1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Redirect Virus in IE and Chrome

Discussion in 'Virus & Other Malware Removal' started by WifflePerson, Jul 5, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    Hello,
    I believe I have a Google Redirect Virus. While I primarily use Chrome, my roommate used IE, and has reported redirects as well. I have tried the following programs, to no avail: FixTDDS (found nothing); TDDSKilller (found something, but wouldn't give me the option to "Cure." Later, found nothing); Malwarebytes (found nothing); Microsoft HOSTS fix (no help). In Chrome, I have an extension titled, "Default Extension 1.0" or similar. Trashing/Disabling it prevents redirects, but every time I load Chrome, it reinstalls and reloads. I run Avast!, fully updated, and since this started, it has been blocking things sporadically, but apparently not often enough. I have a feeling that fixing this will involve ComboFix, and I am given to understand that this isn't something I should monkey with without help. While I am not above scorched-earth tactics (reformatting), I would prefer to go through the ComboFix hassle, rather than wiping the slate clean. Perhaps I'll learn something. Thanks for any help you can provide. Here is my HighjackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:04:09 PM, on 7/5/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Brandon\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
    O4 - HKCU\..\Run: [Illusion Softworks] RunDLL32.exe "C:\Users\Brandon\AppData\Local\Illusion Softworks\pzrrcuec.dll",CheckCTCRCVersion
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-172965747-519820441-4015134259-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-172965747-519820441-4015134259-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12655 bytes

    ***

    And here are is the dds stuff:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by Brandon at 19:05:45 on 2012-07-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2007 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkUFind.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Brandon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
    uRun: [Illusion Softworks] RunDLL32.exe "C:\Users\Brandon\AppData\Local\Illusion Softworks\pzrrcuec.dll",CheckCTCRCVersion
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
    mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
    mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
    TCP: Interfaces\{CC2649B2-04CD-4FA4-9C2A-E6315E629EC2} : DhcpNameServer = 24.116.2.50 24.116.2.34
    TCP: Interfaces\{E0DF5D63-3AB0-4171-A4F7-E221447957E3} : DhcpNameServer = 24.116.2.50 24.116.2.34
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    AppInit_DLLs:
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun-x64: [CTHelper] CTHELPER.EXE
    mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [WorksFUD] C:\Program Files (x86)\Microsoft Works\wkfud.exe
    mRun-x64: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
    mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    AppInit_DLLs-X64:
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-13 44768]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-2 2253120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-27 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
    S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 253600]
    S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-10 136176]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-05 23:19:14 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-07-05 23:18:10 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-07-05 23:18:10 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-07-05 23:17:57 -------- d-----w- C:\Users\Brandon\AppData\Roaming\TestApp
    2012-07-05 23:17:57 -------- d-----w- C:\ProgramData\PC Tools
    2012-07-05 22:59:33 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-05 16:37:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-05 08:02:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-05 08:02:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-05 02:05:21 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
    2012-07-05 02:05:14 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-04 18:38:50 -------- d-----w- C:\Users\Brandon\AppData\Local\Illusion Softworks
    2012-07-03 18:15:30 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E4246F7-BF81-4515-85CA-E24D45A24833}\mpengine.dll
    2012-06-25 22:00:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-25 22:00:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-25 21:59:52 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-25 21:59:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-13 14:17:57 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-06-13 08:58:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 10:41:22 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-12 10:41:06 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    .
    ==================== Find3M ====================
    .
    2012-07-05 22:59:09 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    .
    ============= FINISH: 19:08:51.64 ===============

    Attached file included

    Wiffle
     

    Attached Files:

  2. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    It looks like I was mistaken regarding the Default Extension 1.0 thing. That hasn't fixed the problem. I'm still getting redirects after trashing that extension.

    Wiffle
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Wiffle, my name is Mark and I will be helping you.

    Please run the following and post the log.

    Please download SystemLook for your operating system from one of the links below and save it to your Desktop.
    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :filefind
      services.exe
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  4. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:17 on 10/07/2012 by Brandon
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "services.exe"
    C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

    -= EOF =-
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    I appreciate you have already run TDSSKiller but I would like you to run it again following these instructions, just to be certain you have the most up to date version please delete the icon on your desktop and procede as follows. Please then also run aswMBR following the instructions given.


    STEP 1
    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.
    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.
    Be sure to print out and follow the instructions for performing a scan.
    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
    • When the program opens, click the Change parameters.
      [​IMG]
    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
      [​IMG]
    • Click the Start Scan button.
      [​IMG]
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.
      [​IMG]
    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
      [​IMG]
    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.
    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

    STEP 2
    How to scan & save log:
    Please download aswMBR.exe and save it to your Desktop.
    • Double click on aswMBR.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
    • You will be asked if you wish to download the latest Avast Virus Definitions, please select Yes. It may take several minutes to complete.
    • Click the Scan button to start scan.
      [​IMG]
    • On completion of the scan, click the Save log button and save it to your Desktop.
    • Do not select any Fix options at this time.
    • Copy and paste the contents of that log in your next reply.
    -- Important note: Upon the first run, aswMBR will back up the MBR and save it to the Desktop as MBR.dat. Do not delete this file unless advised.
    NOTE: Right-click on MBR.dat and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.
    • Below the Message Box click on Go Advanced. Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
    • Click on the Browse button, find the zip folder you made earlier and doubleclick on it.
    • Now click on the Upload button. Wait for the Upload to complete, it will appear just below the Browse box.
    • When done, click on the Close this window button at the bottom of the page.
    • Enter your message-text in the message box, then click on Submit Message/Reply.
     
  6. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    TDSSKiller Log:


    17:16:36.0180 3108 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    17:16:36.0495 3108 ============================================================
    17:16:36.0495 3108 Current date / time: 2012/07/10 17:16:36.0495
    17:16:36.0495 3108 SystemInfo:
    17:16:36.0495 3108
    17:16:36.0495 3108 OS Version: 6.1.7601 ServicePack: 1.0
    17:16:36.0495 3108 Product type: Workstation
    17:16:36.0495 3108 ComputerName: BRANDON-PC
    17:16:36.0495 3108 UserName: Brandon
    17:16:36.0495 3108 Windows directory: C:\Windows
    17:16:36.0495 3108 System windows directory: C:\Windows
    17:16:36.0495 3108 Running under WOW64
    17:16:36.0495 3108 Processor architecture: Intel x64
    17:16:36.0495 3108 Number of processors: 4
    17:16:36.0495 3108 Page size: 0x1000
    17:16:36.0495 3108 Boot type: Normal boot
    17:16:36.0495 3108 ============================================================
    17:16:37.0790 3108 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    17:16:37.0790 3108 Drive \Device\Harddisk1\DR1 - Size: 0x12A2377E00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:16:37.0820 3108 ============================================================
    17:16:37.0820 3108 \Device\Harddisk0\DR0:
    17:16:37.0820 3108 MBR partitions:
    17:16:37.0820 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:16:37.0820 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352000
    17:16:37.0820 3108 \Device\Harddisk1\DR1:
    17:16:37.0840 3108 MBR partitions:
    17:16:37.0840 3108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9511B81
    17:16:37.0840 3108 ============================================================
    17:16:37.0860 3108 C: <-> \Device\Harddisk0\DR0\Partition1
    17:16:37.0875 3108 D: <-> \Device\Harddisk1\DR1\Partition0
    17:16:37.0885 3108 ============================================================
    17:16:37.0885 3108 Initialize success
    17:16:37.0885 3108 ============================================================
    17:17:16.0815 4860 ============================================================
    17:17:16.0815 4860 Scan started
    17:17:16.0815 4860 Mode: Manual; SigCheck; TDLFS;
    17:17:16.0815 4860 ============================================================
    17:17:18.0935 4860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:17:19.0075 4860 1394ohci - ok
    17:17:19.0135 4860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:17:19.0170 4860 ACPI - ok
    17:17:19.0205 4860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:17:19.0250 4860 AcpiPmi - ok
    17:17:19.0365 4860 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:17:19.0385 4860 AdobeARMservice - ok
    17:17:19.0515 4860 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:17:19.0535 4860 AdobeFlashPlayerUpdateSvc - ok
    17:17:19.0590 4860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:17:19.0615 4860 adp94xx - ok
    17:17:19.0640 4860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:17:19.0660 4860 adpahci - ok
    17:17:19.0680 4860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:17:19.0695 4860 adpu320 - ok
    17:17:19.0715 4860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:17:19.0755 4860 AeLookupSvc - ok
    17:17:19.0830 4860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:17:19.0875 4860 AFD - ok
    17:17:19.0915 4860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:17:19.0935 4860 agp440 - ok
    17:17:19.0950 4860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:17:19.0990 4860 ALG - ok
    17:17:20.0005 4860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:17:20.0025 4860 aliide - ok
    17:17:20.0030 4860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:17:20.0050 4860 amdide - ok
    17:17:20.0070 4860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:17:20.0095 4860 AmdK8 - ok
    17:17:20.0115 4860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:17:20.0140 4860 AmdPPM - ok
    17:17:20.0175 4860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:17:20.0185 4860 amdsata - ok
    17:17:20.0210 4860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:17:20.0225 4860 amdsbs - ok
    17:17:20.0235 4860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:17:20.0250 4860 amdxata - ok
    17:17:20.0295 4860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:17:20.0365 4860 AppID - ok
    17:17:20.0380 4860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:17:20.0435 4860 AppIDSvc - ok
    17:17:20.0480 4860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:17:20.0540 4860 Appinfo - ok
    17:17:20.0645 4860 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:17:20.0660 4860 Apple Mobile Device - ok
    17:17:20.0705 4860 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    17:17:20.0740 4860 AppMgmt - ok
    17:17:20.0780 4860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:17:20.0800 4860 arc - ok
    17:17:20.0815 4860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:17:20.0830 4860 arcsas - ok
    17:17:20.0935 4860 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:17:20.0970 4860 aspnet_state - ok
    17:17:21.0015 4860 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    17:17:21.0040 4860 aswFsBlk - ok
    17:17:21.0070 4860 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    17:17:21.0085 4860 aswMonFlt - ok
    17:17:21.0115 4860 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    17:17:21.0125 4860 aswRdr - ok
    17:17:21.0165 4860 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    17:17:21.0200 4860 aswSnx - ok
    17:17:21.0220 4860 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    17:17:21.0235 4860 aswSP - ok
    17:17:21.0240 4860 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    17:17:21.0250 4860 aswTdi - ok
    17:17:21.0260 4860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:17:21.0310 4860 AsyncMac - ok
    17:17:21.0345 4860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:17:21.0365 4860 atapi - ok
    17:17:21.0415 4860 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
    17:17:21.0445 4860 atksgt - ok
    17:17:21.0515 4860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:17:21.0605 4860 AudioEndpointBuilder - ok
    17:17:21.0610 4860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:17:21.0645 4860 AudioSrv - ok
    17:17:21.0710 4860 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:17:21.0725 4860 avast! Antivirus - ok
    17:17:21.0785 4860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:17:21.0830 4860 AxInstSV - ok
    17:17:21.0870 4860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:17:21.0935 4860 b06bdrv - ok
    17:17:21.0990 4860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:17:22.0035 4860 b57nd60a - ok
    17:17:22.0080 4860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:17:22.0135 4860 BDESVC - ok
    17:17:22.0160 4860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:17:22.0205 4860 Beep - ok
    17:17:22.0300 4860 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:17:22.0370 4860 BFE - ok
    17:17:22.0600 4860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    17:17:22.0710 4860 BITS - ok
    17:17:22.0735 4860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:17:22.0765 4860 blbdrive - ok
    17:17:22.0845 4860 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    17:17:22.0865 4860 Bonjour Service - ok
    17:17:22.0885 4860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:17:22.0900 4860 bowser - ok
    17:17:22.0915 4860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:17:22.0935 4860 BrFiltLo - ok
    17:17:22.0950 4860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:17:22.0970 4860 BrFiltUp - ok
    17:17:23.0015 4860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:17:23.0090 4860 Browser - ok
    17:17:23.0120 4860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:17:23.0145 4860 Brserid - ok
    17:17:23.0160 4860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:17:23.0180 4860 BrSerWdm - ok
    17:17:23.0190 4860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:17:23.0215 4860 BrUsbMdm - ok
    17:17:23.0220 4860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:17:23.0240 4860 BrUsbSer - ok
    17:17:23.0250 4860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:17:23.0285 4860 BTHMODEM - ok
    17:17:23.0325 4860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:17:23.0380 4860 bthserv - ok
    17:17:23.0410 4860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:17:23.0475 4860 cdfs - ok
    17:17:23.0530 4860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:17:23.0565 4860 cdrom - ok
    17:17:23.0615 4860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:17:23.0660 4860 CertPropSvc - ok
    17:17:23.0675 4860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:17:23.0690 4860 circlass - ok
    17:17:23.0715 4860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:17:23.0735 4860 CLFS - ok
    17:17:23.0800 4860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:17:23.0820 4860 clr_optimization_v2.0.50727_32 - ok
    17:17:23.0860 4860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:17:23.0880 4860 clr_optimization_v2.0.50727_64 - ok
    17:17:23.0955 4860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:17:24.0040 4860 clr_optimization_v4.0.30319_32 - ok
    17:17:24.0080 4860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:17:24.0105 4860 clr_optimization_v4.0.30319_64 - ok
    17:17:24.0130 4860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:17:24.0160 4860 CmBatt - ok
    17:17:24.0205 4860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:17:24.0225 4860 cmdide - ok
    17:17:24.0285 4860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:17:24.0355 4860 CNG - ok
    17:17:24.0410 4860 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
    17:17:24.0425 4860 COMMONFX - ok
    17:17:24.0460 4860 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
    17:17:24.0490 4860 COMMONFX.DLL - ok
    17:17:24.0505 4860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:17:24.0520 4860 Compbatt - ok
    17:17:24.0565 4860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:17:24.0600 4860 CompositeBus - ok
    17:17:24.0615 4860 COMSysApp - ok
    17:17:24.0625 4860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:17:24.0645 4860 crcdisk - ok
    17:17:24.0705 4860 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:17:24.0725 4860 CryptSvc - ok
    17:17:24.0790 4860 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    17:17:24.0890 4860 CSC - ok
    17:17:24.0960 4860 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    17:17:25.0015 4860 CscService - ok
    17:17:25.0055 4860 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
    17:17:25.0075 4860 CT20XUT.DLL - ok
    17:17:25.0145 4860 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
    17:17:25.0180 4860 ctac32k - ok
    17:17:25.0225 4860 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
    17:17:25.0260 4860 ctaud2k - ok
    17:17:25.0325 4860 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
    17:17:25.0365 4860 CTAUDFX - ok
    17:17:25.0405 4860 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
    17:17:25.0430 4860 CTAUDFX.DLL - ok
    17:17:25.0450 4860 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
    17:17:25.0465 4860 CTEAPSFX.DLL - ok
    17:17:25.0505 4860 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
    17:17:25.0520 4860 CTEDSPFX.DLL - ok
    17:17:25.0545 4860 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
    17:17:25.0555 4860 CTEDSPIO.DLL - ok
    17:17:25.0585 4860 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
    17:17:25.0600 4860 CTEDSPSY.DLL - ok
    17:17:25.0615 4860 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
    17:17:25.0630 4860 CTERFXFX - ok
    17:17:25.0645 4860 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
    17:17:25.0655 4860 CTERFXFX.DLL - ok
    17:17:25.0735 4860 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
    17:17:25.0775 4860 CTEXFIFX.DLL - ok
    17:17:25.0855 4860 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
    17:17:25.0875 4860 CTHWIUT.DLL - ok
    17:17:25.0885 4860 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
    17:17:25.0895 4860 ctprxy2k - ok
    17:17:25.0935 4860 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
    17:17:25.0960 4860 CTSBLFX - ok
    17:17:26.0005 4860 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
    17:17:26.0035 4860 CTSBLFX.DLL - ok
    17:17:26.0055 4860 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
    17:17:26.0070 4860 ctsfm2k - ok
    17:17:26.0145 4860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:17:26.0200 4860 DcomLaunch - ok
    17:17:26.0240 4860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:17:26.0275 4860 defragsvc - ok
    17:17:26.0330 4860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:17:26.0390 4860 DfsC - ok
    17:17:26.0455 4860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:17:26.0500 4860 Dhcp - ok
    17:17:26.0515 4860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:17:26.0560 4860 discache - ok
    17:17:26.0590 4860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:17:26.0615 4860 Disk - ok
    17:17:26.0640 4860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:17:26.0675 4860 Dnscache - ok
    17:17:26.0725 4860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:17:26.0785 4860 dot3svc - ok
    17:17:26.0825 4860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:17:26.0870 4860 DPS - ok
    17:17:26.0905 4860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:17:26.0930 4860 drmkaud - ok
    17:17:27.0000 4860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:17:27.0030 4860 DXGKrnl - ok
    17:17:27.0055 4860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:17:27.0100 4860 EapHost - ok
    17:17:27.0275 4860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:17:27.0365 4860 ebdrv - ok
    17:17:27.0455 4860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:17:27.0500 4860 EFS - ok
    17:17:27.0575 4860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:17:27.0650 4860 ehRecvr - ok
    17:17:27.0680 4860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:17:27.0700 4860 ehSched - ok
    17:17:27.0760 4860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:17:27.0780 4860 elxstor - ok
    17:17:27.0810 4860 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
    17:17:27.0825 4860 emupia - ok
    17:17:27.0855 4860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:17:27.0880 4860 ErrDev - ok
    17:17:27.0930 4860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:17:27.0980 4860 EventSystem - ok
    17:17:28.0005 4860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:17:28.0040 4860 exfat - ok
    17:17:28.0065 4860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:17:28.0110 4860 fastfat - ok
    17:17:28.0190 4860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:17:28.0220 4860 Fax - ok
    17:17:28.0235 4860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:17:28.0255 4860 fdc - ok
    17:17:28.0270 4860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:17:28.0305 4860 fdPHost - ok
    17:17:28.0325 4860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:17:28.0385 4860 FDResPub - ok
    17:17:28.0400 4860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:17:28.0415 4860 FileInfo - ok
    17:17:28.0425 4860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:17:28.0455 4860 Filetrace - ok
    17:17:28.0465 4860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:17:28.0480 4860 flpydisk - ok
    17:17:28.0550 4860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:17:28.0575 4860 FltMgr - ok
    17:17:28.0665 4860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:17:28.0725 4860 FontCache - ok
    17:17:28.0805 4860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:17:28.0820 4860 FontCache3.0.0.0 - ok
    17:17:28.0850 4860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:17:28.0870 4860 FsDepends - ok
    17:17:28.0915 4860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:17:28.0925 4860 Fs_Rec - ok
    17:17:28.0965 4860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:17:28.0995 4860 fvevol - ok
    17:17:29.0035 4860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:17:29.0045 4860 gagp30kx - ok
    17:17:29.0105 4860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:17:29.0120 4860 GEARAspiWDM - ok
    17:17:29.0200 4860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:17:29.0300 4860 gpsvc - ok
    17:17:29.0360 4860 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:17:29.0375 4860 gupdate - ok
    17:17:29.0400 4860 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:17:29.0410 4860 gupdatem - ok
    17:17:29.0480 4860 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
    17:17:29.0520 4860 ha10kx2k - ok
    17:17:29.0595 4860 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
    17:17:29.0615 4860 hap16v2k - ok
    17:17:29.0645 4860 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
    17:17:29.0660 4860 hap17v2k - ok
    17:17:29.0675 4860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:17:29.0705 4860 hcw85cir - ok
    17:17:29.0750 4860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:17:29.0790 4860 HdAudAddService - ok
    17:17:29.0845 4860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:17:29.0870 4860 HDAudBus - ok
    17:17:29.0885 4860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:17:29.0910 4860 HidBatt - ok
    17:17:29.0925 4860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:17:29.0955 4860 HidBth - ok
    17:17:29.0965 4860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:17:29.0985 4860 HidIr - ok
    17:17:30.0000 4860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:17:30.0050 4860 hidserv - ok
    17:17:30.0120 4860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:17:30.0140 4860 HidUsb - ok
    17:17:30.0185 4860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:17:30.0240 4860 hkmsvc - ok
    17:17:30.0285 4860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:17:30.0320 4860 HomeGroupListener - ok
    17:17:30.0365 4860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:17:30.0400 4860 HomeGroupProvider - ok
    17:17:30.0480 4860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:17:30.0500 4860 HpSAMD - ok
    17:17:30.0580 4860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:17:30.0640 4860 HTTP - ok
    17:17:30.0675 4860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:17:30.0695 4860 hwpolicy - ok
    17:17:30.0720 4860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:17:30.0735 4860 i8042prt - ok
    17:17:30.0775 4860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:17:30.0805 4860 iaStorV - ok
    17:17:30.0885 4860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:17:30.0925 4860 idsvc - ok
    17:17:30.0950 4860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:17:30.0960 4860 iirsp - ok
    17:17:31.0005 4860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:17:31.0070 4860 IKEEXT - ok
    17:17:31.0140 4860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:17:31.0150 4860 intelide - ok
    17:17:31.0175 4860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:17:31.0205 4860 intelppm - ok
    17:17:31.0235 4860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:17:31.0270 4860 IPBusEnum - ok
    17:17:31.0305 4860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:17:31.0350 4860 IpFilterDriver - ok
    17:17:31.0405 4860 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:17:31.0470 4860 iphlpsvc - ok
    17:17:31.0505 4860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:17:31.0535 4860 IPMIDRV - ok
    17:17:31.0550 4860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:17:31.0595 4860 IPNAT - ok
    17:17:31.0675 4860 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
    17:17:31.0705 4860 iPod Service - ok
    17:17:31.0725 4860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:17:31.0755 4860 IRENUM - ok
    17:17:31.0765 4860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:17:31.0780 4860 isapnp - ok
    17:17:31.0830 4860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:17:31.0845 4860 iScsiPrt - ok
    17:17:31.0895 4860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:17:31.0915 4860 kbdclass - ok
    17:17:31.0960 4860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:17:31.0990 4860 kbdhid - ok
    17:17:32.0030 4860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:17:32.0045 4860 KeyIso - ok
    17:17:32.0060 4860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:17:32.0075 4860 KSecDD - ok
    17:17:32.0090 4860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:17:32.0105 4860 KSecPkg - ok
    17:17:32.0110 4860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:17:32.0155 4860 ksthunk - ok
    17:17:32.0190 4860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:17:32.0265 4860 KtmRm - ok
    17:17:32.0310 4860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    17:17:32.0355 4860 LanmanServer - ok
    17:17:32.0400 4860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:17:32.0445 4860 LanmanWorkstation - ok
    17:17:32.0495 4860 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
    17:17:32.0510 4860 lirsgt - ok
    17:17:32.0535 4860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:17:32.0585 4860 lltdio - ok
    17:17:32.0775 4860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:17:32.0825 4860 lltdsvc - ok
    17:17:32.0845 4860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:17:32.0880 4860 lmhosts - ok
    17:17:32.0905 4860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:17:32.0920 4860 LSI_FC - ok
    17:17:32.0940 4860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:17:32.0955 4860 LSI_SAS - ok
    17:17:32.0970 4860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:17:32.0980 4860 LSI_SAS2 - ok
    17:17:33.0000 4860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:17:33.0010 4860 LSI_SCSI - ok
    17:17:33.0040 4860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:17:33.0085 4860 luafv - ok
    17:17:33.0130 4860 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    17:17:33.0150 4860 MBAMProtector - ok
    17:17:33.0240 4860 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:17:33.0275 4860 MBAMService - ok
    17:17:33.0315 4860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:17:33.0350 4860 Mcx2Svc - ok
    17:17:33.0370 4860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:17:33.0380 4860 megasas - ok
    17:17:33.0405 4860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:17:33.0425 4860 MegaSR - ok
    17:17:33.0465 4860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:17:33.0500 4860 MMCSS - ok
    17:17:33.0520 4860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:17:33.0550 4860 Modem - ok
    17:17:33.0595 4860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:17:33.0635 4860 monitor - ok
    17:17:33.0680 4860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:17:33.0700 4860 mouclass - ok
    17:17:33.0725 4860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:17:33.0750 4860 mouhid - ok
    17:17:33.0790 4860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:17:33.0810 4860 mountmgr - ok
    17:17:33.0850 4860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:17:33.0865 4860 mpio - ok
    17:17:33.0885 4860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:17:33.0920 4860 mpsdrv - ok
    17:17:33.0995 4860 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:17:34.0070 4860 MpsSvc - ok
    17:17:34.0110 4860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:17:34.0130 4860 MRxDAV - ok
    17:17:34.0180 4860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:17:34.0200 4860 mrxsmb - ok
    17:17:34.0260 4860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:17:34.0285 4860 mrxsmb10 - ok
    17:17:34.0325 4860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:17:34.0345 4860 mrxsmb20 - ok
    17:17:34.0395 4860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:17:34.0410 4860 msahci - ok
    17:17:34.0455 4860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:17:34.0480 4860 msdsm - ok
    17:17:34.0500 4860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:17:34.0520 4860 MSDTC - ok
    17:17:34.0560 4860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:17:34.0590 4860 Msfs - ok
    17:17:34.0605 4860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:17:34.0655 4860 mshidkmdf - ok
    17:17:34.0680 4860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:17:34.0695 4860 msisadrv - ok
    17:17:34.0745 4860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:17:34.0815 4860 MSiSCSI - ok
    17:17:34.0815 4860 msiserver - ok
    17:17:34.0840 4860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:17:34.0875 4860 MSKSSRV - ok
    17:17:34.0890 4860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:17:34.0930 4860 MSPCLOCK - ok
    17:17:34.0940 4860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:17:34.0980 4860 MSPQM - ok
    17:17:35.0035 4860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:17:35.0070 4860 MsRPC - ok
    17:17:35.0085 4860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:17:35.0100 4860 mssmbios - ok
    17:17:35.0110 4860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:17:35.0150 4860 MSTEE - ok
    17:17:35.0165 4860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:17:35.0180 4860 MTConfig - ok
    17:17:35.0195 4860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:17:35.0210 4860 Mup - ok
    17:17:35.0265 4860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:17:35.0330 4860 napagent - ok
    17:17:35.0375 4860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:17:35.0395 4860 NativeWifiP - ok
    17:17:35.0445 4860 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:17:35.0480 4860 NDIS - ok
    17:17:35.0500 4860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:17:35.0555 4860 NdisCap - ok
    17:17:35.0580 4860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:17:35.0610 4860 NdisTapi - ok
    17:17:35.0650 4860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:17:35.0700 4860 Ndisuio - ok
    17:17:35.0740 4860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:17:35.0795 4860 NdisWan - ok
    17:17:35.0840 4860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:17:35.0880 4860 NDProxy - ok
    17:17:35.0890 4860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:17:35.0935 4860 NetBIOS - ok
    17:17:35.0980 4860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:17:36.0080 4860 NetBT - ok
    17:17:36.0120 4860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:17:36.0135 4860 Netlogon - ok
    17:17:36.0195 4860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:17:36.0265 4860 Netman - ok
    17:17:36.0355 4860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:17:36.0375 4860 NetMsmqActivator - ok
    17:17:36.0380 4860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:17:36.0390 4860 NetPipeActivator - ok
    17:17:36.0425 4860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:17:36.0480 4860 netprofm - ok
    17:17:36.0500 4860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:17:36.0510 4860 NetTcpActivator - ok
    17:17:36.0515 4860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:17:36.0525 4860 NetTcpPortSharing - ok
    17:17:36.0570 4860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:17:36.0590 4860 nfrd960 - ok
    17:17:36.0650 4860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:17:36.0715 4860 NlaSvc - ok
    17:17:36.0730 4860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:17:36.0765 4860 Npfs - ok
    17:17:36.0770 4860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:17:36.0805 4860 nsi - ok
    17:17:36.0820 4860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:17:36.0860 4860 nsiproxy - ok
    17:17:36.0965 4860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:17:37.0020 4860 Ntfs - ok
    17:17:37.0075 4860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:17:37.0120 4860 Null - ok
    17:17:37.0190 4860 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
    17:17:37.0210 4860 NVHDA - ok
    17:17:37.0655 4860 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:17:37.0995 4860 nvlddmkm - ok
    17:17:38.0090 4860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:17:38.0105 4860 nvraid - ok
    17:17:38.0125 4860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:17:38.0140 4860 nvstor - ok
    17:17:38.0245 4860 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
    17:17:38.0305 4860 nvsvc - ok
    17:17:38.0445 4860 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    17:17:38.0515 4860 nvUpdatusService - ok
    17:17:38.0575 4860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:17:38.0595 4860 nv_agp - ok
    17:17:38.0635 4860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:17:38.0655 4860 ohci1394 - ok
    17:17:38.0685 4860 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
    17:17:38.0700 4860 ossrv - ok
    17:17:38.0735 4860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:17:38.0765 4860 p2pimsvc - ok
    17:17:38.0800 4860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:17:38.0825 4860 p2psvc - ok
    17:17:38.0890 4860 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
    17:17:38.0920 4860 PAC207 - ok
    17:17:38.0955 4860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:17:38.0975 4860 Parport - ok
    17:17:39.0025 4860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:17:39.0045 4860 partmgr - ok
    17:17:39.0070 4860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:17:39.0100 4860 PcaSvc - ok
    17:17:39.0155 4860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:17:39.0175 4860 pci - ok
    17:17:39.0195 4860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:17:39.0210 4860 pciide - ok
    17:17:39.0240 4860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:17:39.0255 4860 pcmcia - ok
    17:17:39.0270 4860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:17:39.0280 4860 pcw - ok
    17:17:39.0320 4860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:17:39.0380 4860 PEAUTH - ok
    17:17:39.0460 4860 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    17:17:39.0505 4860 PeerDistSvc - ok
    17:17:39.0590 4860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:17:39.0620 4860 PerfHost - ok
    17:17:39.0750 4860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:17:39.0800 4860 pla - ok
    17:17:39.0870 4860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:17:39.0915 4860 PlugPlay - ok
    17:17:39.0925 4860 PnkBstrA - ok
    17:17:39.0930 4860 PnkBstrB - ok
    17:17:39.0955 4860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:17:39.0970 4860 PNRPAutoReg - ok
    17:17:39.0995 4860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:17:40.0010 4860 PNRPsvc - ok
    17:17:40.0045 4860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:17:40.0095 4860 PolicyAgent - ok
    17:17:40.0130 4860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:17:40.0180 4860 Power - ok
    17:17:40.0230 4860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:17:40.0275 4860 PptpMiniport - ok
    17:17:40.0305 4860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:17:40.0330 4860 Processor - ok
    17:17:40.0380 4860 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    17:17:40.0410 4860 ProfSvc - ok
    17:17:40.0445 4860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:17:40.0460 4860 ProtectedStorage - ok
    17:17:40.0505 4860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:17:40.0555 4860 Psched - ok
    17:17:40.0635 4860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:17:40.0680 4860 ql2300 - ok
    17:17:40.0750 4860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:17:40.0770 4860 ql40xx - ok
    17:17:40.0800 4860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:17:40.0835 4860 QWAVE - ok
    17:17:40.0850 4860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:17:40.0865 4860 QWAVEdrv - ok
    17:17:40.0875 4860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:17:40.0905 4860 RasAcd - ok
    17:17:40.0930 4860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:17:40.0965 4860 RasAgileVpn - ok
    17:17:40.0980 4860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:17:41.0025 4860 RasAuto - ok
    17:17:41.0075 4860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:17:41.0105 4860 Rasl2tp - ok
    17:17:41.0160 4860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:17:41.0220 4860 RasMan - ok
    17:17:41.0245 4860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:17:41.0285 4860 RasPppoe - ok
    17:17:41.0305 4860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:17:41.0350 4860 RasSstp - ok
    17:17:41.0400 4860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:17:41.0440 4860 rdbss - ok
    17:17:41.0450 4860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:17:41.0470 4860 rdpbus - ok
    17:17:41.0490 4860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:17:41.0520 4860 RDPCDD - ok
    17:17:41.0570 4860 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    17:17:41.0590 4860 RDPDR - ok
    17:17:41.0605 4860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:17:41.0660 4860 RDPENCDD - ok
    17:17:41.0665 4860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:17:41.0695 4860 RDPREFMP - ok
    17:17:41.0735 4860 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:17:41.0765 4860 RDPWD - ok
    17:17:41.0810 4860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:17:41.0830 4860 rdyboost - ok
    17:17:41.0850 4860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:17:41.0920 4860 RemoteAccess - ok
    17:17:41.0945 4860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:17:41.0980 4860 RemoteRegistry - ok
    17:17:42.0015 4860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:17:42.0065 4860 RpcEptMapper - ok
    17:17:42.0085 4860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:17:42.0115 4860 RpcLocator - ok
    17:17:42.0175 4860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:17:42.0220 4860 RpcSs - ok
    17:17:42.0250 4860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:17:42.0290 4860 rspndr - ok
    17:17:42.0345 4860 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:17:42.0385 4860 RTL8167 - ok
    17:17:42.0460 4860 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
    17:17:42.0490 4860 RTL8192su - ok
    17:17:42.0530 4860 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    17:17:42.0550 4860 s3cap - ok
    17:17:42.0590 4860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:17:42.0610 4860 SamSs - ok
    17:17:42.0645 4860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:17:42.0660 4860 sbp2port - ok
    17:17:42.0815 4860 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    17:17:42.0860 4860 SBSDWSCService - ok
    17:17:42.0895 4860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:17:42.0955 4860 SCardSvr - ok
    17:17:43.0030 4860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:17:43.0095 4860 scfilter - ok
    17:17:43.0170 4860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:17:43.0260 4860 Schedule - ok
    17:17:43.0300 4860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:17:43.0345 4860 SCPolicySvc - ok
    17:17:43.0395 4860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:17:43.0435 4860 SDRSVC - ok
    17:17:43.0485 4860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:17:43.0530 4860 secdrv - ok
    17:17:43.0565 4860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:17:43.0610 4860 seclogon - ok
    17:17:43.0625 4860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    17:17:43.0695 4860 SENS - ok
    17:17:43.0720 4860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:17:43.0735 4860 SensrSvc - ok
    17:17:43.0755 4860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:17:43.0790 4860 Serenum - ok
    17:17:43.0810 4860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:17:43.0825 4860 Serial - ok
    17:17:43.0865 4860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:17:43.0895 4860 sermouse - ok
    17:17:43.0950 4860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:17:44.0000 4860 SessionEnv - ok
    17:17:44.0040 4860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:17:44.0070 4860 sffdisk - ok
    17:17:44.0080 4860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:17:44.0095 4860 sffp_mmc - ok
    17:17:44.0110 4860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:17:44.0140 4860 sffp_sd - ok
    17:17:44.0150 4860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:17:44.0165 4860 sfloppy - ok
    17:17:44.0200 4860 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:17:44.0270 4860 SharedAccess - ok
    17:17:44.0310 4860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:17:44.0365 4860 ShellHWDetection - ok
    17:17:44.0385 4860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:17:44.0400 4860 SiSRaid2 - ok
    17:17:44.0415 4860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:17:44.0430 4860 SiSRaid4 - ok
    17:17:44.0635 4860 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    17:17:44.0730 4860 Skype C2C Service - ok
    17:17:44.0815 4860 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:17:44.0835 4860 SkypeUpdate - ok
    17:17:44.0910 4860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:17:44.0985 4860 Smb - ok
    17:17:45.0025 4860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:17:45.0045 4860 SNMPTRAP - ok
    17:17:45.0065 4860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:17:45.0080 4860 spldr - ok
    17:17:45.0145 4860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:17:45.0190 4860 Spooler - ok
    17:17:45.0345 4860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:17:45.0455 4860 sppsvc - ok
    17:17:45.0500 4860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:17:45.0535 4860 sppuinotify - ok
    17:17:45.0575 4860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:17:45.0610 4860 srv - ok
    17:17:45.0645 4860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:17:45.0680 4860 srv2 - ok
    17:17:45.0700 4860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:17:45.0730 4860 srvnet - ok
    17:17:45.0755 4860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:17:45.0805 4860 SSDPSRV - ok
    17:17:45.0820 4860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:17:45.0855 4860 SstpSvc - ok
    17:17:45.0900 4860 Steam Client Service - ok
    17:17:45.0995 4860 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    17:17:46.0030 4860 Stereo Service - ok
    17:17:46.0055 4860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:17:46.0070 4860 stexstor - ok
    17:17:46.0140 4860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:17:46.0185 4860 stisvc - ok
    17:17:46.0230 4860 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    17:17:46.0250 4860 storflt - ok
    17:17:46.0280 4860 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    17:17:46.0320 4860 StorSvc - ok
    17:17:46.0335 4860 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    17:17:46.0355 4860 storvsc - ok
    17:17:46.0365 4860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:17:46.0375 4860 swenum - ok
    17:17:46.0415 4860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:17:46.0475 4860 swprv - ok
    17:17:46.0585 4860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:17:46.0655 4860 SysMain - ok
    17:17:46.0755 4860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:17:46.0785 4860 TabletInputService - ok
    17:17:46.0835 4860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:17:46.0885 4860 TapiSrv - ok
    17:17:46.0895 4860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:17:46.0935 4860 TBS - ok
    17:17:47.0055 4860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:17:47.0110 4860 Tcpip - ok
    17:17:47.0215 4860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:17:47.0250 4860 TCPIP6 - ok
    17:17:47.0315 4860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:17:47.0365 4860 tcpipreg - ok
    17:17:47.0380 4860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:17:47.0410 4860 TDPIPE - ok
    17:17:47.0440 4860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:17:47.0465 4860 TDTCP - ok
    17:17:47.0510 4860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:17:47.0555 4860 tdx - ok
    17:17:47.0590 4860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:17:47.0615 4860 TermDD - ok
    17:17:47.0675 4860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:17:47.0770 4860 TermService - ok
    17:17:47.0800 4860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:17:47.0825 4860 Themes - ok
    17:17:47.0850 4860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:17:47.0880 4860 THREADORDER - ok
    17:17:47.0895 4860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:17:47.0945 4860 TrkWks - ok
    17:17:47.0985 4860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:17:48.0050 4860 TrustedInstaller - ok
    17:17:48.0090 4860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:17:48.0145 4860 tssecsrv - ok
    17:17:48.0210 4860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:17:48.0250 4860 TsUsbFlt - ok
    17:17:48.0305 4860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:17:48.0355 4860 tunnel - ok
    17:17:48.0375 4860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:17:48.0385 4860 uagp35 - ok
    17:17:48.0435 4860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:17:48.0485 4860 udfs - ok
    17:17:48.0510 4860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:17:48.0525 4860 UI0Detect - ok
    17:17:48.0570 4860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:17:48.0585 4860 uliagpkx - ok
    17:17:48.0635 4860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:17:48.0665 4860 umbus - ok
    17:17:48.0680 4860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:17:48.0705 4860 UmPass - ok
    17:17:48.0750 4860 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    17:17:48.0775 4860 UmRdpService - ok
    17:17:48.0805 4860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:17:48.0860 4860 upnphost - ok
    17:17:48.0905 4860 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:17:48.0925 4860 usbaudio - ok
    17:17:48.0950 4860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:17:48.0970 4860 usbccgp - ok
    17:17:49.0035 4860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:17:49.0060 4860 usbcir - ok
    17:17:49.0085 4860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:17:49.0100 4860 usbehci - ok
    17:17:49.0130 4860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:17:49.0160 4860 usbhub - ok
    17:17:49.0175 4860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:17:49.0190 4860 usbohci - ok
    17:17:49.0215 4860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:17:49.0240 4860 usbprint - ok
    17:17:49.0270 4860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:17:49.0300 4860 USBSTOR - ok
    17:17:49.0320 4860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:17:49.0345 4860 usbuhci - ok
    17:17:49.0370 4860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:17:49.0405 4860 UxSms - ok
    17:17:49.0445 4860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:17:49.0460 4860 VaultSvc - ok
    17:17:49.0515 4860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:17:49.0525 4860 vdrvroot - ok
    17:17:49.0585 4860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:17:49.0630 4860 vds - ok
    17:17:49.0665 4860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:17:49.0685 4860 vga - ok
    17:17:49.0695 4860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:17:49.0740 4860 VgaSave - ok
    17:17:49.0790 4860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:17:49.0805 4860 vhdmp - ok
    17:17:49.0820 4860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:17:49.0835 4860 viaide - ok
    17:17:49.0885 4860 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    17:17:49.0900 4860 vmbus - ok
    17:17:49.0940 4860 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    17:17:49.0965 4860 VMBusHID - ok
    17:17:49.0985 4860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:17:50.0000 4860 volmgr - ok
    17:17:50.0050 4860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:17:50.0070 4860 volmgrx - ok
    17:17:50.0090 4860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:17:50.0110 4860 volsnap - ok
    17:17:50.0130 4860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:17:50.0145 4860 vsmraid - ok
    17:17:50.0240 4860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:17:50.0310 4860 VSS - ok
    17:17:50.0390 4860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:17:50.0420 4860 vwifibus - ok
    17:17:50.0445 4860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:17:50.0475 4860 vwififlt - ok
    17:17:50.0520 4860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:17:50.0565 4860 W32Time - ok
    17:17:50.0580 4860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:17:50.0615 4860 WacomPen - ok
    17:17:50.0680 4860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:17:50.0725 4860 WANARP - ok
    17:17:50.0735 4860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:17:50.0765 4860 Wanarpv6 - ok
    17:17:50.0855 4860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:17:50.0900 4860 WatAdminSvc - ok
    17:17:51.0000 4860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:17:51.0055 4860 wbengine - ok
    17:17:51.0145 4860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:17:51.0170 4860 WbioSrvc - ok
    17:17:51.0220 4860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:17:51.0270 4860 wcncsvc - ok
    17:17:51.0285 4860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:17:51.0305 4860 WcsPlugInService - ok
    17:17:51.0335 4860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:17:51.0345 4860 Wd - ok
    17:17:51.0390 4860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:17:51.0420 4860 Wdf01000 - ok
    17:17:51.0430 4860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:17:51.0465 4860 WdiServiceHost - ok
    17:17:51.0470 4860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:17:51.0490 4860 WdiSystemHost - ok
    17:17:51.0540 4860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:17:51.0590 4860 WebClient - ok
    17:17:51.0610 4860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:17:51.0645 4860 Wecsvc - ok
    17:17:51.0660 4860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:17:51.0705 4860 wercplsupport - ok
    17:17:51.0730 4860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:17:51.0765 4860 WerSvc - ok
    17:17:51.0785 4860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:17:51.0820 4860 WfpLwf - ok
    17:17:51.0835 4860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:17:51.0845 4860 WIMMount - ok
    17:17:51.0870 4860 WinDefend - ok
    17:17:51.0880 4860 WinHttpAutoProxySvc - ok
    17:17:51.0940 4860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:17:51.0990 4860 Winmgmt - ok
    17:17:52.0105 4860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:17:52.0190 4860 WinRM - ok
    17:17:52.0280 4860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:17:52.0305 4860 WinUsb - ok
    17:17:52.0360 4860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:17:52.0410 4860 Wlansvc - ok
    17:17:52.0595 4860 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:17:52.0675 4860 wlidsvc - ok
    17:17:52.0760 4860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:17:52.0785 4860 WmiAcpi - ok
    17:17:52.0830 4860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:17:52.0860 4860 wmiApSrv - ok
    17:17:52.0895 4860 WMPNetworkSvc - ok
    17:17:52.0915 4860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:17:52.0940 4860 WPCSvc - ok
    17:17:53.0005 4860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:17:53.0030 4860 WPDBusEnum - ok
    17:17:53.0055 4860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:17:53.0090 4860 ws2ifsl - ok
    17:17:53.0105 4860 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    17:17:53.0135 4860 wscsvc - ok
    17:17:53.0140 4860 WSearch - ok
    17:17:53.0270 4860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:17:53.0365 4860 wuauserv - ok
    17:17:53.0460 4860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:17:53.0525 4860 WudfPf - ok
    17:17:53.0560 4860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:17:53.0610 4860 WUDFRd - ok
    17:17:53.0635 4860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:17:53.0670 4860 wudfsvc - ok
    17:17:53.0695 4860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:17:53.0750 4860 WwanSvc - ok
    17:17:53.0780 4860 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    17:17:53.0805 4860 xusb21 - ok
    17:17:53.0840 4860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:17:54.0080 4860 \Device\Harddisk0\DR0 - ok
    17:17:54.0085 4860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    17:17:54.0245 4860 \Device\Harddisk1\DR1 - ok
    17:17:54.0245 4860 Boot (0x1200) (95391c7d0cba21cd48cdb5d515feb5d6) \Device\Harddisk0\DR0\Partition0
    17:17:54.0250 4860 \Device\Harddisk0\DR0\Partition0 - ok
    17:17:54.0260 4860 Boot (0x1200) (65d57889e5a2443fae5ad1e651be8827) \Device\Harddisk0\DR0\Partition1
    17:17:54.0260 4860 \Device\Harddisk0\DR0\Partition1 - ok
    17:17:54.0265 4860 Boot (0x1200) (c1a34a5925661029008a3bec2338ed54) \Device\Harddisk1\DR1\Partition0
    17:17:54.0265 4860 \Device\Harddisk1\DR1\Partition0 - ok
    17:17:54.0270 4860 ============================================================
    17:17:54.0270 4860 Scan finished
    17:17:54.0270 4860 ============================================================
    17:17:54.0280 3452 Detected object count: 0
    17:17:54.0280 3452 Actual detected object count: 0
    17:18:22.0825 5568 Deinitialize success

    aswMBR Log


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-10 17:30:03
    -----------------------------
    17:30:03.247 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:30:03.247 Number of processors: 4 586 0xF0B
    17:30:03.247 ComputerName: BRANDON-PC UserName: Brandon
    17:30:04.117 Initialize success
    17:30:04.192 AVAST engine defs: 12071001
    17:30:11.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    17:30:11.372 Disk 0 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476938MB BusType: 3
    17:30:11.377 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
    17:30:11.382 Disk 1 Vendor: Maxtor_6Y080M0 YAR51BW0 Size: 76323MB BusType: 3
    17:30:11.402 Disk 0 MBR read successfully
    17:30:11.407 Disk 0 MBR scan
    17:30:11.412 Disk 0 Windows 7 default MBR code
    17:30:11.417 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:30:11.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476836 MB offset 206848
    17:30:11.452 Disk 0 scanning C:\Windows\system32\drivers
    17:30:19.462 Service scanning
    17:30:33.032 Modules scanning
    17:30:33.037 Disk 0 trace - called modules:
    17:30:33.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    17:30:33.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048d4060]
    17:30:33.062 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800466e580]
    17:30:33.067 5 ACPI.sys[fffff88000f4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004670060]
    17:30:33.747 AVAST engine scan C:\Windows
    17:30:35.342 AVAST engine scan C:\Windows\system32
    17:32:11.462 AVAST engine scan C:\Windows\system32\drivers
    17:32:20.137 AVAST engine scan C:\Users\Brandon
    17:47:11.587 AVAST engine scan C:\ProgramData
    17:48:47.369 Scan finished successfully
    17:49:16.729 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
    17:49:16.734 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"
     

    Attached Files:

    • MBR.zip
      File size:
      560 bytes
      Views:
      1
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Everything is coming up clean as you also found.

    Before considering any further scans I'd like you to try running IE with no Add-ons.

    Follow the instructions in this guide to disable the Add-ons in IE and then run it for a while and see if the problem still exists.
    How to run Firefox and Internet Explorer with no add-ons
     
  8. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    Hi. Thanks for all the help so far! Running Internet Explorer without extensions seems to yield no problems. Still getting occasional redirects in Chrome, though. They seem to be happening less frequently, but they're still there.
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, now follow this to disable the Add-ons in Google Chrome. (With Google Add-ons are referred to as Extensions)
    Manage Extensions in Google Chrome

    See if you can spot any particular Add-on that appears in both browsers. There is one in IE showing in your logs that just might be the cause: Searchqu.
     
  10. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    After disabling extensions in Chrome, I seem to get no more redirects, although Avast does occasionally block a malicious URL, after which the Google hit I click on loads normally. I only have two extensions in the list, the first being "Default Extension 1.0," the second being Avast WebRep. As before, disabling "Default Extension" seems to solve the problem. It remains disabled when I restart Chrome. On the other hand, if I Trash the extension, it reloads and re-enables after restarting Chrome. Thanks!
     
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Go into Chrome and get to the extensions page. Next to Default Extensions 1 click on the small dustbin to remove it. Restart Google and make sure it has not returned and let me know.
     
  12. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    When I disable the check-mark next to "Default Extension," it stays disabled when I restart Chrome; however, when I remove it (trash symbol), and then restart Chrome, it shows up again and is enabled. Perhaps I can just leave it disabled (such that it doesn't have a check-mark next to it), as trashing it only brings it back in full force.
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Not finiding much infomation on this problem, but try this and see if it comes back again.

    Go into Chrome, click on the spanner in the corner and then select Settings. Under Users click on Delete this user.
     
  14. WifflePerson

    WifflePerson Thread Starter

    Joined:
    Jul 5, 2012
    Messages:
    9
    I did as requested, and now "Default Extension" is gone. That may have fixed the problem. I'll post more if I get any redirects in the next day or so. Thank you!
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Good job, there is just one more thing I would advise you to do, remove the old versions of Java from your system and install the latest version. Please follow this guide.

    Java
    Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for Java Platform, Standard Edition.
    • Click the Download JRE button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select the Windows(x86) Offline version.
    • NOTE: A 64bit version is available for use with 64bit browsers running on a 64bit version of Window's, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?
    • Close any programs you may have running - especially your web browser.
    Click on [​IMG] or [​IMG] > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java, JRE or J2SE in the name.
    • Click the Uninstall, Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    -- Java is updated frequently. Te program is set by default to notify you when an update is available. When a new update is installed always uninstall the old version.
    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059845