Google redirect, media.podshow popup

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
I got a virus and now every time i google it will redirect me to a different webpage while using firefox. If i use google search on google chrome, it will lock up google chrome all together. Im also having random pop ups on my computer asking me where to save download for media.podshow.com.

Heres the Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:10 PM, on 11/27/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Users\Barry\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search

Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P

DellSupportCenter
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent

--no_ui
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler

\Launcher.exe
O4 - HKCU\..\Run: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.exe" -

autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default

user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file

missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix

\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file

missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA

Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM

\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files

(x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate

Dashboard\SeagateDashboardService.exe
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file

missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local

Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

(file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

(file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam

\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files

(x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared

\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file

missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock

\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 12962 bytes

Here is the DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Barry at 12:09:47 on 2011-11-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5847 [GMT -6:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.exe" -autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12
TCP: Interfaces\{807B17E4-9DD3-418B-B4A0-39B18CC568C8} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{807B17E4-9DD3-418B-B4A0-39B18CC568C8} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12
TCP: Interfaces\{FAECCDD6-624F-4266-9C25-19F70E95D2BC} : DhcpNameServer = 168.94.0.15 168.94.0.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: WBSrv - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun-x64: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\kvr4kaw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\kvr4kaw5.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Barry\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Barry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-10 2253120]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-14 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-11-14 633088]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-22 1153368]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-11-27 17:17:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C248D452-B096-4FBD-85A3-8C0E4EC6958A}\offreg.dll
2011-11-23 19:53:00 -------- d-----w- C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2011-11-23 19:51:29 8984 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2011-11-23 19:51:29 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2011-11-23 19:51:29 1612184 ----a-w- C:\Windows\System32\nvdispco642090.dll
2011-11-23 19:51:29 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
2011-11-23 19:51:29 1357720 ----a-w- C:\Windows\System32\nvgenco642040.dll
2011-11-23 19:51:29 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2011-11-23 02:17:11 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2011-11-23 01:32:47 -------- d-----w- C:\Users\Barry\AppData\Roaming\Origin
2011-11-23 01:32:46 -------- d-----w- C:\Users\Barry\AppData\Local\Origin
2011-11-23 01:32:07 -------- d-----w- C:\Program Files (x86)\Origin
2011-11-22 23:17:32 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C248D452-B096-4FBD-85A3-8C0E4EC6958A}\mpengine.dll
2011-11-22 18:29:30 -------- d-----w- C:\Users\Barry\AppData\Roaming\Malwarebytes
2011-11-22 18:29:21 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-22 18:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-21 04:07:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-21 04:07:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-21 02:24:56 -------- d-----w- C:\ProgramData\STOPzilla!
2011-11-18 17:00:58 16383 ----a-w- C:\Users\Barry\AppData\Roaming\gayashell.exe
2011-11-18 17:00:58 16383 ----a-w- C:\Users\Barry\AppData\Roaming\2698.tmp
2011-11-17 05:20:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-11-17 02:33:30 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-16 19:37:21 -------- d-----w- C:\Program Files\iTunes
2011-11-16 19:37:21 -------- d-----w- C:\Program Files\iPod
2011-11-16 19:37:21 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-15 22:28:01 -------- d-----w- C:\Program Files (x86)\LP
2011-11-15 00:44:34 91832 ----a-w- C:\Windows\System32\WRusr.dll
2011-11-15 00:44:34 141272 ----a-w- C:\Windows\SysWow64\WRusr.dll
2011-11-15 00:44:34 108896 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2011-11-15 00:44:34 -------- d-----w- C:\Program Files\Webroot
2011-11-15 00:44:30 -------- d-----w- C:\ProgramData\WRData
2011-11-14 19:33:58 -------- d-----w- C:\Users\Barry\AppData\Roaming\FVVVellIBtzPyc1
2011-11-14 19:33:57 -------- d-----w- C:\Users\Barry\AppData\Roaming\AgRRRZ9hYXwj
2011-11-14 19:33:54 257024 ----a-w- C:\Users\Barry\taskmgr.exe
2011-11-14 19:33:54 -------- d-----w- C:\Users\Barry\AppData\Roaming\S33ppmGG5aQ6dK8
2011-11-14 19:33:53 -------- d-----w- C:\Users\Barry\AppData\Roaming\qtttzPPNycAuv2o
2011-11-14 19:33:53 -------- d-----w- C:\Users\Barry\AppData\Roaming\I5ssQQJ7dEK8RZh
2011-11-11 05:46:31 -------- d-----w- C:\Program Files\CCleaner
2011-11-11 01:18:07 -------- d-----w- C:\Users\Barry\AppData\Roaming\xelItPNyc1v2b4
2011-11-11 01:18:07 -------- d-----w- C:\Users\Barry\AppData\Roaming\NH5sQJ7dE8R9YwU
2011-11-10 23:43:23 -------- d-----we C:\Windows\system64
2011-11-10 23:43:10 -------- d-----w- C:\Users\Barry\AppData\Roaming\811FA
2011-11-10 23:42:50 -------- d-----w- C:\Users\Barry\AppData\Roaming\86581
2011-11-10 23:42:39 -------- d-----w- C:\Users\Barry\AppData\Roaming\NeeelOOBtzP0cA
2011-11-10 23:42:31 -------- d-----w- C:\Users\Barry\AppData\Roaming\lQQQJ66dWK8RLhT
2011-11-10 23:42:30 -------- d-----w- C:\Users\Barry\AppData\Roaming\wXXwjjUVelIBtPy
2011-11-10 23:42:29 -------- d-----w- C:\Users\Barry\AppData\Roaming\K33oonFF4aH5sJ7
2011-11-10 07:52:45 1452648 ----a-w- C:\Windows\System32\nvhdagenco6420102.dll
2011-11-10 07:52:44 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-11-10 07:52:44 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-11-10 07:35:23 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-11-10 05:20:16 -------- d-----w- C:\ProgramData\Origin
2011-11-10 05:20:16 -------- d-----w- C:\ProgramData\Electronic Arts
2011-11-10 05:20:16 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-11-08 05:39:42 -------- d-----w- C:\ProgramData\iRinger
2011-11-08 04:04:52 -------- d-----w- C:\Users\Barry\AppData\Roaming\redsn0w
2011-11-06 04:27:12 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 04:27:12 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-11-26 07:19:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-11-26 07:19:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-11-25 21:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-11-23 20:06:54 0 ----a-w- C:\Windows\System32\SETDCD5.tmp
2011-11-14 19:28:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 07:35:02 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 06:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-10-12 21:47:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-12 21:47:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
.
============= FINISH: 12:18:32.94 ===============
 

Attachments

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

BitTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.
 

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
Thanks for replying i deleted bittorrent, and ran the program you linked me.

here is the log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 11:04:45
-----------------------------
11:04:45.858 OS Version: Windows x64 6.1.7601 Service Pack 1
11:04:45.858 Number of processors: 4 586 0x2502
11:04:45.859 ComputerName: BARRY-PC UserName: Barry
11:04:50.129 Initialize success
11:05:26.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:05:26.810 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
11:05:26.829 Disk 0 MBR read successfully
11:05:26.831 Disk 0 MBR scan
11:05:26.833 Disk 0 Windows VISTA default MBR code
11:05:26.835 Service scanning
11:05:29.920 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
11:05:30.428 Modules scanning
11:05:30.433 Disk 0 trace - called modules:
11:05:30.453 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007e6c334]<<
11:05:30.459 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e59060]
11:05:30.465 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007ba6050]
11:05:30.471 \Driver\iaStor[0xfffffa8007ab4630] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007e6c334
11:05:30.475 Scan finished successfully
11:09:12.189 Disk 0 MBR has been saved successfully to "C:\Users\Barry\Downloads\MBR.dat"
11:09:12.193 The log file has been saved successfully to "C:\Users\Barry\Downloads\aswMBR.txt"
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
11:23:45.0924 5100 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
11:23:46.0077 5100 ============================================================
11:23:46.0077 5100 Current date / time: 2011/12/04 11:23:46.0077
11:23:46.0077 5100 SystemInfo:
11:23:46.0077 5100
11:23:46.0077 5100 OS Version: 6.1.7601 ServicePack: 1.0
11:23:46.0077 5100 Product type: Workstation
11:23:46.0077 5100 ComputerName: BARRY-PC
11:23:46.0077 5100 UserName: Barry
11:23:46.0077 5100 Windows directory: C:\Windows
11:23:46.0077 5100 System windows directory: C:\Windows
11:23:46.0077 5100 Running under WOW64
11:23:46.0077 5100 Processor architecture: Intel x64
11:23:46.0077 5100 Number of processors: 4
11:23:46.0077 5100 Page size: 0x1000
11:23:46.0077 5100 Boot type: Normal boot
11:23:46.0077 5100 ============================================================
11:23:50.0626 5100 Initialize success
11:23:55.0106 6052 ============================================================
11:23:55.0106 6052 Scan started
11:23:55.0106 6052 Mode: Manual;
11:23:55.0106 6052 ============================================================
11:23:56.0439 6052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:23:56.0441 6052 1394ohci - ok
11:23:56.0464 6052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:23:56.0469 6052 ACPI - ok
11:23:56.0505 6052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:23:56.0506 6052 AcpiPmi - ok
11:23:56.0546 6052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:56.0553 6052 adp94xx - ok
11:23:56.0581 6052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:23:56.0585 6052 adpahci - ok
11:23:56.0610 6052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:23:56.0613 6052 adpu320 - ok
11:23:56.0689 6052 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:23:56.0697 6052 AFD - ok
11:23:56.0733 6052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:23:56.0735 6052 agp440 - ok
11:23:56.0775 6052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:23:56.0777 6052 aliide - ok
11:23:56.0789 6052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:23:56.0790 6052 amdide - ok
11:23:56.0806 6052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:23:56.0808 6052 AmdK8 - ok
11:23:56.0820 6052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:23:56.0822 6052 AmdPPM - ok
11:23:56.0835 6052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:23:56.0837 6052 amdsata - ok
11:23:56.0853 6052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:56.0856 6052 amdsbs - ok
11:23:56.0874 6052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:23:56.0874 6052 amdxata - ok
11:23:56.0917 6052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:23:56.0919 6052 AppID - ok
11:23:56.0960 6052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:23:56.0962 6052 arc - ok
11:23:56.0977 6052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:23:56.0980 6052 arcsas - ok
11:23:57.0014 6052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:57.0015 6052 AsyncMac - ok
11:23:57.0042 6052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:23:57.0044 6052 atapi - ok
11:23:57.0085 6052 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
11:23:57.0107 6052 athr - ok
11:23:57.0135 6052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:23:57.0139 6052 b06bdrv - ok
11:23:57.0182 6052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:23:57.0187 6052 b57nd60a - ok
11:23:57.0216 6052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:23:57.0217 6052 Beep - ok
11:23:57.0251 6052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:57.0252 6052 blbdrive - ok
11:23:57.0297 6052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:23:57.0299 6052 bowser - ok
11:23:57.0313 6052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:57.0315 6052 BrFiltLo - ok
11:23:57.0333 6052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:57.0334 6052 BrFiltUp - ok
11:23:57.0355 6052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:23:57.0360 6052 Brserid - ok
11:23:57.0380 6052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:57.0382 6052 BrSerWdm - ok
11:23:57.0404 6052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:57.0406 6052 BrUsbMdm - ok
11:23:57.0430 6052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:23:57.0432 6052 BrUsbSer - ok
11:23:57.0447 6052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:57.0449 6052 BTHMODEM - ok
11:23:57.0473 6052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:23:57.0475 6052 cdfs - ok
11:23:57.0496 6052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:23:57.0498 6052 cdrom - ok
11:23:57.0520 6052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:23:57.0522 6052 circlass - ok
11:23:57.0551 6052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:23:57.0559 6052 CLFS - ok
11:23:57.0588 6052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:57.0590 6052 CmBatt - ok
11:23:57.0652 6052 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
11:23:57.0658 6052 cmdGuard - ok
11:23:57.0683 6052 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:23:57.0684 6052 cmdHlp - ok
11:23:57.0700 6052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:23:57.0702 6052 cmdide - ok
11:23:57.0752 6052 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:23:57.0759 6052 CNG - ok
11:23:57.0774 6052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:23:57.0776 6052 Compbatt - ok
11:23:57.0791 6052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:23:57.0793 6052 CompositeBus - ok
11:23:57.0818 6052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:57.0819 6052 crcdisk - ok
11:23:57.0874 6052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:23:57.0876 6052 DfsC - ok
11:23:57.0893 6052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:23:57.0894 6052 discache - ok
11:23:57.0911 6052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:23:57.0913 6052 Disk - ok
11:23:57.0943 6052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:23:57.0944 6052 drmkaud - ok
11:23:58.0003 6052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:23:58.0013 6052 DXGKrnl - ok
11:23:58.0095 6052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:23:58.0167 6052 ebdrv - ok
11:23:58.0214 6052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:23:58.0219 6052 elxstor - ok
11:23:58.0241 6052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:23:58.0243 6052 ErrDev - ok
11:23:58.0266 6052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:23:58.0270 6052 exfat - ok
11:23:58.0291 6052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:23:58.0294 6052 fastfat - ok
11:23:58.0312 6052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:23:58.0314 6052 fdc - ok
11:23:58.0338 6052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:23:58.0340 6052 FileInfo - ok
11:23:58.0358 6052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:23:58.0359 6052 Filetrace - ok
11:23:58.0379 6052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:58.0380 6052 flpydisk - ok
11:23:58.0425 6052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:23:58.0430 6052 FltMgr - ok
11:23:58.0828 6052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:23:58.0830 6052 FsDepends - ok
11:23:58.0843 6052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:23:58.0845 6052 Fs_Rec - ok
11:23:58.0889 6052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:23:58.0893 6052 fvevol - ok
11:23:58.0908 6052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:58.0910 6052 gagp30kx - ok
11:23:58.0939 6052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:23:58.0941 6052 GEARAspiWDM - ok
11:23:58.0977 6052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:23:58.0978 6052 hcw85cir - ok
11:23:58.0999 6052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:23:59.0001 6052 HDAudBus - ok
11:23:59.0018 6052 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:23:59.0020 6052 HECIx64 - ok
11:23:59.0038 6052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:59.0040 6052 HidBatt - ok
11:23:59.0057 6052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:23:59.0059 6052 HidBth - ok
11:23:59.0072 6052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:23:59.0075 6052 HidIr - ok
11:23:59.0093 6052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:23:59.0095 6052 HidUsb - ok
11:23:59.0117 6052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:23:59.0119 6052 HpSAMD - ok
11:23:59.0167 6052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:23:59.0178 6052 HTTP - ok
11:23:59.0211 6052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:23:59.0212 6052 hwpolicy - ok
11:23:59.0228 6052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:23:59.0232 6052 i8042prt - ok
11:23:59.0261 6052 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
11:23:59.0266 6052 iaStor - ok
11:23:59.0307 6052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:23:59.0315 6052 iaStorV - ok
11:23:59.0337 6052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:23:59.0338 6052 iirsp - ok
11:23:59.0373 6052 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
11:23:59.0375 6052 inspect - ok
11:23:59.0439 6052 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
11:23:59.0455 6052 IntcAzAudAddService - ok
11:23:59.0471 6052 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:23:59.0474 6052 IntcDAud - ok
11:23:59.0492 6052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:23:59.0493 6052 intelide - ok
11:23:59.0527 6052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:23:59.0529 6052 intelppm - ok
11:23:59.0576 6052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:59.0579 6052 IpFilterDriver - ok
11:23:59.0600 6052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:23:59.0603 6052 IPMIDRV - ok
11:23:59.0632 6052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:23:59.0635 6052 IPNAT - ok
11:23:59.0671 6052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:23:59.0673 6052 IRENUM - ok
11:23:59.0689 6052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:23:59.0692 6052 isapnp - ok
11:23:59.0713 6052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:23:59.0718 6052 iScsiPrt - ok
11:23:59.0754 6052 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:23:59.0758 6052 k57nd60a - ok
11:23:59.0788 6052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:59.0790 6052 kbdclass - ok
11:23:59.0807 6052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:59.0809 6052 kbdhid - ok
11:23:59.0839 6052 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:23:59.0842 6052 KSecDD - ok
11:23:59.0871 6052 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:23:59.0874 6052 KSecPkg - ok
11:23:59.0883 6052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:23:59.0884 6052 ksthunk - ok
11:23:59.0911 6052 libusb0 - ok
11:23:59.0934 6052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:23:59.0936 6052 lltdio - ok
11:23:59.0970 6052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:59.0973 6052 LSI_FC - ok
11:23:59.0988 6052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:59.0991 6052 LSI_SAS - ok
11:24:00.0008 6052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:24:00.0010 6052 LSI_SAS2 - ok
11:24:00.0028 6052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:24:00.0030 6052 LSI_SCSI - ok
11:24:00.0052 6052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:24:00.0055 6052 luafv - ok
11:24:00.0076 6052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:24:00.0078 6052 megasas - ok
11:24:00.0100 6052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:24:00.0105 6052 MegaSR - ok
11:24:00.0137 6052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:24:00.0139 6052 Modem - ok
11:24:00.0157 6052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:24:00.0159 6052 monitor - ok
11:24:00.0176 6052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:24:00.0178 6052 mouclass - ok
11:24:00.0198 6052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:24:00.0200 6052 mouhid - ok
11:24:00.0239 6052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:24:00.0241 6052 mountmgr - ok
11:24:00.0258 6052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:24:00.0262 6052 mpio - ok
11:24:00.0285 6052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:24:00.0287 6052 mpsdrv - ok
11:24:00.0310 6052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:24:00.0314 6052 MRxDAV - ok
11:24:00.0353 6052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:24:00.0356 6052 mrxsmb - ok
11:24:00.0404 6052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:24:00.0409 6052 mrxsmb10 - ok
11:24:00.0437 6052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:24:00.0440 6052 mrxsmb20 - ok
11:24:00.0461 6052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:24:00.0462 6052 msahci - ok
11:24:00.0480 6052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:24:00.0482 6052 msdsm - ok
11:24:00.0500 6052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:24:00.0502 6052 Msfs - ok
11:24:00.0514 6052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:24:00.0516 6052 mshidkmdf - ok
11:24:00.0544 6052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:24:00.0546 6052 msisadrv - ok
11:24:00.0573 6052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:24:00.0576 6052 MSKSSRV - ok
11:24:00.0585 6052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:24:00.0587 6052 MSPCLOCK - ok
11:24:00.0598 6052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:24:00.0600 6052 MSPQM - ok
11:24:00.0620 6052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:24:00.0624 6052 MsRPC - ok
11:24:00.0645 6052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:24:00.0647 6052 mssmbios - ok
11:24:00.0660 6052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:24:00.0662 6052 MSTEE - ok
11:24:00.0675 6052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:24:00.0677 6052 MTConfig - ok
11:24:00.0699 6052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:24:00.0700 6052 Mup - ok
11:24:00.0725 6052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:24:00.0731 6052 NativeWifiP - ok
11:24:00.0810 6052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:24:00.0824 6052 NDIS - ok
11:24:00.0850 6052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:24:00.0943 6052 NdisCap - ok
11:24:01.0255 6052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:24:01.0257 6052 NdisTapi - ok
11:24:01.0302 6052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:24:01.0304 6052 Ndisuio - ok
11:24:01.0347 6052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:24:01.0351 6052 NdisWan - ok
11:24:01.0379 6052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:24:01.0381 6052 NDProxy - ok
11:24:01.0406 6052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:24:01.0408 6052 NetBIOS - ok
11:24:01.0431 6052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:24:01.0436 6052 NetBT - ok
11:24:01.0473 6052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:24:01.0474 6052 nfrd960 - ok
11:24:01.0484 6052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:24:01.0485 6052 Npfs - ok
11:24:01.0493 6052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:24:01.0495 6052 nsiproxy - ok
11:24:01.0556 6052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:24:01.0593 6052 Ntfs - ok
11:24:01.0609 6052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:24:01.0611 6052 Null - ok
11:24:01.0653 6052 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
11:24:01.0656 6052 NVHDA - ok
11:24:01.0881 6052 nvlddmkm (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:24:01.0932 6052 nvlddmkm - ok
11:24:01.0957 6052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:24:01.0960 6052 nvraid - ok
11:24:01.0985 6052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:24:01.0990 6052 nvstor - ok
11:24:02.0030 6052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:24:02.0034 6052 nv_agp - ok
11:24:02.0056 6052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:24:02.0059 6052 ohci1394 - ok
11:24:02.0099 6052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:24:02.0102 6052 Parport - ok
11:24:02.0121 6052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:24:02.0123 6052 partmgr - ok
11:24:02.0146 6052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:24:02.0149 6052 pci - ok
11:24:02.0165 6052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:24:02.0166 6052 pciide - ok
11:24:02.0188 6052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:24:02.0191 6052 pcmcia - ok
11:24:02.0199 6052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:24:02.0200 6052 pcw - ok
11:24:02.0222 6052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:24:02.0229 6052 PEAUTH - ok
11:24:02.0341 6052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:24:02.0345 6052 PptpMiniport - ok
11:24:02.0367 6052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:24:02.0369 6052 Processor - ok
11:24:02.0398 6052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:24:02.0403 6052 Psched - ok
11:24:02.0438 6052 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:24:02.0440 6052 PxHlpa64 - ok
11:24:02.0477 6052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:24:02.0493 6052 ql2300 - ok
11:24:02.0519 6052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:24:02.0522 6052 ql40xx - ok
11:24:02.0539 6052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:24:02.0541 6052 QWAVEdrv - ok
11:24:02.0558 6052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:24:02.0560 6052 RasAcd - ok
11:24:02.0587 6052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:24:02.0589 6052 RasAgileVpn - ok
11:24:02.0630 6052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:24:02.0634 6052 Rasl2tp - ok
11:24:02.0655 6052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:24:02.0658 6052 RasPppoe - ok
11:24:02.0667 6052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:24:02.0670 6052 RasSstp - ok
11:24:02.0719 6052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:24:02.0725 6052 rdbss - ok
11:24:02.0761 6052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:24:02.0764 6052 rdpbus - ok
11:24:02.0786 6052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:24:02.0788 6052 RDPCDD - ok
11:24:02.0804 6052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:24:02.0806 6052 RDPENCDD - ok
11:24:02.0817 6052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:24:02.0819 6052 RDPREFMP - ok
11:24:02.0841 6052 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:24:02.0846 6052 RDPWD - ok
11:24:02.0869 6052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:24:02.0873 6052 rdyboost - ok
11:24:02.0897 6052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:24:02.0900 6052 rspndr - ok
11:24:02.0907 6052 RxFilter - ok
11:24:02.0949 6052 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:24:02.0949 6052 SASDIFSV - ok
11:24:02.0963 6052 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:24:02.0964 6052 SASKUTIL - ok
11:24:02.0984 6052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:24:02.0989 6052 sbp2port - ok
11:24:03.0027 6052 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
11:24:03.0030 6052 SCDEmu - ok
11:24:03.0069 6052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:24:03.0072 6052 scfilter - ok
11:24:03.0120 6052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:24:03.0122 6052 secdrv - ok
11:24:03.0141 6052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:24:03.0142 6052 Serenum - ok
11:24:03.0159 6052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:24:03.0162 6052 Serial - ok
11:24:03.0186 6052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:24:03.0190 6052 sermouse - ok
11:24:03.0215 6052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:24:03.0217 6052 sffdisk - ok
11:24:03.0228 6052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:24:03.0231 6052 sffp_mmc - ok
11:24:03.0247 6052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:24:03.0248 6052 sffp_sd - ok
11:24:03.0264 6052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:24:03.0267 6052 sfloppy - ok
11:24:03.0672 6052 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:24:03.0681 6052 Sftfs - ok
11:24:03.0697 6052 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:24:03.0700 6052 Sftplay - ok
11:24:03.0717 6052 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:24:03.0718 6052 Sftredir - ok
11:24:03.0735 6052 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:24:03.0736 6052 Sftvol - ok
11:24:03.0754 6052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:24:03.0756 6052 SiSRaid2 - ok
11:24:03.0770 6052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:24:03.0773 6052 SiSRaid4 - ok
11:24:03.0786 6052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:24:03.0788 6052 Smb - ok
11:24:03.0810 6052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:24:03.0811 6052 spldr - ok
11:24:03.0861 6052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:24:03.0870 6052 srv - ok
11:24:03.0893 6052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:24:03.0898 6052 srv2 - ok
11:24:03.0914 6052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:24:03.0918 6052 srvnet - ok
11:24:03.0965 6052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:24:03.0967 6052 stexstor - ok
11:24:03.0985 6052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:24:03.0986 6052 swenum - ok
11:24:04.0035 6052 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
11:24:04.0068 6052 Tcpip - ok
11:24:04.0096 6052 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
11:24:04.0104 6052 TCPIP6 - ok
11:24:04.0137 6052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:24:04.0139 6052 tcpipreg - ok
11:24:04.0154 6052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:24:04.0156 6052 TDPIPE - ok
11:24:04.0164 6052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:24:04.0166 6052 TDTCP - ok
11:24:04.0206 6052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:24:04.0210 6052 tdx - ok
11:24:04.0241 6052 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
11:24:04.0244 6052 teamviewervpn - ok
11:24:04.0262 6052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:24:04.0265 6052 TermDD - ok
11:24:04.0326 6052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:24:04.0329 6052 tssecsrv - ok
11:24:04.0370 6052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:24:04.0374 6052 TsUsbFlt - ok
11:24:04.0424 6052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:24:04.0428 6052 tunnel - ok
11:24:04.0447 6052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:24:04.0451 6052 uagp35 - ok
11:24:04.0499 6052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:24:04.0505 6052 udfs - ok
11:24:04.0544 6052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:24:04.0546 6052 uliagpkx - ok
11:24:04.0564 6052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:24:04.0566 6052 umbus - ok
11:24:04.0586 6052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:24:04.0588 6052 UmPass - ok
11:24:04.0608 6052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:24:04.0611 6052 USBAAPL64 - ok
11:24:04.0626 6052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:24:04.0628 6052 usbccgp - ok
11:24:04.0647 6052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:24:04.0650 6052 usbcir - ok
11:24:04.0669 6052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:24:04.0671 6052 usbehci - ok
11:24:04.0689 6052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:24:04.0694 6052 usbhub - ok
11:24:04.0713 6052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:24:04.0715 6052 usbohci - ok
11:24:04.0741 6052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:24:04.0743 6052 usbprint - ok
11:24:04.0758 6052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:24:04.0760 6052 usbscan - ok
11:24:04.0773 6052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
11:24:04.0775 6052 USBSTOR - ok
11:24:04.0790 6052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:24:04.0793 6052 usbuhci - ok
11:24:04.0816 6052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:24:04.0818 6052 vdrvroot - ok
11:24:04.0834 6052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:24:04.0836 6052 vga - ok
11:24:04.0855 6052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:24:04.0858 6052 VgaSave - ok
11:24:04.0876 6052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:24:04.0880 6052 vhdmp - ok
11:24:04.0895 6052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:24:04.0897 6052 viaide - ok
11:24:04.0916 6052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:24:04.0918 6052 volmgr - ok
11:24:04.0967 6052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:24:04.0973 6052 volmgrx - ok
11:24:05.0021 6052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:24:05.0024 6052 volsnap - ok
11:24:05.0045 6052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:24:05.0048 6052 vsmraid - ok
11:24:05.0064 6052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:24:05.0066 6052 vwifibus - ok
11:24:05.0091 6052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:24:05.0092 6052 vwififlt - ok
11:24:05.0104 6052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:24:05.0106 6052 vwifimp - ok
11:24:05.0128 6052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:24:05.0131 6052 WacomPen - ok
11:24:05.0157 6052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:05.0159 6052 WANARP - ok
11:24:05.0168 6052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:05.0170 6052 Wanarpv6 - ok
11:24:05.0195 6052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:24:05.0198 6052 Wd - ok
11:24:05.0219 6052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:24:05.0225 6052 Wdf01000 - ok
11:24:05.0252 6052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:24:05.0254 6052 WfpLwf - ok
11:24:05.0274 6052 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:24:05.0277 6052 WimFltr - ok
11:24:05.0295 6052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:24:05.0298 6052 WIMMount - ok
11:24:05.0320 6052 WinFLdrv - ok
11:24:05.0346 6052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:24:05.0349 6052 WinUsb - ok
11:24:05.0371 6052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:24:05.0373 6052 WmiAcpi - ok
11:24:05.0416 6052 WRkrn (3fb292c74022f1054d7ca5c6047526ab) C:\Windows\system32\drivers\WRkrn.sys
11:24:05.0419 6052 WRkrn - ok
11:24:05.0443 6052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:24:05.0445 6052 ws2ifsl - ok
11:24:05.0491 6052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:24:05.0495 6052 WudfPf - ok
11:24:05.0515 6052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:24:05.0519 6052 WUDFRd - ok
11:24:05.0545 6052 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
11:24:05.0555 6052 \Device\Harddisk0\DR0 - ok
11:24:05.0564 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:24:05.0569 6052 \Device\Harddisk1\DR1 - ok
11:24:05.0573 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
11:24:05.0577 6052 \Device\Harddisk7\DR7 - ok
11:24:05.0580 6052 Boot (0x1200) (18598434a49e3bfdc0f9610afbcacff4) \Device\Harddisk0\DR0\Partition0
11:24:05.0580 6052 \Device\Harddisk0\DR0\Partition0 - ok
11:24:05.0592 6052 Boot (0x1200) (a83e0cec9739c6c8b7c4eab357c6d0ca) \Device\Harddisk0\DR0\Partition1
11:24:05.0593 6052 \Device\Harddisk0\DR0\Partition1 - ok
11:24:05.0595 6052 Boot (0x1200) (9c0ca9510cf8a7f64c7263dcdf6ed53b) \Device\Harddisk1\DR1\Partition0
11:24:05.0597 6052 \Device\Harddisk1\DR1\Partition0 - ok
11:24:05.0600 6052 Boot (0x1200) (72447ff13e69f5442a5e22d1560dd972) \Device\Harddisk7\DR7\Partition0
11:24:05.0601 6052 \Device\Harddisk7\DR7\Partition0 - ok
11:24:05.0601 6052 ============================================================
11:24:05.0601 6052 Scan finished
11:24:05.0601 6052 ============================================================
11:24:05.0610 4892 Detected object count: 0
11:24:05.0610 4892 Actual detected object count: 0
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter

diskmgmt.msc

Capture and attach a screenshot of what you see there. Also, let me know if you have your Windows installation disc handy.
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Before we continue let's create a system repair disc. You'll need an empty cd for that.

1. Open Backup and Restore by clicking Start->Control Panel->System and Maintenance->Backup and Restore.

2. In the left pane, click Create a system repair disc, and then follow the steps. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Let me know when you have the disc created.
 

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
I created a repair disc, but im kind of skeptical if it will work or not. I have created one before and tried to use it and it always gave me an error while using it.
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

You could test booting with it. Just see if it loads and nothing else.


Next, you will need a USB drive that can be emptied (=formatted).

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Select xpud-0.9.2.iso to diskimage field.
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: parted -l and hit Enter.

Post back what reads on the screen after typing that command (if you have a digi camera you could take a photo of contents on the screen).
 

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
I tried test booting the repair disc and it gave me the same error as before, Error 0x4001100200001012.

I have attached all those files to a USB stick, should i go ahead with booting off of the USB stick or should i wait for a good repair disc. Thanks for your help.
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Go ahead with booting from the USB stick. Make sure you have created the stick like instructed to have it bootable.
 

brunnels

Thread Starter
Joined
Nov 27, 2011
Messages
9
hi blade i tried booting off of my usb stick with the instructions you gave me. I get to the screen where i select language and after i select english, it tries to load then fails.
It says sh: no job control in this shell

I tried re doing the entire process a couple of times and got the same message both times.
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Please make sure you reformat the usb stick to FAT32 format and then try to install xPUD on it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top