1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect, media.podshow popup

Discussion in 'Virus & Other Malware Removal' started by brunnels, Nov 27, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    I got a virus and now every time i google it will redirect me to a different webpage while using firefox. If i use google search on google chrome, it will lock up google chrome all together. Im also having random pop ups on my computer asking me where to save download for media.podshow.com.

    Heres the Hijack this Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:08:10 PM, on 11/27/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Users\Barry\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

    LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

    \Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot -

    Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search

    Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

    \PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

    \jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
    O4 - HKLM\..\Run: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P

    DellSupportCenter
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    O4 - HKLM\..\Run: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent

    --no_ui
    O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler

    \Launcher.exe
    O4 - HKCU\..\Run: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.exe" -

    autostart
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default

    user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-

    8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

    Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

    (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

    (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

    (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search &

    Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{807B17E4-9DD3-418B-B4A0-39B18CC568C8}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

    \AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

    \Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

    missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

    \AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe

    (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

    missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision

    Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix

    \GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files

    (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

    (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file

    missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA

    Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

    \system32\lsass.exe (file missing)
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM

    \RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

    (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file

    missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files

    (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate

    Dashboard\SeagateDashboardService.exe
    O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file

    missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local

    Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

    (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

    (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

    (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam

    \SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files

    (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared

    \stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

    \system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

    (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file

    missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file

    missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat

    \WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

    \system32\wbengine.exe (file missing)
    O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock

    \OBJECT~1\WINDOW~1\VistaSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

    \WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

    Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

    --
    End of file - 12962 bytes

    Here is the DDS File:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
    Run by Barry at 12:09:47 on 2011-11-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.5847 [GMT -6:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
    C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWow64\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/?ilc=1
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [iTeleportConnect] "C:\Program Files (x86)\iTeleport\iTeleport Connect\iTeleportConnect.exe" -autostart
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [Google Update] "C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
    mRun: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    mRun: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
    mRun: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12
    TCP: Interfaces\{807B17E4-9DD3-418B-B4A0-39B18CC568C8} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{807B17E4-9DD3-418B-B4A0-39B18CC568C8} : DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.12
    TCP: Interfaces\{FAECCDD6-624F-4266-9C25-19F70E95D2BC} : DhcpNameServer = 168.94.0.15 168.94.0.14
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: WBSrv - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
    mRun-x64: [ShwiconXP9106] "C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe"
    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
    mRun-x64: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
    mRun-x64: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\kvr4kaw5.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Users\Barry\AppData\Roaming\Mozilla\Firefox\Profiles\kvr4kaw5.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Barry\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Barry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-10 2253120]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-14 689472]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-11-14 633088]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-22 1153368]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-11-27 17:17:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C248D452-B096-4FBD-85A3-8C0E4EC6958A}\offreg.dll
    2011-11-23 19:53:00 -------- d-----w- C:\Windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
    2011-11-23 19:51:29 8984 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
    2011-11-23 19:51:29 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
    2011-11-23 19:51:29 1612184 ----a-w- C:\Windows\System32\nvdispco642090.dll
    2011-11-23 19:51:29 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
    2011-11-23 19:51:29 1357720 ----a-w- C:\Windows\System32\nvgenco642040.dll
    2011-11-23 19:51:29 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2011-11-23 02:17:11 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2011-11-23 01:32:47 -------- d-----w- C:\Users\Barry\AppData\Roaming\Origin
    2011-11-23 01:32:46 -------- d-----w- C:\Users\Barry\AppData\Local\Origin
    2011-11-23 01:32:07 -------- d-----w- C:\Program Files (x86)\Origin
    2011-11-22 23:17:32 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C248D452-B096-4FBD-85A3-8C0E4EC6958A}\mpengine.dll
    2011-11-22 18:29:30 -------- d-----w- C:\Users\Barry\AppData\Roaming\Malwarebytes
    2011-11-22 18:29:21 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-22 18:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-21 04:07:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-11-21 04:07:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-11-21 02:24:56 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-11-18 17:00:58 16383 ----a-w- C:\Users\Barry\AppData\Roaming\gayashell.exe
    2011-11-18 17:00:58 16383 ----a-w- C:\Users\Barry\AppData\Roaming\2698.tmp
    2011-11-17 05:20:21 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2011-11-17 02:33:30 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-16 19:37:21 -------- d-----w- C:\Program Files\iTunes
    2011-11-16 19:37:21 -------- d-----w- C:\Program Files\iPod
    2011-11-16 19:37:21 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-15 22:28:01 -------- d-----w- C:\Program Files (x86)\LP
    2011-11-15 00:44:34 91832 ----a-w- C:\Windows\System32\WRusr.dll
    2011-11-15 00:44:34 141272 ----a-w- C:\Windows\SysWow64\WRusr.dll
    2011-11-15 00:44:34 108896 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
    2011-11-15 00:44:34 -------- d-----w- C:\Program Files\Webroot
    2011-11-15 00:44:30 -------- d-----w- C:\ProgramData\WRData
    2011-11-14 19:33:58 -------- d-----w- C:\Users\Barry\AppData\Roaming\FVVVellIBtzPyc1
    2011-11-14 19:33:57 -------- d-----w- C:\Users\Barry\AppData\Roaming\AgRRRZ9hYXwj
    2011-11-14 19:33:54 257024 ----a-w- C:\Users\Barry\taskmgr.exe
    2011-11-14 19:33:54 -------- d-----w- C:\Users\Barry\AppData\Roaming\S33ppmGG5aQ6dK8
    2011-11-14 19:33:53 -------- d-----w- C:\Users\Barry\AppData\Roaming\qtttzPPNycAuv2o
    2011-11-14 19:33:53 -------- d-----w- C:\Users\Barry\AppData\Roaming\I5ssQQJ7dEK8RZh
    2011-11-11 05:46:31 -------- d-----w- C:\Program Files\CCleaner
    2011-11-11 01:18:07 -------- d-----w- C:\Users\Barry\AppData\Roaming\xelItPNyc1v2b4
    2011-11-11 01:18:07 -------- d-----w- C:\Users\Barry\AppData\Roaming\NH5sQJ7dE8R9YwU
    2011-11-10 23:43:23 -------- d-----we C:\Windows\system64
    2011-11-10 23:43:10 -------- d-----w- C:\Users\Barry\AppData\Roaming\811FA
    2011-11-10 23:42:50 -------- d-----w- C:\Users\Barry\AppData\Roaming\86581
    2011-11-10 23:42:39 -------- d-----w- C:\Users\Barry\AppData\Roaming\NeeelOOBtzP0cA
    2011-11-10 23:42:31 -------- d-----w- C:\Users\Barry\AppData\Roaming\lQQQJ66dWK8RLhT
    2011-11-10 23:42:30 -------- d-----w- C:\Users\Barry\AppData\Roaming\wXXwjjUVelIBtPy
    2011-11-10 23:42:29 -------- d-----w- C:\Users\Barry\AppData\Roaming\K33oonFF4aH5sJ7
    2011-11-10 07:52:45 1452648 ----a-w- C:\Windows\System32\nvhdagenco6420102.dll
    2011-11-10 07:52:44 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
    2011-11-10 07:52:44 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
    2011-11-10 07:35:23 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
    2011-11-10 05:20:16 -------- d-----w- C:\ProgramData\Origin
    2011-11-10 05:20:16 -------- d-----w- C:\ProgramData\Electronic Arts
    2011-11-10 05:20:16 -------- d-----w- C:\Program Files (x86)\Origin Games
    2011-11-08 05:39:42 -------- d-----w- C:\ProgramData\iRinger
    2011-11-08 04:04:52 -------- d-----w- C:\Users\Barry\AppData\Roaming\redsn0w
    2011-11-06 04:27:12 -------- d-----w- C:\Program Files\Bonjour
    2011-11-06 04:27:12 -------- d-----w- C:\Program Files (x86)\Bonjour
    .
    ==================== Find3M ====================
    .
    2011-11-26 07:19:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-11-26 07:19:51 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-11-25 21:37:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-11-23 20:06:54 0 ----a-w- C:\Windows\System32\SETDCD5.tmp
    2011-11-14 19:28:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-10 07:35:02 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-10-24 20:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 20:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-15 06:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-10-12 21:47:24 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-10-12 21:47:23 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
    2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    .
    ============= FINISH: 12:18:32.94 ===============
     

    Attached Files:

  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    BitTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Download aswMBR to your desktop. Double click the aswMBR.exe to run it
    Click the Scan button to start scan

    On completion of the scan click save log, save it to your desktop and post in your next reply.
     
  3. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    Thanks for replying i deleted bittorrent, and ran the program you linked me.

    here is the log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-04 11:04:45
    -----------------------------
    11:04:45.858 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:04:45.858 Number of processors: 4 586 0x2502
    11:04:45.859 ComputerName: BARRY-PC UserName: Barry
    11:04:50.129 Initialize success
    11:05:26.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:05:26.810 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 8
    11:05:26.829 Disk 0 MBR read successfully
    11:05:26.831 Disk 0 MBR scan
    11:05:26.833 Disk 0 Windows VISTA default MBR code
    11:05:26.835 Service scanning
    11:05:29.920 Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
    11:05:30.428 Modules scanning
    11:05:30.433 Disk 0 trace - called modules:
    11:05:30.453 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007e6c334]<<
    11:05:30.459 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e59060]
    11:05:30.465 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007ba6050]
    11:05:30.471 \Driver\iaStor[0xfffffa8007ab4630] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007e6c334
    11:05:30.475 Scan finished successfully
    11:09:12.189 Disk 0 MBR has been saved successfully to "C:\Users\Barry\Downloads\MBR.dat"
    11:09:12.193 The log file has been saved successfully to "C:\Users\Barry\Downloads\aswMBR.txt"
     
  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
     
  5. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    11:23:45.0924 5100 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    11:23:46.0077 5100 ============================================================
    11:23:46.0077 5100 Current date / time: 2011/12/04 11:23:46.0077
    11:23:46.0077 5100 SystemInfo:
    11:23:46.0077 5100
    11:23:46.0077 5100 OS Version: 6.1.7601 ServicePack: 1.0
    11:23:46.0077 5100 Product type: Workstation
    11:23:46.0077 5100 ComputerName: BARRY-PC
    11:23:46.0077 5100 UserName: Barry
    11:23:46.0077 5100 Windows directory: C:\Windows
    11:23:46.0077 5100 System windows directory: C:\Windows
    11:23:46.0077 5100 Running under WOW64
    11:23:46.0077 5100 Processor architecture: Intel x64
    11:23:46.0077 5100 Number of processors: 4
    11:23:46.0077 5100 Page size: 0x1000
    11:23:46.0077 5100 Boot type: Normal boot
    11:23:46.0077 5100 ============================================================
    11:23:50.0626 5100 Initialize success
    11:23:55.0106 6052 ============================================================
    11:23:55.0106 6052 Scan started
    11:23:55.0106 6052 Mode: Manual;
    11:23:55.0106 6052 ============================================================
    11:23:56.0439 6052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:23:56.0441 6052 1394ohci - ok
    11:23:56.0464 6052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:23:56.0469 6052 ACPI - ok
    11:23:56.0505 6052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:23:56.0506 6052 AcpiPmi - ok
    11:23:56.0546 6052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:23:56.0553 6052 adp94xx - ok
    11:23:56.0581 6052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:23:56.0585 6052 adpahci - ok
    11:23:56.0610 6052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:23:56.0613 6052 adpu320 - ok
    11:23:56.0689 6052 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    11:23:56.0697 6052 AFD - ok
    11:23:56.0733 6052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:23:56.0735 6052 agp440 - ok
    11:23:56.0775 6052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:23:56.0777 6052 aliide - ok
    11:23:56.0789 6052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:23:56.0790 6052 amdide - ok
    11:23:56.0806 6052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:23:56.0808 6052 AmdK8 - ok
    11:23:56.0820 6052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:23:56.0822 6052 AmdPPM - ok
    11:23:56.0835 6052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:23:56.0837 6052 amdsata - ok
    11:23:56.0853 6052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:23:56.0856 6052 amdsbs - ok
    11:23:56.0874 6052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:23:56.0874 6052 amdxata - ok
    11:23:56.0917 6052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:23:56.0919 6052 AppID - ok
    11:23:56.0960 6052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:23:56.0962 6052 arc - ok
    11:23:56.0977 6052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:23:56.0980 6052 arcsas - ok
    11:23:57.0014 6052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:23:57.0015 6052 AsyncMac - ok
    11:23:57.0042 6052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:23:57.0044 6052 atapi - ok
    11:23:57.0085 6052 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
    11:23:57.0107 6052 athr - ok
    11:23:57.0135 6052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:23:57.0139 6052 b06bdrv - ok
    11:23:57.0182 6052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:23:57.0187 6052 b57nd60a - ok
    11:23:57.0216 6052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:23:57.0217 6052 Beep - ok
    11:23:57.0251 6052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:23:57.0252 6052 blbdrive - ok
    11:23:57.0297 6052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:23:57.0299 6052 bowser - ok
    11:23:57.0313 6052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:23:57.0315 6052 BrFiltLo - ok
    11:23:57.0333 6052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:23:57.0334 6052 BrFiltUp - ok
    11:23:57.0355 6052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:23:57.0360 6052 Brserid - ok
    11:23:57.0380 6052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:23:57.0382 6052 BrSerWdm - ok
    11:23:57.0404 6052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:23:57.0406 6052 BrUsbMdm - ok
    11:23:57.0430 6052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:23:57.0432 6052 BrUsbSer - ok
    11:23:57.0447 6052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:23:57.0449 6052 BTHMODEM - ok
    11:23:57.0473 6052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:23:57.0475 6052 cdfs - ok
    11:23:57.0496 6052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    11:23:57.0498 6052 cdrom - ok
    11:23:57.0520 6052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:23:57.0522 6052 circlass - ok
    11:23:57.0551 6052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:23:57.0559 6052 CLFS - ok
    11:23:57.0588 6052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:23:57.0590 6052 CmBatt - ok
    11:23:57.0652 6052 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
    11:23:57.0658 6052 cmdGuard - ok
    11:23:57.0683 6052 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
    11:23:57.0684 6052 cmdHlp - ok
    11:23:57.0700 6052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:23:57.0702 6052 cmdide - ok
    11:23:57.0752 6052 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    11:23:57.0759 6052 CNG - ok
    11:23:57.0774 6052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:23:57.0776 6052 Compbatt - ok
    11:23:57.0791 6052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:23:57.0793 6052 CompositeBus - ok
    11:23:57.0818 6052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:23:57.0819 6052 crcdisk - ok
    11:23:57.0874 6052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:23:57.0876 6052 DfsC - ok
    11:23:57.0893 6052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:23:57.0894 6052 discache - ok
    11:23:57.0911 6052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:23:57.0913 6052 Disk - ok
    11:23:57.0943 6052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:23:57.0944 6052 drmkaud - ok
    11:23:58.0003 6052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:23:58.0013 6052 DXGKrnl - ok
    11:23:58.0095 6052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:23:58.0167 6052 ebdrv - ok
    11:23:58.0214 6052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:23:58.0219 6052 elxstor - ok
    11:23:58.0241 6052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:23:58.0243 6052 ErrDev - ok
    11:23:58.0266 6052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:23:58.0270 6052 exfat - ok
    11:23:58.0291 6052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:23:58.0294 6052 fastfat - ok
    11:23:58.0312 6052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:23:58.0314 6052 fdc - ok
    11:23:58.0338 6052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:23:58.0340 6052 FileInfo - ok
    11:23:58.0358 6052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:23:58.0359 6052 Filetrace - ok
    11:23:58.0379 6052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:23:58.0380 6052 flpydisk - ok
    11:23:58.0425 6052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:23:58.0430 6052 FltMgr - ok
    11:23:58.0828 6052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:23:58.0830 6052 FsDepends - ok
    11:23:58.0843 6052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:23:58.0845 6052 Fs_Rec - ok
    11:23:58.0889 6052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:23:58.0893 6052 fvevol - ok
    11:23:58.0908 6052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:23:58.0910 6052 gagp30kx - ok
    11:23:58.0939 6052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:23:58.0941 6052 GEARAspiWDM - ok
    11:23:58.0977 6052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:23:58.0978 6052 hcw85cir - ok
    11:23:58.0999 6052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:23:59.0001 6052 HDAudBus - ok
    11:23:59.0018 6052 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:23:59.0020 6052 HECIx64 - ok
    11:23:59.0038 6052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:23:59.0040 6052 HidBatt - ok
    11:23:59.0057 6052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:23:59.0059 6052 HidBth - ok
    11:23:59.0072 6052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:23:59.0075 6052 HidIr - ok
    11:23:59.0093 6052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:23:59.0095 6052 HidUsb - ok
    11:23:59.0117 6052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:23:59.0119 6052 HpSAMD - ok
    11:23:59.0167 6052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:23:59.0178 6052 HTTP - ok
    11:23:59.0211 6052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:23:59.0212 6052 hwpolicy - ok
    11:23:59.0228 6052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:23:59.0232 6052 i8042prt - ok
    11:23:59.0261 6052 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    11:23:59.0266 6052 iaStor - ok
    11:23:59.0307 6052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:23:59.0315 6052 iaStorV - ok
    11:23:59.0337 6052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:23:59.0338 6052 iirsp - ok
    11:23:59.0373 6052 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
    11:23:59.0375 6052 inspect - ok
    11:23:59.0439 6052 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
    11:23:59.0455 6052 IntcAzAudAddService - ok
    11:23:59.0471 6052 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:23:59.0474 6052 IntcDAud - ok
    11:23:59.0492 6052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:23:59.0493 6052 intelide - ok
    11:23:59.0527 6052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:23:59.0529 6052 intelppm - ok
    11:23:59.0576 6052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:23:59.0579 6052 IpFilterDriver - ok
    11:23:59.0600 6052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:23:59.0603 6052 IPMIDRV - ok
    11:23:59.0632 6052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:23:59.0635 6052 IPNAT - ok
    11:23:59.0671 6052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:23:59.0673 6052 IRENUM - ok
    11:23:59.0689 6052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:23:59.0692 6052 isapnp - ok
    11:23:59.0713 6052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:23:59.0718 6052 iScsiPrt - ok
    11:23:59.0754 6052 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    11:23:59.0758 6052 k57nd60a - ok
    11:23:59.0788 6052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:23:59.0790 6052 kbdclass - ok
    11:23:59.0807 6052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:23:59.0809 6052 kbdhid - ok
    11:23:59.0839 6052 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    11:23:59.0842 6052 KSecDD - ok
    11:23:59.0871 6052 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:23:59.0874 6052 KSecPkg - ok
    11:23:59.0883 6052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:23:59.0884 6052 ksthunk - ok
    11:23:59.0911 6052 libusb0 - ok
    11:23:59.0934 6052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:23:59.0936 6052 lltdio - ok
    11:23:59.0970 6052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:23:59.0973 6052 LSI_FC - ok
    11:23:59.0988 6052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:23:59.0991 6052 LSI_SAS - ok
    11:24:00.0008 6052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:24:00.0010 6052 LSI_SAS2 - ok
    11:24:00.0028 6052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:24:00.0030 6052 LSI_SCSI - ok
    11:24:00.0052 6052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:24:00.0055 6052 luafv - ok
    11:24:00.0076 6052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:24:00.0078 6052 megasas - ok
    11:24:00.0100 6052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:24:00.0105 6052 MegaSR - ok
    11:24:00.0137 6052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:24:00.0139 6052 Modem - ok
    11:24:00.0157 6052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:24:00.0159 6052 monitor - ok
    11:24:00.0176 6052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:24:00.0178 6052 mouclass - ok
    11:24:00.0198 6052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:24:00.0200 6052 mouhid - ok
    11:24:00.0239 6052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:24:00.0241 6052 mountmgr - ok
    11:24:00.0258 6052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:24:00.0262 6052 mpio - ok
    11:24:00.0285 6052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:24:00.0287 6052 mpsdrv - ok
    11:24:00.0310 6052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:24:00.0314 6052 MRxDAV - ok
    11:24:00.0353 6052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:24:00.0356 6052 mrxsmb - ok
    11:24:00.0404 6052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:24:00.0409 6052 mrxsmb10 - ok
    11:24:00.0437 6052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:24:00.0440 6052 mrxsmb20 - ok
    11:24:00.0461 6052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:24:00.0462 6052 msahci - ok
    11:24:00.0480 6052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:24:00.0482 6052 msdsm - ok
    11:24:00.0500 6052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:24:00.0502 6052 Msfs - ok
    11:24:00.0514 6052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:24:00.0516 6052 mshidkmdf - ok
    11:24:00.0544 6052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:24:00.0546 6052 msisadrv - ok
    11:24:00.0573 6052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:24:00.0576 6052 MSKSSRV - ok
    11:24:00.0585 6052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:24:00.0587 6052 MSPCLOCK - ok
    11:24:00.0598 6052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:24:00.0600 6052 MSPQM - ok
    11:24:00.0620 6052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:24:00.0624 6052 MsRPC - ok
    11:24:00.0645 6052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:24:00.0647 6052 mssmbios - ok
    11:24:00.0660 6052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:24:00.0662 6052 MSTEE - ok
    11:24:00.0675 6052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:24:00.0677 6052 MTConfig - ok
    11:24:00.0699 6052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:24:00.0700 6052 Mup - ok
    11:24:00.0725 6052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:24:00.0731 6052 NativeWifiP - ok
    11:24:00.0810 6052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:24:00.0824 6052 NDIS - ok
    11:24:00.0850 6052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:24:00.0943 6052 NdisCap - ok
    11:24:01.0255 6052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:24:01.0257 6052 NdisTapi - ok
    11:24:01.0302 6052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:24:01.0304 6052 Ndisuio - ok
    11:24:01.0347 6052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:24:01.0351 6052 NdisWan - ok
    11:24:01.0379 6052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:24:01.0381 6052 NDProxy - ok
    11:24:01.0406 6052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:24:01.0408 6052 NetBIOS - ok
    11:24:01.0431 6052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:24:01.0436 6052 NetBT - ok
    11:24:01.0473 6052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:24:01.0474 6052 nfrd960 - ok
    11:24:01.0484 6052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:24:01.0485 6052 Npfs - ok
    11:24:01.0493 6052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:24:01.0495 6052 nsiproxy - ok
    11:24:01.0556 6052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:24:01.0593 6052 Ntfs - ok
    11:24:01.0609 6052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:24:01.0611 6052 Null - ok
    11:24:01.0653 6052 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
    11:24:01.0656 6052 NVHDA - ok
    11:24:01.0881 6052 nvlddmkm (88e141b9df63c41ea272b2f712d1a227) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:24:01.0932 6052 nvlddmkm - ok
    11:24:01.0957 6052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:24:01.0960 6052 nvraid - ok
    11:24:01.0985 6052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:24:01.0990 6052 nvstor - ok
    11:24:02.0030 6052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:24:02.0034 6052 nv_agp - ok
    11:24:02.0056 6052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:24:02.0059 6052 ohci1394 - ok
    11:24:02.0099 6052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:24:02.0102 6052 Parport - ok
    11:24:02.0121 6052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:24:02.0123 6052 partmgr - ok
    11:24:02.0146 6052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:24:02.0149 6052 pci - ok
    11:24:02.0165 6052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:24:02.0166 6052 pciide - ok
    11:24:02.0188 6052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:24:02.0191 6052 pcmcia - ok
    11:24:02.0199 6052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:24:02.0200 6052 pcw - ok
    11:24:02.0222 6052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:24:02.0229 6052 PEAUTH - ok
    11:24:02.0341 6052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:24:02.0345 6052 PptpMiniport - ok
    11:24:02.0367 6052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:24:02.0369 6052 Processor - ok
    11:24:02.0398 6052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:24:02.0403 6052 Psched - ok
    11:24:02.0438 6052 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:24:02.0440 6052 PxHlpa64 - ok
    11:24:02.0477 6052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:24:02.0493 6052 ql2300 - ok
    11:24:02.0519 6052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:24:02.0522 6052 ql40xx - ok
    11:24:02.0539 6052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:24:02.0541 6052 QWAVEdrv - ok
    11:24:02.0558 6052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:24:02.0560 6052 RasAcd - ok
    11:24:02.0587 6052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:24:02.0589 6052 RasAgileVpn - ok
    11:24:02.0630 6052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:24:02.0634 6052 Rasl2tp - ok
    11:24:02.0655 6052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:24:02.0658 6052 RasPppoe - ok
    11:24:02.0667 6052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:24:02.0670 6052 RasSstp - ok
    11:24:02.0719 6052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:24:02.0725 6052 rdbss - ok
    11:24:02.0761 6052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:24:02.0764 6052 rdpbus - ok
    11:24:02.0786 6052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:24:02.0788 6052 RDPCDD - ok
    11:24:02.0804 6052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:24:02.0806 6052 RDPENCDD - ok
    11:24:02.0817 6052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:24:02.0819 6052 RDPREFMP - ok
    11:24:02.0841 6052 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    11:24:02.0846 6052 RDPWD - ok
    11:24:02.0869 6052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:24:02.0873 6052 rdyboost - ok
    11:24:02.0897 6052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:24:02.0900 6052 rspndr - ok
    11:24:02.0907 6052 RxFilter - ok
    11:24:02.0949 6052 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    11:24:02.0949 6052 SASDIFSV - ok
    11:24:02.0963 6052 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    11:24:02.0964 6052 SASKUTIL - ok
    11:24:02.0984 6052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:24:02.0989 6052 sbp2port - ok
    11:24:03.0027 6052 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
    11:24:03.0030 6052 SCDEmu - ok
    11:24:03.0069 6052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:24:03.0072 6052 scfilter - ok
    11:24:03.0120 6052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:24:03.0122 6052 secdrv - ok
    11:24:03.0141 6052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:24:03.0142 6052 Serenum - ok
    11:24:03.0159 6052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:24:03.0162 6052 Serial - ok
    11:24:03.0186 6052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:24:03.0190 6052 sermouse - ok
    11:24:03.0215 6052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:24:03.0217 6052 sffdisk - ok
    11:24:03.0228 6052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:24:03.0231 6052 sffp_mmc - ok
    11:24:03.0247 6052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:24:03.0248 6052 sffp_sd - ok
    11:24:03.0264 6052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:24:03.0267 6052 sfloppy - ok
    11:24:03.0672 6052 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:24:03.0681 6052 Sftfs - ok
    11:24:03.0697 6052 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:24:03.0700 6052 Sftplay - ok
    11:24:03.0717 6052 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:24:03.0718 6052 Sftredir - ok
    11:24:03.0735 6052 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:24:03.0736 6052 Sftvol - ok
    11:24:03.0754 6052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:24:03.0756 6052 SiSRaid2 - ok
    11:24:03.0770 6052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:24:03.0773 6052 SiSRaid4 - ok
    11:24:03.0786 6052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:24:03.0788 6052 Smb - ok
    11:24:03.0810 6052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:24:03.0811 6052 spldr - ok
    11:24:03.0861 6052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:24:03.0870 6052 srv - ok
    11:24:03.0893 6052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:24:03.0898 6052 srv2 - ok
    11:24:03.0914 6052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:24:03.0918 6052 srvnet - ok
    11:24:03.0965 6052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:24:03.0967 6052 stexstor - ok
    11:24:03.0985 6052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:24:03.0986 6052 swenum - ok
    11:24:04.0035 6052 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    11:24:04.0068 6052 Tcpip - ok
    11:24:04.0096 6052 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    11:24:04.0104 6052 TCPIP6 - ok
    11:24:04.0137 6052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:24:04.0139 6052 tcpipreg - ok
    11:24:04.0154 6052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:24:04.0156 6052 TDPIPE - ok
    11:24:04.0164 6052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    11:24:04.0166 6052 TDTCP - ok
    11:24:04.0206 6052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:24:04.0210 6052 tdx - ok
    11:24:04.0241 6052 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
    11:24:04.0244 6052 teamviewervpn - ok
    11:24:04.0262 6052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:24:04.0265 6052 TermDD - ok
    11:24:04.0326 6052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:24:04.0329 6052 tssecsrv - ok
    11:24:04.0370 6052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:24:04.0374 6052 TsUsbFlt - ok
    11:24:04.0424 6052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:24:04.0428 6052 tunnel - ok
    11:24:04.0447 6052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:24:04.0451 6052 uagp35 - ok
    11:24:04.0499 6052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:24:04.0505 6052 udfs - ok
    11:24:04.0544 6052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:24:04.0546 6052 uliagpkx - ok
    11:24:04.0564 6052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    11:24:04.0566 6052 umbus - ok
    11:24:04.0586 6052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:24:04.0588 6052 UmPass - ok
    11:24:04.0608 6052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    11:24:04.0611 6052 USBAAPL64 - ok
    11:24:04.0626 6052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:24:04.0628 6052 usbccgp - ok
    11:24:04.0647 6052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:24:04.0650 6052 usbcir - ok
    11:24:04.0669 6052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:24:04.0671 6052 usbehci - ok
    11:24:04.0689 6052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:24:04.0694 6052 usbhub - ok
    11:24:04.0713 6052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    11:24:04.0715 6052 usbohci - ok
    11:24:04.0741 6052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:24:04.0743 6052 usbprint - ok
    11:24:04.0758 6052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:24:04.0760 6052 usbscan - ok
    11:24:04.0773 6052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    11:24:04.0775 6052 USBSTOR - ok
    11:24:04.0790 6052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:24:04.0793 6052 usbuhci - ok
    11:24:04.0816 6052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:24:04.0818 6052 vdrvroot - ok
    11:24:04.0834 6052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:24:04.0836 6052 vga - ok
    11:24:04.0855 6052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:24:04.0858 6052 VgaSave - ok
    11:24:04.0876 6052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:24:04.0880 6052 vhdmp - ok
    11:24:04.0895 6052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:24:04.0897 6052 viaide - ok
    11:24:04.0916 6052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:24:04.0918 6052 volmgr - ok
    11:24:04.0967 6052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:24:04.0973 6052 volmgrx - ok
    11:24:05.0021 6052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:24:05.0024 6052 volsnap - ok
    11:24:05.0045 6052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:24:05.0048 6052 vsmraid - ok
    11:24:05.0064 6052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:24:05.0066 6052 vwifibus - ok
    11:24:05.0091 6052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:24:05.0092 6052 vwififlt - ok
    11:24:05.0104 6052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:24:05.0106 6052 vwifimp - ok
    11:24:05.0128 6052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:24:05.0131 6052 WacomPen - ok
    11:24:05.0157 6052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:24:05.0159 6052 WANARP - ok
    11:24:05.0168 6052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:24:05.0170 6052 Wanarpv6 - ok
    11:24:05.0195 6052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:24:05.0198 6052 Wd - ok
    11:24:05.0219 6052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:24:05.0225 6052 Wdf01000 - ok
    11:24:05.0252 6052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:24:05.0254 6052 WfpLwf - ok
    11:24:05.0274 6052 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    11:24:05.0277 6052 WimFltr - ok
    11:24:05.0295 6052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:24:05.0298 6052 WIMMount - ok
    11:24:05.0320 6052 WinFLdrv - ok
    11:24:05.0346 6052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:24:05.0349 6052 WinUsb - ok
    11:24:05.0371 6052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:24:05.0373 6052 WmiAcpi - ok
    11:24:05.0416 6052 WRkrn (3fb292c74022f1054d7ca5c6047526ab) C:\Windows\system32\drivers\WRkrn.sys
    11:24:05.0419 6052 WRkrn - ok
    11:24:05.0443 6052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:24:05.0445 6052 ws2ifsl - ok
    11:24:05.0491 6052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:24:05.0495 6052 WudfPf - ok
    11:24:05.0515 6052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:24:05.0519 6052 WUDFRd - ok
    11:24:05.0545 6052 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    11:24:05.0555 6052 \Device\Harddisk0\DR0 - ok
    11:24:05.0564 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    11:24:05.0569 6052 \Device\Harddisk1\DR1 - ok
    11:24:05.0573 6052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR7
    11:24:05.0577 6052 \Device\Harddisk7\DR7 - ok
    11:24:05.0580 6052 Boot (0x1200) (18598434a49e3bfdc0f9610afbcacff4) \Device\Harddisk0\DR0\Partition0
    11:24:05.0580 6052 \Device\Harddisk0\DR0\Partition0 - ok
    11:24:05.0592 6052 Boot (0x1200) (a83e0cec9739c6c8b7c4eab357c6d0ca) \Device\Harddisk0\DR0\Partition1
    11:24:05.0593 6052 \Device\Harddisk0\DR0\Partition1 - ok
    11:24:05.0595 6052 Boot (0x1200) (9c0ca9510cf8a7f64c7263dcdf6ed53b) \Device\Harddisk1\DR1\Partition0
    11:24:05.0597 6052 \Device\Harddisk1\DR1\Partition0 - ok
    11:24:05.0600 6052 Boot (0x1200) (72447ff13e69f5442a5e22d1560dd972) \Device\Harddisk7\DR7\Partition0
    11:24:05.0601 6052 \Device\Harddisk7\DR7\Partition0 - ok
    11:24:05.0601 6052 ============================================================
    11:24:05.0601 6052 Scan finished
    11:24:05.0601 6052 ============================================================
    11:24:05.0610 4892 Detected object count: 0
    11:24:05.0610 4892 Actual detected object count: 0
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Go to Start > type or copy/paste the following in the search program and files textbox, then press Enter

    diskmgmt.msc

    Capture and attach a screenshot of what you see there. Also, let me know if you have your Windows installation disc handy.
     
  7. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    Im attaching a screenshot of what you requested, i do not have a windows installation disk.
     

    Attached Files:

  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Before we continue let's create a system repair disc. You'll need an empty cd for that.

    1. Open Backup and Restore by clicking Start->Control Panel->System and Maintenance->Backup and Restore.

    2. In the left pane, click Create a system repair disc, and then follow the steps. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

    Let me know when you have the disc created.
     
  9. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    I created a repair disc, but im kind of skeptical if it will work or not. I have created one before and tried to use it and it always gave me an error while using it.
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    You could test booting with it. Just see if it loads and nothing else.


    Next, you will need a USB drive that can be emptied (=formatted).

    Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
    • Insert your USB drive
    • Press Start > My Computer > right click your USB drive > choose Format > Quick format
    • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
    • Select xpud-0.9.2.iso to diskimage field.
    • Press Run then OK
    • It will install a little bootable OS on your USB
    • After it has completed do not choose to reboot the clean computer simply close the installer
    • Remove the USB and insert it in the sick computer
    • Boot the Sick computer
    • Press F12 and choose to boot from the USB
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Press Tool at the top
    • Choose Open Terminal
    • Type in: parted -l and hit Enter.

    Post back what reads on the screen after typing that command (if you have a digi camera you could take a photo of contents on the screen).
     
  11. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    I tried test booting the repair disc and it gave me the same error as before, Error 0x4001100200001012.

    I have attached all those files to a USB stick, should i go ahead with booting off of the USB stick or should i wait for a good repair disc. Thanks for your help.
     
  12. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Go ahead with booting from the USB stick. Make sure you have created the stick like instructed to have it bootable.
     
  13. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    hi blade i tried booting off of my usb stick with the instructions you gave me. I get to the screen where i select language and after i select english, it tries to load then fails.
    It says sh: no job control in this shell

    I tried re doing the entire process a couple of times and got the same message both times.
     
  14. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Please make sure you reformat the usb stick to FAT32 format and then try to install xPUD on it.
     
  15. brunnels

    brunnels Thread Starter

    Joined:
    Nov 27, 2011
    Messages:
    9
    Hi the format was formatted FAT32 the previous times i tried it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1028662

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice