:54.0984 5364 BrUsbMdm - ok
    18:24:54.0986 5364 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:24:54.0987 5364 BrUsbSer - ok
    18:24:54.0989 5364 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    18:24:54.0990 5364 BTHMODEM - ok
    18:24:54.0994 5364 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:24:54.0995 5364 bthserv - ok
    18:24:54.0997 5364 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:24:54.0999 5364 cdfs - ok
    18:24:55.0002 5364 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:24:55.0004 5364 cdrom - ok
    18:24:55.0007 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:24:55.0008 5364 CertPropSvc - ok
    18:24:55.0011 5364 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    18:24:55.0012 5364 circlass - ok
    18:24:55.0018 5364 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:24:55.0022 5364 CLFS - ok
    18:24:55.0028 5364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:24:55.0030 5364 clr_optimization_v2.0.50727_32 - ok
    18:24:55.0035 5364 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:24:55.0037 5364 clr_optimization_v2.0.50727_64 - ok
    18:24:55.0048 5364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:24:55.0049 5364 clr_optimization_v4.0.30319_32 - ok
    18:24:55.0052 5364 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:24:55.0053 5364 clr_optimization_v4.0.30319_64 - ok
    18:24:55.0055 5364 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    18:24:55.0056 5364 CmBatt - ok
    18:24:55.0058 5364 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:24:55.0059 5364 cmdide - ok
    18:24:55.0066 5364 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:24:55.0069 5364 CNG - ok
    18:24:55.0072 5364 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    18:24:55.0072 5364 Compbatt - ok
    18:24:55.0075 5364 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    18:24:55.0076 5364 CompositeBus - ok
    18:24:55.0077 5364 COMSysApp - ok
    18:24:55.0080 5364 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    18:24:55.0082 5364 crcdisk - ok
    18:24:55.0084 5364 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    18:24:55.0086 5364 Creative ALchemy AL6 Licensing Service - ok
    18:24:55.0089 5364 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    18:24:55.0091 5364 Creative Audio Engine Licensing Service - ok
    18:24:55.0095 5364 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:24:55.0097 5364 CryptSvc - ok
    18:24:55.0105 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:24:55.0111 5364 DcomLaunch - ok
    18:24:55.0117 5364 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:24:55.0121 5364 defragsvc - ok
    18:24:55.0123 5364 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:24:55.0125 5364 DfsC - ok
    18:24:55.0128 5364 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
    18:24:55.0129 5364 DgiVecp - ok
    18:24:55.0132 5364 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    18:24:55.0133 5364 dg_ssudbus - ok
    18:24:55.0138 5364 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:24:55.0142 5364 Dhcp - ok
    18:24:55.0144 5364 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:24:55.0144 5364 discache - ok
    18:24:55.0147 5364 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    18:24:55.0148 5364 Disk - ok
    18:24:55.0152 5364 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:24:55.0155 5364 Dnscache - ok
    18:24:55.0159 5364 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:24:55.0162 5364 dot3svc - ok
    18:24:55.0165 5364 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:24:55.0167 5364 DPS - ok
    18:24:55.0169 5364 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:24:55.0170 5364 drmkaud - ok
    18:24:55.0175 5364 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    18:24:55.0177 5364 dtsoftbus01 - ok
    18:24:55.0188 5364 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:24:55.0197 5364 DXGKrnl - ok
    18:24:55.0201 5364 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    18:24:55.0204 5364 eamonm - ok
    18:24:55.0207 5364 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:24:55.0208 5364 EapHost - ok
    18:24:55.0241 5364 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    18:24:55.0270 5364 ebdrv - ok
    18:24:55.0273 5364 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:24:55.0274 5364 EFS - ok
    18:24:55.0278 5364 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    18:24:55.0280 5364 ehdrv - ok
    18:24:55.0289 5364 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:24:55.0294 5364 ehRecvr - ok
    18:24:55.0297 5364 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:24:55.0298 5364 ehSched - ok
    18:24:55.0309 5364 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    18:24:55.0313 5364 ekrn - ok
    18:24:55.0320 5364 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    18:24:55.0325 5364 elxstor - ok
    18:24:55.0329 5364 [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
    18:24:55.0330 5364 epfwwfpr - ok
    18:24:55.0332 5364 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:24:55.0332 5364 ErrDev - ok
    18:24:55.0336 5364 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
    18:24:55.0337 5364 EtronHub3 - ok
    18:24:55.0339 5364 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
    18:24:55.0341 5364 EtronXHCI - ok
    18:24:55.0349 5364 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:24:55.0353 5364 EventSystem - ok
    18:24:55.0359 5364 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
    18:24:55.0363 5364 ewusbmbb - ok
    18:24:55.0366 5364 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    18:24:55.0367 5364 ew_hwusbdev - ok
    18:24:55.0372 5364 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:24:55.0376 5364 exfat - ok
    18:24:55.0380 5364 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:24:55.0382 5364 fastfat - ok
    18:24:55.0390 5364 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:24:55.0396 5364 Fax - ok
    18:24:55.0398 5364 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    18:24:55.0399 5364 fdc - ok
    18:24:55.0401 5364 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:24:55.0402 5364 fdPHost - ok
    18:24:55.0404 5364 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:24:55.0405 5364 FDResPub - ok
    18:24:55.0408 5364 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:24:55.0409 5364 FileInfo - ok
    18:24:55.0411 5364 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:24:55.0411 5364 Filetrace - ok
    18:24:55.0413 5364 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    18:24:55.0414 5364 flpydisk - ok
    18:24:55.0419 5364 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:24:55.0422 5364 FltMgr - ok
    18:24:55.0434 5364 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
    18:24:55.0443 5364 FontCache - ok
    18:24:55.0447 5364 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:24:55.0448 5364 FontCache3.0.0.0 - ok
    18:24:55.0450 5364 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:24:55.0451 5364 FsDepends - ok
    18:24:55.0454 5364 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:24:55.0454 5364 Fs_Rec - ok
    18:24:55.0458 5364 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:24:55.0460 5364 fvevol - ok
    18:24:55.0463 5364 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    18:24:55.0464 5364 gagp30kx - ok
    18:24:55.0466 5364 gdrv - ok
    18:24:55.0468 5364 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:24:55.0469 5364 GEARAspiWDM - ok
    18:24:55.0479 5364 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:24:55.0487 5364 gpsvc - ok
    18:24:55.0491 5364 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:24:55.0492 5364 gupdate - ok
    18:24:55.0494 5364 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:24:55.0495 5364 gupdatem - ok
    18:24:55.0497 5364 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:24:55.0498 5364 hcw85cir - ok
    18:24:55.0503 5364 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:24:55.0507 5364 HdAudAddService - ok
    18:24:55.0510 5364 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:24:55.0512 5364 HDAudBus - ok
    18:24:55.0514 5364 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    18:24:55.0514 5364 HidBatt - ok
    18:24:55.0517 5364 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    18:24:55.0518 5364 HidBth - ok
    18:24:55.0520 5364 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    18:24:55.0521 5364 HidIr - ok
    18:24:55.0524 5364 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:24:55.0526 5364 hidserv - ok
    18:24:55.0529 5364 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:24:55.0530 5364 HidUsb - ok
    18:24:55.0532 5364 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:24:55.0534 5364 hkmsvc - ok
    18:24:55.0539 5364 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:24:55.0543 5364 HomeGroupListener - ok
    18:24:55.0547 5364 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:24:55.0550 5364 HomeGroupProvider - ok
    18:24:55.0553 5364 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:24:55.0554 5364 HpSAMD - ok
    18:24:55.0564 5364 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:24:55.0574 5364 HTTP - ok
    18:24:55.0577 5364 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    18:24:55.0579 5364 huawei_enumerator - ok
    18:24:55.0583 5364 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    18:24:55.0586 5364 hwdatacard - ok
    18:24:55.0588 5364 HWDeviceService64.exe - ok
    18:24:55.0591 5364 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:24:55.0591 5364 hwpolicy - ok
    18:24:55.0595 5364 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    18:24:55.0596 5364 i8042prt - ok
    18:24:55.0603 5364 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:24:55.0608 5364 iaStorV - ok
    18:24:55.0618 5364 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:24:55.0626 5364 idsvc - ok
    18:24:55.0726 5364 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:24:55.0813 5364 igfx - ok
    18:24:55.0818 5364 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    18:24:55.0819 5364 iirsp - ok
    18:24:55.0829 5364 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:24:55.0838 5364 IKEEXT - ok
    18:24:55.0873 5364 [ 98F4E841EA43ED5A442F0DC60CAB4326 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    18:24:55.0884 5364 IntcAzAudAddService - ok
    18:24:55.0890 5364 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:24:55.0893 5364 IntcDAud - ok
    18:24:55.0895 5364 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:24:55.0896 5364 intelide - ok
    18:24:55.0898 5364 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:24:55.0899 5364 intelppm - ok
    18:24:55.0902 5364 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:24:55.0903 5364 IPBusEnum - ok
    18:24:55.0906 5364 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:24:55.0907 5364 IpFilterDriver - ok
    18:24:55.0914 5364 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:24:55.0918 5364 iphlpsvc - ok
    18:24:55.0921 5364 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:24:55.0922 5364 IPMIDRV - ok
    18:24:55.0924 5364 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:24:55.0926 5364 IPNAT - ok
    18:24:55.0935 5364 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:24:55.0942 5364 iPod Service - ok
    18:24:55.0945 5364 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:24:55.0946 5364 IRENUM - ok
    18:24:55.0948 5364 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:24:55.0949 5364 isapnp - ok
    18:24:55.0954 5364 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:24:55.0956 5364 iScsiPrt - ok
    18:24:55.0959 5364 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:24:55.0960 5364 kbdclass - ok
    18:24:55.0962 5364 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:24:55.0963 5364 kbdhid - ok
    18:24:55.0965 5364 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:24:55.0966 5364 KeyIso - ok
    18:24:55.0982 5364 [ CB342C6F3B477C341E4E1C75728F99E9 ] ksaud C:\Windows\system32\drivers\ksaud.sys
    18:24:55.0996 5364 ksaud - ok
    18:24:55.0999 5364 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:24:56.0000 5364 KSecDD - ok
    18:24:56.0004 5364 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:24:56.0005 5364 KSecPkg - ok
    18:24:56.0007 5364 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:24:56.0008 5364 ksthunk - ok
    18:24:56.0013 5364 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:24:56.0017 5364 KtmRm - ok
    18:24:56.0021 5364 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:24:56.0025 5364 LanmanServer - ok
    18:24:56.0028 5364 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:24:56.0030 5364 LanmanWorkstation - ok
    18:24:56.0034 5364 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:24:56.0035 5364 lltdio - ok
    18:24:56.0039 5364 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:24:56.0043 5364 lltdsvc - ok
    18:24:56.0045 5364 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:24:56.0046 5364 lmhosts - ok
    18:24:56.0053 5364 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    18:24:56.0054 5364 LMS - ok
    18:24:56.0058 5364 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    18:24:56.0059 5364 LSI_FC - ok
    18:24:56.0062 5364 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    18:24:56.0064 5364 LSI_SAS - ok
    18:24:56.0066 5364 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    18:24:56.0068 5364 LSI_SAS2 - ok
    18:24:56.0070 5364 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    18:24:56.0072 5364 LSI_SCSI - ok
    18:24:56.0075 5364 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:24:56.0077 5364 luafv - ok
    18:24:56.0079 5364 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:24:56.0081 5364 Mcx2Svc - ok
    18:24:56.0083 5364 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    18:24:56.0085 5364 megasas - ok
    18:24:56.0090 5364 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    18:24:56.0093 5364 MegaSR - ok
    18:24:56.0096 5364 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    18:24:56.0097 5364 MEIx64 - ok
    18:24:56.0106 5364 Microsoft SharePoint Workspace Audit Service - ok
    18:24:56.0109 5364 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:24:56.0110 5364 MMCSS - ok
    18:24:56.0112 5364 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:24:56.0113 5364 Modem - ok
    18:24:56.0115 5364 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:24:56.0116 5364 monitor - ok
    18:24:56.0118 5364 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:24:56.0119 5364 mouclass - ok
    18:24:56.0121 5364 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:24:56.0122 5364 mouhid - ok
    18:24:56.0125 5364 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:24:56.0126 5364 mountmgr - ok
    18:24:56.0130 5364 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:24:56.0131 5364 MozillaMaintenance - ok
    18:24:56.0134 5364 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:24:56.0136 5364 mpio - ok
    18:24:56.0140 5364 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:24:56.0141 5364 mpsdrv - ok
    18:24:56.0153 5364 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:24:56.0164 5364 MpsSvc - ok
    18:24:56.0168 5364 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:24:56.0169 5364 MRxDAV - ok
    18:24:56.0174 5364 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:24:56.0177 5364 mrxsmb - ok
    18:24:56.0182 5364 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:24:56.0186 5364 mrxsmb10 - ok
    18:24:56.0189 5364 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:24:56.0190 5364 mrxsmb20 - ok
    18:24:56.0193 5364 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:24:56.0194 5364 msahci - ok
    18:24:56.0197 5364 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:24:56.0199 5364 msdsm - ok
    18:24:56.0202 5364 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:24:56.0205 5364 MSDTC - ok
    18:24:56.0209 5364 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:24:56.0210 5364 Msfs - ok
    18:24:56.0212 5364 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:24:56.0212 5364 mshidkmdf - ok
    18:24:56.0214 5364 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:24:56.0214 5364 msisadrv - ok
    18:24:56.0218 5364 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:24:56.0220 5364 MSiSCSI - ok
    18:24:56.0222 5364 msiserver - ok
    18:24:56.0225 5364 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:24:56.0226 5364 MSKSSRV - ok
    18:24:56.0228 5364 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:24:56.0228 5364 MSPCLOCK - ok
    18:24:56.0230 5364 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:24:56.0231 5364 MSPQM - ok
    18:24:56.0237 5364 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:24:56.0242 5364 MsRPC - ok
    18:24:56.0246 5364 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    18:24:56.0246 5364 mssmbios - ok
    18:24:56.0248 5364 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:24:56.0249 5364 MSTEE - ok
    18:24:56.0250 5364 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:24:56.0251 5364 MTConfig - ok
    18:24:56.0253 5364 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:24:56.0254 5364 Mup - ok
    18:24:56.0262 5364 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:24:56.0268 5364 napagent - ok
    18:24:56.0273 5364 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:24:56.0276 5364 NativeWifiP - ok
    18:24:56.0287 5364 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:24:56.0294 5364 NDIS - ok
    18:24:56.0296 5364 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:24:56.0297 5364 NdisCap - ok
    18:24:56.0300 5364 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:24:56.0300 5364 NdisTapi - ok
    18:24:56.0302 5364 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:24:56.0303 5364 Ndisuio - ok
    18:24:56.0307 5364 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:24:56.0309 5364 NdisWan - ok
    18:24:56.0311 5364 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:24:56.0312 5364 NDProxy - ok
    18:24:56.0315 5364 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:24:56.0316 5364 NetBIOS - ok
    18:24:56.0320 5364 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:24:56.0322 5364 NetBT - ok
    18:24:56.0325 5364 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:24:56.0325 5364 Netlogon - ok
    18:24:56.0331 5364 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:24:56.0335 5364 Netman - ok
    18:24:56.0338 5364 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:24:56.0340 5364 NetMsmqActivator - ok
    18:24:56.0342 5364 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:24:56.0343 5364 NetPipeActivator - ok
    18:24:56.0349 5364 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:24:56.0355 5364 netprofm - ok
    18:24:56.0357 5364 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:24:56.0358 5364 NetTcpActivator - ok
    18:24:56.0360 5364 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:24:56.0361 5364 NetTcpPortSharing - ok
    18:24:56.0364 5364 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    18:24:56.0365 5364 nfrd960 - ok
    18:24:56.0369 5364 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:24:56.0372 5364 NlaSvc - ok
    18:24:56.0396 5364 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
    18:24:56.0397 5364 nlsX86cc - ok
    18:24:56.0400 5364 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:24:56.0401 5364 Npfs - ok
    18:24:56.0403 5364 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:24:56.0405 5364 nsi - ok
    18:24:56.0407 5364 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:24:56.0408 5364 nsiproxy - ok
    18:24:56.0424 5364 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:24:56.0438 5364 Ntfs - ok
    18:24:56.0440 5364 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:24:56.0441 5364 Null - ok
    18:24:56.0444 5364 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:24:56.0446 5364 nvraid - ok
    18:24:56.0450 5364 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:24:56.0452 5364 nvstor - ok
    18:24:56.0455 5364 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:24:56.0456 5364 nv_agp - ok
    18:24:56.0460 5364 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:24:56.0461 5364 ohci1394 - ok
    18:24:56.0465 5364 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:24:56.0467 5364 ose - ok
    18:24:56.0530 5364 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:24:56.0586 5364 osppsvc - ok
    18:24:56.0594 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:24:56.0598 5364 p2pimsvc - ok
    18:24:56.0605 5364 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:24:56.0610 5364 p2psvc - ok
    18:24:56.0613 5364 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    18:24:56.0614 5364 Parport - ok
    18:24:56.0617 5364 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:24:56.0618 5364 partmgr - ok
    18:24:56.0622 5364 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:24:56.0626 5364 PcaSvc - ok
    18:24:56.0631 5364 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:24:56.0632 5364 pci - ok
    18:24:56.0634 5364 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:24:56.0635 5364 pciide - ok
    18:24:56.0638 5364 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    18:24:56.0641 5364 pcmcia - ok
    18:24:56.0643 5364 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    18:24:56.0645 5364 pcouffin - ok
    18:24:56.0647 5364 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:24:56.0648 5364 pcw - ok
    18:24:56.0656 5364 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:24:56.0664 5364 PEAUTH - ok
    18:24:56.0667 5364 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:24:56.0669 5364 PerfHost - ok
    18:24:56.0684 5364 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:24:56.0695 5364 pla - ok
    18:24:56.0703 5364 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:24:56.0708 5364 PlugPlay - ok
    18:24:56.0710 5364 PnkBstrA - ok
    18:24:56.0713 5364 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:24:56.0714 5364 PNRPAutoReg - ok
    18:24:56.0719 5364 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:24:56.0721 5364 PNRPsvc - ok
    18:24:56.0727 5364 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:24:56.0732 5364 PolicyAgent - ok
    18:24:56.0737 5364 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:24:56.0739 5364 Power - ok
    18:24:56.0743 5364 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:24:56.0744 5364 PptpMiniport - ok
    18:24:56.0747 5364 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    18:24:56.0748 5364 Processor - ok
    18:24:56.0752 5364 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:24:56.0754 5364 ProfSvc - ok
    18:24:56.0757 5364 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:24:56.0757 5364 ProtectedStorage - ok
    18:24:56.0761 5364 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:24:56.0762 5364 Psched - ok
    18:24:56.0765 5364 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    18:24:56.0765 5364 PxHlpa64 - ok
    18:24:56.0781 5364 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    18:24:56.0794 5364 ql2300 - ok
    18:24:56.0797 5364 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    18:24:56.0799 5364 ql40xx - ok
    18:24:56.0802 5364 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:24:56.0805 5364 QWAVE - ok
    18:24:56.0808 5364 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:24:56.0809 5364 QWAVEdrv - ok
    18:24:56.0810 5364 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:24:56.0811 5364 RasAcd - ok
    18:24:56.0814 5364 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:24:56.0814 5364 RasAgileVpn - ok
    18:24:56.0817 5364 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:24:56.0821 5364 RasAuto - ok
    18:24:56.0824 5364 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:24:56.0825 5364 Rasl2tp - ok
    18:24:56.0830 5364 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:24:56.0834 5364 RasMan - ok
    18:24:56.0836 5364 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:24:56.0837 5364 RasPppoe - ok
    18:24:56.0840 5364 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:24:56.0841 5364 RasSstp - ok
    18:24:56.0847 5364 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:24:56.0851 5364 rdbss - ok
    18:24:56.0853 5364 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    18:24:56.0854 5364 rdpbus - ok
    18:24:56.0856 5364 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:24:56.0856 5364 RDPCDD - ok
    18:24:56.0859 5364 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:24:56.0859 5364 RDPENCDD - ok
    18:24:56.0862 5364 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:24:56.0862 5364 RDPREFMP - ok
    18:24:56.0866 5364 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:24:56.0868 5364 RDPWD - ok
    18:24:56.0872 5364 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:24:56.0875 5364 rdyboost - ok
    18:24:56.0878 5364 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:24:56.0880 5364 RemoteAccess - ok
    18:24:56.0883 5364 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:24:56.0886 5364 RemoteRegistry - ok
    18:24:56.0888 5364 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:24:56.0890 5364 RpcEptMapper - ok
    18:24:56.0892 5364 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:24:56.0893 5364 RpcLocator - ok
    18:24:56.0901 5364 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:24:56.0903 5364 RpcSs - ok
    18:24:56.0906 5364 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:24:56.0908 5364 rspndr - ok
    18:24:56.0913 5364 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
    18:24:56.0916 5364 RTHDMIAzAudService - ok
    18:24:56.0923 5364 [ 0039DE6A0A1293889A3F21ECC473263D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:24:56.0927 5364 RTL8167 - ok
    18:24:56.0930 5364 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:24:56.0930 5364 SamSs - ok
    18:24:56.0943 5364 [ 90AFEDD698D05E0798EC11A4C55DA13D ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
    18:24:56.0948 5364 Samsung Network Fax Server - ok
    18:24:56.0951 5364 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:24:56.0952 5364 sbp2port - ok
    18:24:56.0956 5364 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:24:56.0959 5364 SCardSvr - ok
    18:24:56.0961 5364 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:24:56.0962 5364 scfilter - ok
    18:24:56.0974 5364 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:24:56.0985 5364 Schedule - ok
    18:24:56.0988 5364 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:24:56.0989 5364 SCPolicySvc - ok
    18:24:56.0992 5364 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:24:56.0995 5364 SDRSVC - ok
    18:24:57.0007 5364 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    18:24:57.0011 5364 SDScannerService - ok
    18:24:57.0026 5364 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    18:24:57.0031 5364 SDUpdateService - ok
    18:24:57.0035 5364 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    18:24:57.0036 5364 SDWSCService - ok
    18:24:57.0038 5364 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:24:57.0039 5364 secdrv - ok
    18:24:57.0041 5364 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:24:57.0043 5364 seclogon - ok
    18:24:57.0045 5364 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:24:57.0047 5364 SENS - ok
    18:24:57.0049 5364 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:24:57.0051 5364 SensrSvc - ok
    18:24:57.0052 5364 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:24:57.0053 5364 Serenum - ok
    18:24:57.0056 5364 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:24:57.0057 5364 Serial - ok
    18:24:57.0059 5364 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    18:24:57.0060 5364 sermouse - ok
    18:24:57.0066 5364 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:24:57.0068 5364 SessionEnv - ok
    18:24:57.0070 5364 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:24:57.0071 5364 sffdisk - ok
    18:24:57.0072 5364 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:24:57.0073 5364 sffp_mmc - ok
    18:24:57.0075 5364 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:24:57.0076 5364 sffp_sd - ok
    18:24:57.0078 5364 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    18:24:57.0078 5364 sfloppy - ok
    18:24:57.0083 5364 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:24:57.0086 5364 SharedAccess - ok
    18:24:57.0092 5364 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:24:57.0096 5364 ShellHWDetection - ok
    18:24:57.0098 5364 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    18:24:57.0100 5364 SiSRaid2 - ok
    18:24:57.0102 5364 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    18:24:57.0103 5364 SiSRaid4 - ok
    18:24:57.0105 5364 [ D335450B591CA26F421D7F975399DDC3 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
    18:24:57.0106 5364 SMARTMouseFilterx64 - ok
    18:24:57.0108 5364 [ CE70BFC09969B480627D0ED8DD7B3943 ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    18:24:57.0109 5364 SMARTVHidMiniVistaAmd64 - ok
    18:24:57.0111 5364 [ 9EB228E604FA70636E5A3C7C2A2FE304 ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
    18:24:57.0112 5364 SMARTVTabletPCx64 - ok
    18:24:57.0114 5364 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:24:57.0116 5364 Smb - ok
    18:24:57.0121 5364 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:24:57.0122 5364 SNMPTRAP - ok
    18:24:57.0124 5364 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:24:57.0125 5364 spldr - ok
    18:24:57.0132 5364 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    18:24:57.0137 5364 Spooler - ok
    18:24:57.0185 5364 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:24:57.0230 5364 sppsvc - ok
    18:24:57.0233 5364 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:24:57.0235 5364 sppuinotify - ok
    18:24:57.0243 5364 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:24:57.0249 5364 srv - ok
    18:24:57.0256 5364 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:24:57.0261 5364 srv2 - ok
    18:24:57.0264 5364 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:24:57.0266 5364 srvnet - ok
    18:24:57.0272 5364 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:24:57.0276 5364 SSDPSRV - ok
    18:24:57.0280 5364 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
    18:24:57.0280 5364 SSPORT - ok
    18:24:57.0283 5364 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:24:57.0284 5364 SstpSvc - ok
    18:24:57.0289 5364 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    18:24:57.0292 5364 ssudmdm - ok
    18:24:57.0294 5364 Steam Client Service - ok
    18:24:57.0297 5364 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    18:24:57.0298 5364 stexstor - ok
    18:24:57.0305 5364 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:24:57.0311 5364 stisvc - ok
    18:24:57.0313 5364 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    18:24:57.0314 5364 swenum - ok
    18:24:57.0323 5364 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    18:24:57.0327 5364 SwitchBoard - ok
    18:24:57.0334 5364 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:24:57.0341 5364 swprv - ok
    18:24:57.0364 5364 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:24:57.0386 5364 SysMain - ok
    18:24:57.0391 5364 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:24:57.0395 5364 TabletInputService - ok
    18:24:57.0400 5364 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:24:57.0404 5364 TapiSrv - ok
    18:24:57.0407 5364 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:24:57.0408 5364 TBS - ok
    18:24:57.0428 5364 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:24:57.0443 5364 Tcpip - ok
    18:24:57.0461 5364 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:24:57.0467 5364 TCPIP6 - ok
    18:24:57.0471 5364 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:24:57.0473 5364 tcpipreg - ok
    18:24:57.0476 5364 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:24:57.0477 5364 TDPIPE - ok
    18:24:57.0479 5364 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:24:57.0484 5364 TDTCP - ok
    18:24:57.0487 5364 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:24:57.0489 5364 tdx - ok
    18:24:57.0492 5364 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    18:24:57.0493 5364 TermDD - ok
    18:24:57.0502 5364 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:24:57.0510 5364 TermService - ok
    18:24:57.0513 5364 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:24:57.0515 5364 Themes - ok
    18:24:57.0518 5364 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:24:57.0519 5364 THREADORDER - ok
    18:24:57.0524 5364 [ 0B345FB8427D0DAAD7D82C74B9961C87 ] TridVid C:\Windows\system32\DRIVERS\tridvid6010.sys
    18:24:57.0528 5364 TridVid - ok
    18:24:57.0532 5364 [ F076F439830D4D6A4F9D7E5615BA7268 ] TridVid64 C:\Windows\system32\DRIVERS\TridVid64.sys
    18:24:57.0543 5364 TridVid64 - ok
    18:24:57.0548 5364 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:24:57.0551 5364 TrkWks - ok
    18:24:57.0555 5364 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:24:57.0556 5364 TrustedInstaller - ok
    18:24:57.0560 5364 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:24:57.0561 5364 tssecsrv - ok
    18:24:57.0563 5364 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:24:57.0564 5364 TsUsbFlt - ok
    18:24:57.0566 5364 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    18:24:57.0567 5364 TsUsbGD - ok
    18:24:57.0570 5364 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:24:57.0571 5364 tunnel - ok
    18:24:57.0576 5364 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    18:24:57.0577 5364 uagp35 - ok
    18:24:57.0582 5364 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:24:57.0585 5364 udfs - ok
    18:24:57.0590 5364 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:24:57.0591 5364 UI0Detect - ok
    18:24:57.0594 5364 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:24:57.0595 5364 uliagpkx - ok
    18:24:57.0597 5364 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    18:24:57.0599 5364 umbus - ok
    18:24:57.0601 5364 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:24:57.0601 5364 UmPass - ok
    18:24:57.0631 5364 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    18:24:57.0640 5364 UNS - ok
    18:24:57.0647 5364 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:24:57.0652 5364 upnphost - ok
    18:24:57.0655 5364 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    18:24:57.0657 5364 USBAAPL64 - ok
    18:24:57.0660 5364 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:24:57.0661 5364 usbaudio - ok
    18:24:57.0664 5364 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:24:57.0665 5364 usbccgp - ok
    18:24:57.0668 5364 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:24:57.0670 5364 usbcir - ok
    18:24:57.0672 5364 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    18:24:57.0673 5364 usbehci - ok
    18:24:57.0678 5364 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:24:57.0681 5364 usbhub - ok
    18:24:57.0684 5364 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    18:24:57.0685 5364 usbohci - ok
    18:24:57.0687 5364 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:24:57.0687 5364 usbprint - ok
    18:24:57.0690 5364 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:24:57.0691 5364 USBSTOR - ok
    18:24:57.0693 5364 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:24:57.0695 5364 usbuhci - ok
    18:24:57.0697 5364 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:24:57.0698 5364 UxSms - ok
    18:24:57.0700 5364 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:24:57.0701 5364 VaultSvc - ok
    18:24:57.0703 5364 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:24:57.0704 5364 vdrvroot - ok
    18:24:57.0712 5364 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:24:57.0720 5364 vds - ok
    18:24:57.0723 5364 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:24:57.0724 5364 vga - ok
    18:24:57.0726 5364 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:24:57.0727 5364 VgaSave - ok
    18:24:57.0731 5364 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:24:57.0733 5364 vhdmp - ok
    18:24:57.0735 5364 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:24:57.0736 5364 viaide - ok
    18:24:57.0812 5364 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Virgin Mobile. RunOuc F:\Program Files (x86)\Virgin Mobile\UpdateDog\ouc.exe
    18:24:57.0813 5364 Virgin Mobile. RunOuc - ok
    18:24:57.0817 5364 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:24:57.0818 5364 volmgr - ok
    18:24:57.0823 5364 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:24:57.0826 5364 volmgrx - ok
    18:24:57.0831 5364 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:24:57.0834 5364 volsnap - ok
    18:24:57.0838 5364 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    18:24:57.0840 5364 vsmraid - ok
    18:24:57.0858 5364 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:24:57.0874 5364 VSS - ok
    18:24:57.0877 5364 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    18:24:57.0878 5364 vwifibus - ok
    18:24:57.0884 5364 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:24:57.0889 5364 W32Time - ok
    18:24:57.0892 5364 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    18:24:57.0893 5364 WacomPen - ok
    18:24:57.0896 5364 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:24:57.0897 5364 WANARP - ok
    18:24:57.0899 5364 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:24:57.0900 5364 Wanarpv6 - ok
    18:24:57.0914 5364 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:24:57.0926 5364 WatAdminSvc - ok
    18:24:57.0941 5364 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:24:57.0954 5364 wbengine - ok
    18:24:57.0958 5364 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:24:57.0960 5364 WbioSrvc - ok
    18:24:57.0965 5364 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:24:57.0969 5364 wcncsvc - ok
    18:24:57.0971 5364 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:24:57.0973 5364 WcsPlugInService - ok
    18:24:57.0975 5364 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    18:24:57.0976 5364 Wd - ok
    18:24:57.0978 5364 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    18:24:57.0979 5364 WDC_SAM - ok
    18:24:57.0988 5364 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:24:57.0994 5364 Wdf01000 - ok
    18:24:57.0997 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:24:57.0999 5364 WdiServiceHost - ok
    18:24:58.0002 5364 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:24:58.0003 5364 WdiSystemHost - ok
    18:24:58.0007 5364 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:24:58.0010 5364 WebClient - ok
    18:24:58.0014 5364 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:24:58.0017 5364 Wecsvc - ok
    18:24:58.0020 5364 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:24:58.0022 5364 wercplsupport - ok
    18:24:58.0024 5364 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:24:58.0027 5364 WerSvc - ok
    18:24:58.0029 5364 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:24:58.0029 5364 WfpLwf - ok
    18:24:58.0032 5364 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:24:58.0032 5364 WIMMount - ok
    18:24:58.0034 5364 WinDefend - ok
    18:24:58.0038 5364 WinHttpAutoProxySvc - ok
    18:24:58.0047 5364 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:24:58.0050 5364 Winmgmt - ok
    18:24:58.0074 5364 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:24:58.0097 5364 WinRM - ok
    18:24:58.0103 5364 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:24:58.0104 5364 WinUsb - ok
    18:24:58.0113 5364 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:24:58.0121 5364 Wlansvc - ok
    18:24:58.0144 5364 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:24:58.0161 5364 wlidsvc - ok
    18:24:58.0164 5364 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    18:24:58.0164 5364 WmiAcpi - ok
    18:24:58.0169 5364 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:24:58.0171 5364 wmiApSrv - ok
    18:24:58.0174 5364 WMPNetworkSvc - ok
    18:24:58.0176 5364 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:24:58.0178 5364 WPCSvc - ok
    18:24:58.0180 5364 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:24:58.0183 5364 WPDBusEnum - ok
    18:24:58.0185 5364 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:24:58.0185 5364 ws2ifsl - ok
    18:24:58.0188 5364 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    18:24:58.0191 5364 wscsvc - ok
    18:24:58.0192 5364 WSearch - ok
    18:24:58.0215 5364 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    18:24:58.0234 5364 wuauserv - ok
    18:24:58.0238 5364 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:24:58.0239 5364 WudfPf - ok
    18:24:58.0244 5364 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:24:58.0246 5364 WUDFRd - ok
    18:24:58.0249 5364 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:24:58.0251 5364 wudfsvc - ok
    18:24:58.0255 5364 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:24:58.0258 5364 WwanSvc - ok
    18:24:58.0262 5364 ================ Scan global ===============================
    18:24:58.0265 5364 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:24:58.0270 5364 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    18:24:58.0275 5364 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
    18:24:58.0278 5364 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:24:58.0285 5364 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:24:58.0290 5364 [Global] - ok
    18:24:58.0290 5364 ================ Scan MBR ==================================
    18:24:58.0291 5364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    18:24:58.0414 5364 \Device\Harddisk0\DR0 - ok
    18:24:58.0418 5364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    18:24:58.0420 5364 \Device\Harddisk1\DR1 - ok
    18:24:58.0423 5364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
    18:24:58.0425 5364 \Device\Harddisk2\DR2 - ok
    18:24:58.0426 5364 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
    18:24:58.0428 5364 \Device\Harddisk3\DR3 - ok
    18:24:58.0430 5364 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR6
    18:24:58.0434 5364 \Device\Harddisk5\DR6 - ok
    18:24:58.0434 5364 ================ Scan VBR ==================================
    18:24:58.0436 5364 [ 6C0F2BF058745D74A56B6C9E52E75361 ] \Device\Harddisk0\DR0\Partition1
    18:24:58.0436 5364 \Device\Harddisk0\DR0\Partition1 - ok
    18:24:58.0438 5364 [ 025C1312D4F7F8007548A459E08B459B ] \Device\Harddisk0\DR0\Partition2
    18:24:58.0439 5364 \Device\Harddisk0\DR0\Partition2 - ok
    18:24:58.0440 5364 [ A9365E6905046DFD5BA811E736B4DC66 ] \Device\Harddisk1\DR1\Partition1
    18:24:58.0441 5364 \Device\Harddisk1\DR1\Partition1 - ok
    18:24:58.0442 5364 [ EFCB0030A0CF9D6356C5366532631B4B ] \Device\Harddisk2\DR2\Partition1
    18:24:58.0443 5364 \Device\Harddisk2\DR2\Partition1 - ok
    18:24:58.0445 5364 [ 38817CE766FED3B8A742443DCF18AF10 ] \Device\Harddisk3\DR3\Partition1
    18:24:58.0446 5364 \Device\Harddisk3\DR3\Partition1 - ok
    18:24:58.0448 5364 [ B06E0E2F4A6AA8FA06D89EEB21E5EDBA ] \Device\Harddisk5\DR6\Partition1
    18:24:58.0449 5364 \Device\Harddisk5\DR6\Partition1 - ok
    18:24:58.0450 5364 ============================================================
    18:24:58.0450 5364 Scan finished
    18:24:58.0450 5364 ============================================================
    18:24:58.0455 4820 Detected object count: 0
    18:24:58.0455 4820 Actual detected object count: 0
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    that isn't showing anything
    next step
    first
    use the Microsoft fixit tool on http://support.microsoft.com/kb/972034 to reset hosts to default
    reboot then
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  13. kernal23

    kernal23 Thread Starter

    Joined:
    Mar 28, 2013
    Messages:
    8
    Hi Derek

    Sorry for the delay. Been sick with cold/flu and totally lost track of life.

    I have been told by the rest of the family that the problem does not happen anymore. Do you suggest continuing with your last post? or do I keep following your instructions?
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,219
    First Name:
    Derek
    nothing we have done appears to have fixed it, so it might just be dormant. It is your choice. If you are happy then leave it as it is. If it continues then carry on with the instructions
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1094514

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice