How can I get rid of this?
I've been told it is a virus!
When I enter Yahoo.com it redirects me to icslleida.cat; note that this only happens on Google Chrome, when I use Internet Explorer it works just fine.
Any ideas?
Q8iEnG
0
Junior Poster
Recommended Answers
Jump to PostSounds like the notorious redirect virus.
edit: And Here
Jump to PostIn addition to MikeyIsMe's suggestion...I would also suggest that you ensure that your AV client is up to date and scanning your computer regularly for Malware. In addition to the traditional AV client, you should scan your comptuer with:
1) MalwareBytes and
2) Hitman ProUnfortunately, there is no one …
Jump to PostHave You followed all the steps in my posted links?
Jump to PostHokay. Download OTL from http://oldtimer.geekstogo.com/OTL.exe
=Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe …
Jump to PostNo problems there, Q8i. Looks like you are ready to release into the wild, again.
Your trojan chose one of many ways to hide in Windows while having an effect upon something seemigly unrelated, hence nothing showed in Chrome itself, but only in IE settings.
You might google searchscopes. Most …
All 24 Replies
Mike Askew
131
Veteran Poster
Featured Poster
JorgeM
958
Problem Solver
Team Colleague
Featured Poster
In addition to MikeyIsMe's suggestion...I would also suggest that you ensure that your AV client is up to date and scanning your computer regularly for Malware. In addition to the traditional AV client, you should scan your comptuer with:
1) MalwareBytes and
2) Hitman Pro
Unfortunately, there is no one product that can provide you with 100% protection. Good security is implemented as a layered approach.
Q8iEnG
0
Junior Poster
Here is the thing.
I have been redirected to http://www.icslleida.cat/ when I try to enter Yahoo.com from Google Chrome.
I have downloaded SpyHunter and it removed all AD Spams and a trojan from my Laptop.
Now, I cannot get rid of this redirection.
It only happens on Google Chrome. When I go to Yahoo.com using Internet Explorer it works just fine.
I tried to check C:\Windows...\hosts; and it is fine.
I re-scanned using Kaspersky and Avast Pro; it is just fine.
I checked my DNS, TCP; they are fine.
I checked my Lan Proxy; it is fine too.
How to get rid of this redirection that occurs only on Google Chrome!!!!!
HELP, please!
Mike Askew
131
Veteran Poster
Featured Poster
Have You followed all the steps in my posted links?
Q8iEnG
0
Junior Poster
@MikeyIsMe yes my friend, I mentioned all the things I did in my reply above.
I just need to get rid of this.
It is happening on Chrome only.
gerbil
216
Industrious Poster
Hokay. Download OTL from http://oldtimer.geekstogo.com/OTL.exe
=Download TDSSkiller from this link, save it to your desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe -you may need to download it to a clean computer and then transfer it to the desktop using a USB flash drive.
=Download Malwarebytes' Anti-Malware from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
=Start TDSSKiller, click Change Parameters. Under Additional options check both boxes, Verify Driver Digital Signature and Detect TDLFS file system; click OK.
-click Start scan;
-if TDSSKiller finds a rootkit and prompts a Cure then press Continue [a reboot may be required];
-press Continue also on any Skip prompt for suspicious files. Do not delete or quarantine any files.
Post the log from C:.
=Dclick mbam-setup.exe to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
=Dclick OTL.exe to start the application; in the window that opens choose, Scan All Users, Minimal Output, Standard Registry ALL, check both LOP and Purity boxes, and then press Run Scan.
The scan will take maybe 5 minutes; 2 notepads will present [they are saved to the place from where you ran OTL.exe] - post both, please.
Q8iEnG
0
Junior Poster
Thank you @gerbil for your time. Well, after I had downloaded TDSSKILLER it found no rootkit but normal skip suspicious files.
Here is the log:
> 09:17:30.0251 6312 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
> 09:17:32.0253 6312 ============================================================
> 09:17:32.0253 6312 Current date / time: 2012/08/08 09:17:32.0253
> 09:17:32.0253 6312 SystemInfo:
> 09:17:32.0254 6312
> 09:17:32.0254 6312 OS Version: 6.1.7600 ServicePack: 0.0
> 09:17:32.0254 6312 Product type: Workstation
> 09:17:32.0254 6312 ComputerName: Q8IENG-VAIO
> 09:17:32.0254 6312 UserName: Q8iEnG
> 09:17:32.0254 6312 Windows directory: C:\Windows
> 09:17:32.0254 6312 System windows directory: C:\Windows
> 09:17:32.0254 6312 Running under WOW64
> 09:17:32.0254 6312 Processor architecture: Intel x64
> 09:17:32.0254 6312 Number of processors: 4
> 09:17:32.0254 6312 Page size: 0x1000
> 09:17:32.0254 6312 Boot type: Normal boot
> 09:17:32.0254 6312 ============================================================
> 09:17:32.0696 6312 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
> 09:17:32.0701 6312 ============================================================
> 09:17:32.0701 6312 \Device\Harddisk0\DR0:
> 09:17:32.0701 6312 MBR partitions:
> 09:17:32.0701 6312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C7F800, BlocksNum 0x32000
> 09:17:32.0701 6312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1CB1800, BlocksNum 0x246D4030
> 09:17:32.0721 6312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x26386800, BlocksNum 0x13FFF000
> 09:17:32.0721 6312 ============================================================
> 09:17:32.0774 6312 C: <-> \Device\Harddisk0\DR0\Partition1
> 09:17:32.0816 6312 D: <-> \Device\Harddisk0\DR0\Partition2
> 09:17:32.0817 6312 ============================================================
> 09:17:32.0817 6312 Initialize success
> 09:17:32.0817 6312 ============================================================
> 09:17:51.0945 6360 ============================================================
> 09:17:51.0945 6360 Scan started
> 09:17:51.0945 6360 Mode: Manual; SigCheck; TDLFS;
> 09:17:51.0945 6360 ============================================================
> 09:17:52.0802 6360 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
> 09:17:52.0881 6360 1394ohci - ok
> 09:17:52.0970 6360 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
> 09:17:52.0992 6360 ACDaemon - ok
> 09:17:53.0032 6360 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
> 09:17:53.0052 6360 ACPI - ok
> 09:17:53.0070 6360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
> 09:17:53.0121 6360 AcpiPmi - ok
> 09:17:53.0197 6360 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
> 09:17:53.0207 6360 AdobeARMservice - ok
> 09:17:53.0420 6360 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
> 09:17:53.0440 6360 AdobeFlashPlayerUpdateSvc - ok
> 09:17:53.0509 6360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
> 09:17:53.0531 6360 adp94xx - ok
> 09:17:53.0565 6360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
> 09:17:53.0588 6360 adpahci - ok
> 09:17:53.0598 6360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
> 09:17:53.0614 6360 adpu320 - ok
> 09:17:53.0641 6360 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
> 09:17:53.0698 6360 AeLookupSvc - ok
> 09:17:53.0737 6360 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
> 09:17:53.0778 6360 AFD - ok
> 09:17:53.0800 6360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
> 09:17:53.0813 6360 agp440 - ok
> 09:17:53.0830 6360 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
> 09:17:53.0867 6360 ALG - ok
> 09:17:53.0869 6360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
> 09:17:53.0884 6360 aliide - ok
> 09:17:53.0915 6360 AMD External Events Utility (3f9b03b72577a6a7405bf30801cbd159) C:\Windows\system32\atiesrxx.exe
> 09:17:53.0957 6360 AMD External Events Utility - ok
> 09:17:53.0963 6360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
> 09:17:53.0976 6360 amdide - ok
> 09:17:53.0983 6360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
> 09:17:54.0017 6360 AmdK8 - ok
> 09:17:54.0304 6360 amdkmdag (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
> 09:17:54.0483 6360 amdkmdag - ok
> 09:17:54.0578 6360 amdkmdap (dca6e341a4a7c31ea8a14c6166c9b249) C:\Windows\system32\DRIVERS\atikmpag.sys
> 09:17:54.0607 6360 amdkmdap - ok
> 09:17:54.0627 6360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
> 09:17:54.0659 6360 AmdPPM - ok
> 09:17:54.0689 6360 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
> 09:17:54.0703 6360 amdsata - ok
> 09:17:54.0726 6360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
> 09:17:54.0742 6360 amdsbs - ok
> 09:17:54.0753 6360 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
> 09:17:54.0763 6360 amdxata - ok
> 09:17:54.0790 6360 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\DRIVERS\Apfiltr.sys
> 09:17:54.0804 6360 ApfiltrService - ok
> 09:17:54.0809 6360 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
> 09:17:54.0843 6360 AppID - ok
> 09:17:54.0874 6360 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
> 09:17:54.0923 6360 AppIDSvc - ok
> 09:17:54.0941 6360 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
> 09:17:54.0973 6360 Appinfo - ok
> 09:17:55.0052 6360 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
> 09:17:55.0063 6360 Apple Mobile Device - ok
> 09:17:55.0078 6360 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
> 09:17:55.0098 6360 AppMgmt - ok
> 09:17:55.0106 6360 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
> 09:17:55.0124 6360 arc - ok
> 09:17:55.0155 6360 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
> 09:17:55.0172 6360 arcsas - ok
> 09:17:55.0192 6360 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
> 09:17:55.0204 6360 ArcSoftKsUFilter - ok
> 09:17:55.0284 6360 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
> 09:17:55.0295 6360 aspnet_state - ok
> 09:17:55.0319 6360 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
> 09:17:55.0331 6360 aswFsBlk - ok
> 09:17:55.0388 6360 aswFW (f3cfbc0aa2b8bd665a2ccf1ba9e65919) C:\Windows\system32\drivers\aswFW.sys
> 09:17:55.0400 6360 aswFW - ok
> 09:17:55.0454 6360 aswKbd (c42d45089fd2ec63d13571362c258dc6) C:\Windows\system32\drivers\aswKbd.sys
> 09:17:55.0464 6360 aswKbd - ok
> 09:17:55.0479 6360 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
> 09:17:55.0490 6360 aswMonFlt - ok
> 09:17:55.0528 6360 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
> 09:17:55.0541 6360 aswNdis - ok
> 09:17:55.0564 6360 aswNdis2 (80a43cef831664c404c73564ccf4b8b1) C:\Windows\system32\drivers\aswNdis2.sys
> 09:17:55.0579 6360 aswNdis2 - ok
> 09:17:55.0607 6360 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
> 09:17:55.0617 6360 aswRdr - ok
> 09:17:55.0665 6360 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
> 09:17:55.0693 6360 aswSnx - ok
> 09:17:55.0714 6360 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
> 09:17:55.0736 6360 aswSP - ok
> 09:17:55.0747 6360 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
> 09:17:55.0758 6360 aswTdi - ok
> 09:17:55.0777 6360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
> 09:17:55.0835 6360 AsyncMac - ok
> 09:17:55.0849 6360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
> 09:17:55.0860 6360 atapi - ok
> 09:17:55.0934 6360 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
> 09:17:55.0990 6360 athr - ok
> 09:17:56.0367 6360 atikmdag (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
> 09:17:56.0452 6360 atikmdag - ok
> 09:17:56.0535 6360 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
> 09:17:56.0623 6360 AudioEndpointBuilder - ok
> 09:17:56.0630 6360 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
> 09:17:56.0688 6360 AudioSrv - ok
> 09:17:56.0755 6360 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
> 09:17:56.0766 6360 avast! Antivirus - ok
> 09:17:56.0807 6360 avast! Firewall (465a17095eb3b9e101429b669f495d01) C:\Program Files\AVAST Software\Avast\afwServ.exe
> 09:17:56.0824 6360 avast! Firewall - ok
> 09:17:56.0872 6360 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
> 09:17:56.0933 6360 AxInstSV - ok
> 09:17:57.0005 6360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
> 09:17:57.0039 6360 b06bdrv - ok
> 09:17:57.0070 6360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
> 09:17:57.0087 6360 b57nd60a - ok
> 09:17:57.0121 6360 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
> 09:17:57.0152 6360 BDESVC - ok
> 09:17:57.0165 6360 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
> 09:17:57.0225 6360 Beep - ok
> 09:17:57.0267 6360 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
> 09:17:57.0315 6360 BFE - ok
> 09:17:57.0371 6360 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
> 09:17:57.0452 6360 BITS - ok
> 09:17:57.0469 6360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
> 09:17:57.0492 6360 blbdrive - ok
> 09:17:57.0568 6360 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
> 09:17:57.0585 6360 Bonjour Service - ok
> 09:17:57.0619 6360 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
> 09:17:57.0667 6360 bowser - ok
> 09:17:57.0707 6360 br3gmdm (02df27629cb4da8afd21894b1719a852) C:\Windows\system32\DRIVERS\br3gmdm.sys
> 09:17:57.0712 6360 br3gmdm ( UnsignedFile.Multi.Generic ) - warning
> 09:17:57.0712 6360 br3gmdm - detected UnsignedFile.Multi.Generic (1)
> 09:17:57.0739 6360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
> 09:17:57.0764 6360 BrFiltLo - ok
> 09:17:57.0767 6360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
> 09:17:57.0782 6360 BrFiltUp - ok
> 09:17:57.0811 6360 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
> 09:17:57.0876 6360 Browser - ok
> 09:17:57.0904 6360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
> 09:17:57.0924 6360 Brserid - ok
> 09:17:57.0930 6360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
> 09:17:57.0967 6360 BrSerWdm - ok
> 09:17:57.0971 6360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
> 09:17:57.0997 6360 BrUsbMdm - ok
> 09:17:58.0000 6360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
> 09:17:58.0023 6360 BrUsbSer - ok
> 09:17:58.0052 6360 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
> 09:17:58.0076 6360 BthEnum - ok
> 09:17:58.0082 6360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
> 09:17:58.0108 6360 BTHMODEM - ok
> 09:17:58.0126 6360 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
> 09:17:58.0161 6360 BthPan - ok
> 09:17:58.0199 6360 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
> 09:17:58.0237 6360 BTHPORT - ok
> 09:17:58.0256 6360 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
> 09:17:58.0308 6360 bthserv - ok
> 09:17:58.0323 6360 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
> 09:17:58.0338 6360 BTHUSB - ok
> 09:17:58.0378 6360 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
> 09:17:58.0398 6360 btwampfl - ok
> 09:17:58.0411 6360 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
> 09:17:58.0422 6360 btwaudio - ok
> 09:17:58.0434 6360 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
> 09:17:58.0448 6360 btwavdt - ok
> 09:17:58.0523 6360 btwdins (8ba6e93a182126781952a7895ec1e4b2) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
> 09:17:58.0550 6360 btwdins - ok
> 09:17:58.0565 6360 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
> 09:17:58.0576 6360 btwl2cap - ok
> 09:17:58.0580 6360 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
> 09:17:58.0592 6360 btwrchid - ok
> 09:17:58.0612 6360 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
> 09:17:58.0664 6360 cdfs - ok
> 09:17:58.0769 6360 CDMA Device Service (d6696435eefd7bbdb4226c60a5b343dc) C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
> 09:17:58.0788 6360 CDMA Device Service ( UnsignedFile.Multi.Generic ) - warning
> 09:17:58.0788 6360 CDMA Device Service - detected UnsignedFile.Multi.Generic (1)
> 09:17:58.0810 6360 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
> 09:17:58.0844 6360 cdrom - ok
> 09:17:58.0875 6360 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
> 09:17:58.0944 6360 CertPropSvc - ok
> 09:17:58.0960 6360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
> 09:17:58.0991 6360 circlass - ok
> 09:17:59.0028 6360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
> 09:17:59.0048 6360 CLFS - ok
> 09:17:59.0121 6360 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
> 09:17:59.0138 6360 clr_optimization_v2.0.50727_32 - ok
> 09:17:59.0195 6360 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
> 09:17:59.0209 6360 clr_optimization_v2.0.50727_64 - ok
> 09:17:59.0276 6360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
> 09:17:59.0287 6360 clr_optimization_v4.0.30319_32 - ok
> 09:17:59.0314 6360 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
> 09:17:59.0325 6360 clr_optimization_v4.0.30319_64 - ok
> 09:17:59.0346 6360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
> 09:17:59.0374 6360 CmBatt - ok
> 09:17:59.0396 6360 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
> 09:17:59.0409 6360 cmdide - ok
> 09:17:59.0457 6360 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
> 09:17:59.0500 6360 CNG - ok
> 09:17:59.0517 6360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
> 09:17:59.0531 6360 Compbatt - ok
> 09:17:59.0540 6360 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
> 09:17:59.0575 6360 CompositeBus - ok
> 09:17:59.0579 6360 COMSysApp - ok
> 09:17:59.0594 6360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
> 09:17:59.0606 6360 crcdisk - ok
> 09:17:59.0645 6360 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
> 09:17:59.0682 6360 CryptSvc - ok
> 09:17:59.0718 6360 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
> 09:17:59.0763 6360 CSC - ok
> 09:17:59.0810 6360 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
> 09:17:59.0870 6360 CscService - ok
> 09:17:59.0917 6360 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
> 09:17:59.0992 6360 DcomLaunch - ok
> 09:18:00.0029 6360 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
> 09:18:00.0088 6360 defragsvc - ok
> 09:18:00.0143 6360 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
> 09:18:00.0172 6360 DfsC - ok
> 09:18:00.0201 6360 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
> 09:18:00.0227 6360 Dhcp - ok
> 09:18:00.0253 6360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
> 09:18:00.0306 6360 discache - ok
> 09:18:00.0327 6360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
> 09:18:00.0340 6360 Disk - ok
> 09:18:00.0368 6360 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
> 09:18:00.0399 6360 Dnscache - ok
> 09:18:00.0426 6360 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
> 09:18:00.0483 6360 dot3svc - ok
> 09:18:00.0505 6360 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
> 09:18:00.0547 6360 DPS - ok
> 09:18:00.0562 6360 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
> 09:18:00.0595 6360 drmkaud - ok
> 09:18:00.0660 6360 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
> 09:18:00.0685 6360 DXGKrnl - ok
> 09:18:00.0688 6360 EagleX64 - ok
> 09:18:00.0718 6360 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
> 09:18:00.0770 6360 EapHost - ok
> 09:18:01.0029 6360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
> 09:18:01.0116 6360 ebdrv - ok
> 09:18:01.0199 6360 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
> 09:18:01.0225 6360 EFS - ok
> 09:18:01.0294 6360 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
> 09:18:01.0335 6360 ehRecvr - ok
> 09:18:01.0358 6360 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
> 09:18:01.0373 6360 ehSched - ok
> 09:18:01.0428 6360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
> 09:18:01.0450 6360 elxstor - ok
> 09:18:01.0454 6360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
> 09:18:01.0477 6360 ErrDev - ok
> 09:18:01.0533 6360 esgiguard - ok
> 09:18:01.0568 6360 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
> 09:18:01.0623 6360 EventSystem - ok
> 09:18:01.0643 6360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
> 09:18:01.0700 6360 exfat - ok
> 09:18:01.0723 6360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
> 09:18:01.0781 6360 fastfat - ok
> 09:18:01.0824 6360 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
> 09:18:01.0868 6360 Fax - ok
> 09:18:01.0885 6360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
> 09:18:01.0914 6360 fdc - ok
> 09:18:01.0933 6360 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
> 09:18:01.0974 6360 fdPHost - ok
> 09:18:01.0986 6360 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
> 09:18:02.0024 6360 FDResPub - ok
> 09:18:02.0047 6360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
> 09:18:02.0064 6360 FileInfo - ok
> 09:18:02.0076 6360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
> 09:18:02.0130 6360 Filetrace - ok
> 09:18:02.0214 6360 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
> 09:18:02.0244 6360 FLEXnet Licensing Service - ok
> 09:18:02.0261 6360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
> 09:18:02.0277 6360 flpydisk - ok
> 09:18:02.0304 6360 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
> 09:18:02.0320 6360 FltMgr - ok
> 09:18:02.0389 6360 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
> 09:18:02.0435 6360 FontCache - ok
> 09:18:02.0500 6360 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
> 09:18:02.0511 6360 FontCache3.0.0.0 - ok
> 09:18:02.0551 6360 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
> 09:18:02.0565 6360 FsDepends - ok
> 09:18:02.0595 6360 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
> 09:18:02.0611 6360 fssfltr - ok
> 09:18:02.0861 6360 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
> 09:18:02.0926 6360 fsssvc - ok
> 09:18:03.0009 6360 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
> 09:18:03.0025 6360 Fs_Rec - ok
> 09:18:03.0058 6360 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
> 09:18:03.0075 6360 fvevol - ok
> 09:18:03.0094 6360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
> 09:18:03.0107 6360 gagp30kx - ok
> 09:18:03.0142 6360 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
> 09:18:03.0151 6360 GEARAspiWDM - ok
> 09:18:03.0202 6360 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
> 09:18:03.0254 6360 gpsvc - ok
> 09:18:03.0271 6360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
> 09:18:03.0295 6360 hcw85cir - ok
> 09:18:03.0321 6360 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
> 09:18:03.0356 6360 HdAudAddService - ok
> 09:18:03.0379 6360 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
> 09:18:03.0407 6360 HDAudBus - ok
> 09:18:03.0434 6360 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
> 09:18:03.0444 6360 HECIx64 - ok
> 09:18:03.0448 6360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
> 09:18:03.0474 6360 HidBatt - ok
> 09:18:03.0482 6360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
> 09:18:03.0509 6360 HidBth - ok
> 09:18:03.0527 6360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
> 09:18:03.0545 6360 HidIr - ok
> 09:18:03.0558 6360 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
> 09:18:03.0612 6360 hidserv - ok
> 09:18:03.0647 6360 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
> 09:18:03.0660 6360 HidUsb - ok
> 09:18:03.0688 6360 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
> 09:18:03.0743 6360 hkmsvc - ok
> 09:18:03.0764 6360 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
> 09:18:03.0800 6360 HomeGroupListener - ok
> 09:18:03.0831 6360 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
> 09:18:03.0848 6360 HomeGroupProvider - ok
> 09:18:03.0856 6360 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
> 09:18:03.0871 6360 HpSAMD - ok
> 09:18:03.0908 6360 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
> 09:18:03.0969 6360 HTTP - ok
> 09:18:03.0980 6360 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
> 09:18:03.0991 6360 hwpolicy - ok
> 09:18:04.0007 6360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
> 09:18:04.0025 6360 i8042prt - ok
> 09:18:04.0057 6360 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
> 09:18:04.0075 6360 iaStor - ok
> 09:18:04.0137 6360 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
> 09:18:04.0147 6360 IAStorDataMgrSvc - ok
> 09:18:04.0250 6360 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
> 09:18:04.0273 6360 iaStorV - ok
> 09:18:04.0380 6360 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
> 09:18:04.0409 6360 idsvc - ok
> 09:18:04.0814 6360 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
> 09:18:05.0038 6360 igfx ( UnsignedFile.Multi.Generic ) - warning
> 09:18:05.0038 6360 igfx - detected UnsignedFile.Multi.Generic (1)
> 09:18:05.0131 6360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
> 09:18:05.0142 6360 iirsp - ok
> 09:18:05.0193 6360 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
> 09:18:05.0292 6360 IKEEXT - ok
> 09:18:05.0330 6360 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
> 09:18:05.0357 6360 Impcd - ok
> 09:18:05.0476 6360 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
> 09:18:05.0524 6360 IntcAzAudAddService - ok
> 09:18:05.0608 6360 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
> 09:18:05.0634 6360 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
> 09:18:05.0634 6360 IntcDAud - detected UnsignedFile.Multi.Generic (1)
> 09:18:05.0664 6360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
> 09:18:05.0675 6360 intelide - ok
> 09:18:05.0691 6360 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
> 09:18:05.0717 6360 intelppm - ok
> 09:18:05.0747 6360 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
> 09:18:05.0801 6360 IPBusEnum - ok
> 09:18:05.0810 6360 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
> 09:18:05.0852 6360 IpFilterDriver - ok
> 09:18:05.0882 6360 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
> 09:18:05.0946 6360 iphlpsvc - ok
> 09:18:05.0954 6360 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
> 09:18:05.0970 6360 IPMIDRV - ok
> 09:18:05.0994 6360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
> 09:18:06.0075 6360 IPNAT - ok
> 09:18:06.0178 6360 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
> 09:18:06.0200 6360 iPod Service - ok
> 09:18:06.0212 6360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
> 09:18:06.0233 6360 IRENUM - ok
> 09:18:06.0244 6360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
> 09:18:06.0256 6360 isapnp - ok
> 09:18:06.0286 6360 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
> 09:18:06.0304 6360 iScsiPrt - ok
> 09:18:06.0316 6360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
> 09:18:06.0330 6360 kbdclass - ok
> 09:18:06.0340 6360 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
> 09:18:06.0369 6360 kbdhid - ok
> 09:18:06.0391 6360 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
> 09:18:06.0406 6360 KeyIso - ok
> 09:18:06.0441 6360 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
> 09:18:06.0457 6360 KSecDD - ok
> 09:18:06.0475 6360 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
> 09:18:06.0491 6360 KSecPkg - ok
> 09:18:06.0502 6360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
> 09:18:06.0554 6360 ksthunk - ok
> 09:18:06.0593 6360 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
> 09:18:06.0661 6360 KtmRm - ok
> 09:18:06.0693 6360 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
> 09:18:06.0725 6360 LanmanServer - ok
> 09:18:06.0763 6360 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
> 09:18:06.0808 6360 LanmanWorkstation - ok
> 09:18:06.0821 6360 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
> 09:18:06.0860 6360 lltdio - ok
> 09:18:06.0906 6360 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
> 09:18:06.0951 6360 lltdsvc - ok
> 09:18:06.0967 6360 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
> 09:18:07.0007 6360 lmhosts - ok
> 09:18:07.0069 6360 LMS (3d23191672d83e90d1cf63927ee98136) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
> 09:18:07.0083 6360 LMS - ok
> 09:18:07.0111 6360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
> 09:18:07.0124 6360 LSI_FC - ok
> 09:18:07.0133 6360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
> 09:18:07.0148 6360 LSI_SAS - ok
> 09:18:07.0154 6360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
> 09:18:07.0167 6360 LSI_SAS2 - ok
> 09:18:07.0175 6360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
> 09:18:07.0188 6360 LSI_SCSI - ok
> 09:18:07.0209 6360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
> 09:18:07.0260 6360 luafv - ok
> 09:18:07.0281 6360 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
> 09:18:07.0311 6360 Mcx2Svc - ok
> 09:18:07.0316 6360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
> 09:18:07.0330 6360 megasas - ok
> 09:18:07.0354 6360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
> 09:18:07.0371 6360 MegaSR - ok
> 09:18:07.0423 6360 Microsoft SharePoint Workspace Audit Service - ok
> 09:18:07.0457 6360 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
> 09:18:07.0512 6360 MMCSS - ok
> 09:18:07.0534 6360 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
> 09:18:07.0582 6360 Modem - ok
> 09:18:07.0599 6360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
> 09:18:07.0633 6360 monitor - ok
> 09:18:07.0649 6360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
> 09:18:07.0661 6360 mouclass - ok
> 09:18:07.0690 6360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
> 09:18:07.0707 6360 mouhid - ok
> 09:18:07.0742 6360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
> 09:18:07.0760 6360 mountmgr - ok
> 09:18:07.0777 6360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
> 09:18:07.0793 6360 mpio - ok
> 09:18:07.0807 6360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
> 09:18:07.0846 6360 mpsdrv - ok
> 09:18:07.0891 6360 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
> 09:18:07.0942 6360 MpsSvc - ok
> 09:18:07.0957 6360 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
> 09:18:07.0992 6360 MRxDAV - ok
> 09:18:08.0025 6360 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
> 09:18:08.0039 6360 mrxsmb - ok
> 09:18:08.0074 6360 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
> 09:18:08.0103 6360 mrxsmb10 - ok
> 09:18:08.0127 6360 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
> 09:18:08.0155 6360 mrxsmb20 - ok
> 09:18:08.0174 6360 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
> 09:18:08.0187 6360 msahci - ok
> 09:18:08.0196 6360 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
> 09:18:08.0214 6360 msdsm - ok
> 09:18:08.0245 6360 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
> 09:18:08.0265 6360 MSDTC - ok
> 09:18:08.0283 6360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
> 09:18:08.0323 6360 Msfs - ok
> 09:18:08.0348 6360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
> 09:18:08.0414 6360 mshidkmdf - ok
> 09:18:08.0430 6360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
> 09:18:08.0442 6360 msisadrv - ok
> 09:18:08.0467 6360 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
> 09:18:08.0509 6360 MSiSCSI - ok
> 09:18:08.0513 6360 msiserver - ok
> 09:18:08.0531 6360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
> 09:18:08.0585 6360 MSKSSRV - ok
> 09:18:08.0607 6360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
> 09:18:08.0648 6360 MSPCLOCK - ok
> 09:18:08.0664 6360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
> 09:18:08.0728 6360 MSPQM - ok
> 09:18:08.0759 6360 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
> 09:18:08.0783 6360 MsRPC - ok
> 09:18:08.0799 6360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
> 09:18:08.0812 6360 mssmbios - ok
> 09:18:08.0836 6360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
> 09:18:08.0893 6360 MSTEE - ok
> 09:18:08.0899 6360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
> 09:18:08.0926 6360 MTConfig - ok
> 09:18:08.0953 6360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
> 09:18:08.0970 6360 Mup - ok
> 09:18:09.0018 6360 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
> 09:18:09.0082 6360 napagent - ok
> 09:18:09.0119 6360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
> 09:18:09.0154 6360 NativeWifiP - ok
> 09:18:09.0205 6360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
> 09:18:09.0250 6360 NDIS - ok
> 09:18:09.0266 6360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
> 09:18:09.0315 6360 NdisCap - ok
> 09:18:09.0329 6360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
> 09:18:09.0382 6360 NdisTapi - ok
> 09:18:09.0398 6360 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
> 09:18:09.0450 6360 Ndisuio - ok
> 09:18:09.0472 6360 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
> 09:18:09.0512 6360 NdisWan - ok
> 09:18:09.0526 6360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
> 09:18:09.0565 6360 NDProxy - ok
> 09:18:09.0600 6360 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
> 09:18:09.0611 6360 Netaapl - ok
> 09:18:09.0625 6360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
> 09:18:09.0687 6360 NetBIOS - ok
> 09:18:09.0713 6360 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
> 09:18:09.0782 6360 NetBT - ok
> 09:18:09.0809 6360 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
> 09:18:09.0827 6360 Netlogon - ok
> 09:18:09.0863 6360 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
> 09:18:09.0937 6360 Netman - ok
> 09:18:10.0029 6360 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
> 09:18:10.0041 6360 NetMsmqActivator - ok
> 09:18:10.0049 6360 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
> 09:18:10.0059 6360 NetPipeActivator - ok
> 09:18:10.0087 6360 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
> 09:18:10.0152 6360 netprofm - ok
> 09:18:10.0157 6360 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
> 09:18:10.0170 6360 NetTcpActivator - ok
> 09:18:10.0174 6360 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
> 09:18:10.0187 6360 NetTcpPortSharing - ok
> 09:18:10.0226 6360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
> 09:18:10.0239 6360 nfrd960 - ok
> 09:18:10.0262 6360 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
> 09:18:10.0324 6360 NlaSvc - ok
> 09:18:10.0345 6360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
> 09:18:10.0396 6360 Npfs - ok
> 09:18:10.0425 6360 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
> 09:18:10.0482 6360 nsi - ok
> 09:18:10.0503 6360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
> 09:18:10.0555 6360 nsiproxy - ok
> 09:18:10.0650 6360 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
> 09:18:10.0696 6360 Ntfs - ok
> 09:18:10.0786 6360 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
> 09:18:10.0826 6360 Null - ok
> 09:18:10.0867 6360 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
> 09:18:10.0881 6360 nvraid - ok
> 09:18:10.0905 6360 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
> 09:18:10.0919 6360 nvstor - ok
> 09:18:10.0935 6360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
> 09:18:10.0948 6360 nv_agp - ok
> 09:18:10.0960 6360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
> 09:18:10.0974 6360 ohci1394 - ok
> 09:18:11.0035 6360 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
> 09:18:11.0047 6360 ose - ok
> 09:18:11.0282 6360 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
> 09:18:11.0398 6360 osppsvc - ok
> 09:18:11.0483 6360 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
> 09:18:11.0517 6360 p2pimsvc - ok
> 09:18:11.0550 6360 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
> 09:18:11.0580 6360 p2psvc - ok
> 09:18:11.0615 6360 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
> 09:18:11.0630 6360 Parport - ok
> 09:18:11.0665 6360 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
> 09:18:11.0678 6360 partmgr - ok
> 09:18:11.0692 6360 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
> 09:18:11.0726 6360 PcaSvc - ok
> 09:18:11.0747 6360 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
> 09:18:11.0764 6360 pci - ok
> 09:18:11.0781 6360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
> 09:18:11.0793 6360 pciide - ok
> 09:18:11.0806 6360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
> 09:18:11.0822 6360 pcmcia - ok
> 09:18:11.0842 6360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
> 09:18:11.0853 6360 pcw - ok
> 09:18:11.0884 6360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
> 09:18:11.0952 6360 PEAUTH - ok
> 09:18:12.0032 6360 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
> 09:18:12.0081 6360 PeerDistSvc - ok
> 09:18:12.0158 6360 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
> 09:18:12.0192 6360 PerfHost - ok
> 09:18:12.0310 6360 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
> 09:18:12.0412 6360 pla - ok
> 09:18:12.0448 6360 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
> 09:18:12.0497 6360 PlugPlay - ok
> 09:18:12.0523 6360 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
> 09:18:12.0550 6360 PNRPAutoReg - ok
> 09:18:12.0584 6360 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
> 09:18:12.0603 6360 PNRPsvc - ok
> 09:18:12.0643 6360 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
> 09:18:12.0703 6360 PolicyAgent - ok
> 09:18:12.0736 6360 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
> 09:18:12.0783 6360 Power - ok
> 09:18:12.0830 6360 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
> 09:18:12.0871 6360 PptpMiniport - ok
> 09:18:12.0950 6360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
> 09:18:12.0982 6360 Processor - ok
> 09:18:13.0052 6360 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
> 09:18:13.0095 6360 ProfSvc - ok
> 09:18:13.0126 6360 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
> 09:18:13.0139 6360 ProtectedStorage - ok
> 09:18:13.0160 6360 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
> 09:18:13.0200 6360 Psched - ok
> 09:18:13.0270 6360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
> 09:18:13.0314 6360 ql2300 - ok
> 09:18:13.0368 6360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
> 09:18:13.0382 6360 ql40xx - ok
> 09:18:13.0417 6360 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
> 09:18:13.0440 6360 QWAVE - ok
> 09:18:13.0451 6360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
> 09:18:13.0479 6360 QWAVEdrv - ok
> 09:18:13.0484 6360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
> 09:18:13.0524 6360 RasAcd - ok
> 09:18:13.0559 6360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
> 09:18:13.0599 6360 RasAgileVpn - ok
> 09:18:13.0618 6360 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
> 09:18:13.0670 6360 RasAuto - ok
> 09:18:13.0695 6360 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
> 09:18:13.0763 6360 Rasl2tp - ok
> 09:18:13.0813 6360 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
> 09:18:13.0870 6360 RasMan - ok
> 09:18:13.0890 6360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
> 09:18:13.0942 6360 RasPppoe - ok
> 09:18:13.0965 6360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
> 09:18:14.0015 6360 RasSstp - ok
> 09:18:14.0048 6360 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
> 09:18:14.0091 6360 rdbss - ok
> 09:18:14.0102 6360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
> 09:18:14.0133 6360 rdpbus - ok
> 09:18:14.0153 6360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
> 09:18:14.0194 6360 RDPCDD - ok
> 09:18:14.0220 6360 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
> 09:18:14.0248 6360 RDPDR - ok
> 09:18:14.0263 6360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
> 09:18:14.0318 6360 RDPENCDD - ok
> 09:18:14.0328 6360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
> 09:18:14.0367 6360 RDPREFMP - ok
> 09:18:14.0400 6360 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
> 09:18:14.0433 6360 RDPWD - ok
> 09:18:14.0491 6360 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
> 09:18:14.0506 6360 rdyboost - ok
> 09:18:14.0533 6360 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
> 09:18:14.0588 6360 RemoteAccess - ok
> 09:18:14.0625 6360 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
> 09:18:14.0680 6360 RemoteRegistry - ok
> 09:18:14.0706 6360 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
> 09:18:14.0746 6360 RFCOMM - ok
> 09:18:14.0775 6360 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
> 09:18:14.0800 6360 rimspci - ok
> 09:18:14.0824 6360 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
> 09:18:14.0842 6360 risdsnpe - ok
> 09:18:14.0859 6360 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
> 09:18:14.0927 6360 RpcEptMapper - ok
> 09:18:14.0952 6360 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
> 09:18:14.0988 6360 RpcLocator - ok
> 09:18:15.0031 6360 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
> 09:18:15.0078 6360 RpcSs - ok
> 09:18:15.0099 6360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
> 09:18:15.0155 6360 rspndr - ok
> 09:18:15.0190 6360 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
> 09:18:15.0206 6360 RTHDMIAzAudService - ok
> 09:18:15.0225 6360 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
> 09:18:15.0254 6360 s3cap - ok
> 09:18:15.0300 6360 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
> 09:18:15.0317 6360 SamSs - ok
> 09:18:15.0339 6360 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
> 09:18:15.0355 6360 sbp2port - ok
> 09:18:15.0386 6360 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
> 09:18:15.0445 6360 SCardSvr - ok
> 09:18:15.0477 6360 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
> 09:18:15.0537 6360 scfilter - ok
> 09:18:15.0602 6360 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
> 09:18:15.0669 6360 Schedule - ok
> 09:18:15.0701 6360 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
> 09:18:15.0751 6360 SCPolicySvc - ok
> 09:18:15.0768 6360 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
> 09:18:15.0783 6360 sdbus - ok
> 09:18:15.0805 6360 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
> 09:18:15.0836 6360 SDRSVC - ok
> 09:18:15.0859 6360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
> 09:18:15.0907 6360 secdrv - ok
> 09:18:15.0924 6360 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
> 09:18:15.0982 6360 seclogon - ok
> 09:18:16.0008 6360 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
> 09:18:16.0053 6360 SENS - ok
> 09:18:16.0060 6360 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
> 09:18:16.0076 6360 SensrSvc - ok
> 09:18:16.0094 6360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
> 09:18:16.0108 6360 Serenum - ok
> 09:18:16.0116 6360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
> 09:18:16.0144 6360 Serial - ok
> 09:18:16.0167 6360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
> 09:18:16.0195 6360 sermouse - ok
> 09:18:16.0228 6360 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
> 09:18:16.0276 6360 SessionEnv - ok
> 09:18:16.0296 6360 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
> 09:18:16.0324 6360 SFEP - ok
> 09:18:16.0329 6360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
> 09:18:16.0348 6360 sffdisk - ok
> 09:18:16.0354 6360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
> 09:18:16.0374 6360 sffp_mmc - ok
> 09:18:16.0381 6360 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
> 09:18:16.0394 6360 sffp_sd - ok
> 09:18:16.0400 6360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
> 09:18:16.0417 6360 sfloppy - ok
> 09:18:16.0477 6360 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
> 09:18:16.0523 6360 SharedAccess - ok
> 09:18:16.0547 6360 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
> 09:18:16.0586 6360 ShellHWDetection - ok
> 09:18:16.0594 6360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
> 09:18:16.0606 6360 SiSRaid2 - ok
> 09:18:16.0626 6360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
> 09:18:16.0641 6360 SiSRaid4 - ok
> 09:18:16.0649 6360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
> 09:18:16.0694 6360 Smb - ok
> 09:18:16.0725 6360 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
> 09:18:16.0741 6360 SNMPTRAP - ok
> 09:18:16.0818 6360 SpfService (b8047e776e50fc2384801083a77900e0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
> 09:18:16.0873 6360 SpfService - ok
> 09:18:16.0917 6360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
> 09:18:16.0933 6360 spldr - ok
> 09:18:16.0978 6360 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
> 09:18:17.0016 6360 Spooler - ok
> 09:18:17.0183 6360 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
> 09:18:17.0262 6360 sppsvc - ok
> 09:18:17.0355 6360 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
> 09:18:17.0396 6360 sppuinotify - ok
> 09:18:17.0445 6360 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
> 09:18:17.0467 6360 srv - ok
> 09:18:17.0493 6360 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
> 09:18:17.0522 6360 srv2 - ok
> 09:18:17.0546 6360 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
> 09:18:17.0562 6360 srvnet - ok
> 09:18:17.0585 6360 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
> 09:18:17.0638 6360 SSDPSRV - ok
> 09:18:17.0657 6360 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
> 09:18:17.0698 6360 SstpSvc - ok
> 09:18:17.0762 6360 Steam Client Service - ok
> 09:18:17.0795 6360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
> 09:18:17.0807 6360 stexstor - ok
> 09:18:17.0857 6360 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
> 09:18:17.0920 6360 stisvc - ok
> 09:18:17.0943 6360 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
> 09:18:17.0956 6360 storflt - ok
> 09:18:17.0985 6360 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
> 09:18:18.0002 6360 StorSvc - ok
> 09:18:18.0009 6360 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
> 09:18:18.0022 6360 storvsc - ok
> 09:18:18.0034 6360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
> 09:18:18.0046 6360 swenum - ok
> 09:18:18.0103 6360 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
> 09:18:18.0117 6360 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
> 09:18:18.0117 6360 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
> 09:18:18.0150 6360 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
> 09:18:18.0217 6360 swprv - ok
> 09:18:18.0307 6360 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
> 09:18:18.0375 6360 SysMain - ok
> 09:18:18.0442 6360 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
> 09:18:18.0478 6360 TabletInputService - ok
> 09:18:18.0525 6360 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
> 09:18:18.0590 6360 TapiSrv - ok
> 09:18:18.0613 6360 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
> 09:18:18.0656 6360 TBS - ok
> 09:18:18.0775 6360 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
> 09:18:18.0854 6360 Tcpip - ok
> 09:18:19.0003 6360 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
> 09:18:19.0044 6360 TCPIP6 - ok
> 09:18:19.0105 6360 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
> 09:18:19.0145 6360 tcpipreg - ok
> 09:18:19.0166 6360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
> 09:18:19.0196 6360 TDPIPE - ok
> 09:18:19.0228 6360 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
> 09:18:19.0253 6360 TDTCP - ok
> 09:18:19.0275 6360 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
> 09:18:19.0336 6360 tdx - ok
> 09:18:19.0359 6360 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
> 09:18:19.0372 6360 TermDD - ok
> 09:18:19.0419 6360 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
> 09:18:19.0479 6360 TermService - ok
> 09:18:19.0496 6360 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
> 09:18:19.0516 6360 Themes - ok
> 09:18:19.0541 6360 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
> 09:18:19.0582 6360 THREADORDER - ok
> 09:18:19.0635 6360 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
> 09:18:19.0677 6360 TrkWks - ok
> 09:18:19.0720 6360 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
> 09:18:19.0735 6360 TrustedInstaller - ok
> 09:18:19.0753 6360 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
> 09:18:19.0812 6360 tssecsrv - ok
> 09:18:19.0835 6360 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
> 09:18:19.0892 6360 tunnel - ok
> 09:18:19.0948 6360 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
> 09:18:19.0959 6360 TurboB - ok
> 09:18:20.0007 6360 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
> 09:18:20.0019 6360 TurboBoost - ok
> 09:18:20.0041 6360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
> 09:18:20.0058 6360 uagp35 - ok
> 09:18:20.0117 6360 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
> 09:18:20.0129 6360 uCamMonitor - ok
> 09:18:20.0151 6360 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
> 09:18:20.0170 6360 udfs - ok
> 09:18:20.0200 6360 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
> 09:18:20.0220 6360 UI0Detect - ok
> 09:18:20.0239 6360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
> 09:18:20.0252 6360 uliagpkx - ok
> 09:18:20.0260 6360 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
> 09:18:20.0293 6360 umbus - ok
> 09:18:20.0300 6360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
> 09:18:20.0324 6360 UmPass - ok
> 09:18:20.0354 6360 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
> 09:18:20.0389 6360 UmRdpService - ok
> 09:18:20.0517 6360 UNS (11a559e0f10cc5e788984023df400a6f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
> 09:18:20.0577 6360 UNS - ok
> 09:18:20.0655 6360 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
> 09:18:20.0704 6360 upnphost - ok
> 09:18:20.0744 6360 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
> 09:18:20.0765 6360 USBAAPL64 - ok
> 09:18:20.0821 6360 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
> 09:18:20.0854 6360 usbaudio - ok
> 09:18:20.0898 6360 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
> 09:18:20.0924 6360 usbccgp - ok
> 09:18:20.0956 6360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
> 09:18:20.0992 6360 usbcir - ok
> 09:18:21.0030 6360 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
> 09:18:21.0052 6360 usbehci - ok
> 09:18:21.0083 6360 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Wi
btsuper
0
Newbie Poster
It is possible that since it is only Chrome that has this problem, Chrome specifically has been infected or targeted. Also, have you downloaded any extensions recently? It is possible that may have something to do with it. Also, have you tried uninstalling Chrome, deleting the whole folder from AppData, and reinstalling?
Q8iEnG
0
Junior Poster
@btsuper nope. I didn't install any extensions. I really don't want to re-install. But I guess this is the only way.
Will backup things and see what happens.
Thanks anyways.
Mike Askew
131
Veteran Poster
Featured Poster
It is worth reading the "Read before posting" post next time Q8iEnG.
B – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I’m just going to say this:
P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
and when we look through your logs..
"{1D153C11-407C-4823-B602-8C1EACFA2F3A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{37F69D7D-74C5-46E5-8A50-8558958E15B2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
That is also most likely the origination of your problem right there :)
gerbil
216
Industrious Poster
Hello, Q8i.
Start OTL again, under Custom Scans/Fixes paste in the following:
OTL:
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKU\S-1-5-21-3950603794-847189768-4124068-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2012/08/06 12:38:43 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{47DC4CE8-594C-4150-B595-E935013DAC07}
[2012/08/06 12:38:31 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{5AF4FFAC-FAA9-47C4-AD22-542782FFFC61}
DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKU\S-1-5-21-3950603794-847189768-4124068-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:5A775C3F
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:2CFDCA54
"UDP Query User{F89C49D3-D270-4F7E-9980-AA16B1171493}C:\users\q8ieng\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\q8ieng\appdata\local\temp\keygen.exe |
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
Click Run Fix button at top, let it run and reboot; post the log.
Q8iEnG
0
Junior Poster
@MikeyIsMe I swear I did disabled (I meant I closed) all programs to start with the process. I will try to check the "Processes" and disable the torrent from there.
Thanks.
Q8iEnG
0
Junior Poster
Hello, gerbil.
I did. Here is the log:
Error: Unable to interpret <OTL:> in the current context!
Error: Unable to interpret <IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3950603794-847189768-4124068-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <[2012/08/06 12:38:43 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{47DC4CE8-594C-4150-B595-E935013DAC07}> in the current context!
Error: Unable to interpret <[2012/08/06 12:38:31 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{5AF4FFAC-FAA9-47C4-AD22-542782FFFC61}> in the current context!
Error: Unable to interpret <DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found> in the current context!
Error: Unable to interpret <FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found> in the current context!
Error: Unable to interpret <O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found> in the current context!
Error: Unable to interpret <O4:[b]64bit:[/b] - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3950603794-847189768-4124068-1001..\Run: [AdobeBridge] File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found> in the current context!
Error: Unable to interpret <O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:5A775C3F> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:2CFDCA54> in the current context!
Error: Unable to interpret <"UDP Query User{F89C49D3-D270-4F7E-9980-AA16B1171493}C:\users\q8ieng\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\q8ieng\appdata\local\temp\keygen.exe | > in the current context!
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Q8iEnG
->Java cache emptied: 14132222 bytes
Total Java Files Cleaned = 13.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56478 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Q8iEnG
->Flash cache emptied: 57084 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_174417
Mike Askew
131
Veteran Poster
Featured Poster
Ah thats fine then was just double checking, it would still show up when disabled so dont worry about it.
gerbil
216
Industrious Poster
Whoops, that's a syntax error of mine, a typing habit. Sorry, but the first line of that fix should be..
:OTL
So paste the block in again, and move that colon to the front of the line. Press Run Fix, OK, and let it complete.
Q8iEnG
0
Junior Poster
gebril, sorry I didn't get it :-\
What block?
gerbil
216
Industrious Poster
Hello, Q8i. This block, it's the same as before where I made a syntax error from force of habit of normal typing, but with the correction already made here. So start OTL again, and under Custom Scans/Fixes paste in the following:
:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKU\S-1-5-21-3950603794-847189768-4124068-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[2012/08/06 12:38:43 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{47DC4CE8-594C-4150-B595-E935013DAC07}
[2012/08/06 12:38:31 | 000,000,000 | ---D | C] -- C:\Users\Q8iEnG\AppData\Local\{5AF4FFAC-FAA9-47C4-AD22-542782FFFC61}
DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKU\S-1-5-21-3950603794-847189768-4124068-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:5A775C3F
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:2CFDCA54
"UDP Query User{F89C49D3-D270-4F7E-9980-AA16B1171493}C:\users\q8ieng\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\q8ieng\appdata\local\temp\keygen.exe |
:Commands
[purity]
[emptyjava]
[emptyflash]
[emptytemp]
Click Run Fix button at top of OTL window, and OK, let it run and reboot; post the log.
Q8iEnG
0
Junior Poster
gerbil!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
DA FUQ! Awesome!! Everything is fine I guess. Yahoo.com doesnt redirect me anymore to that spam site.
Can you tell me "kindly" what did you do? Or what was the problem?
I'm a computer engineer, and it is always good to learn new things or have the proper knowledge may be!
Thank you so much.
gerbil
216
Industrious Poster
We're not quite there yet, Q8i. That trojan/worm causing the problem you have experienced often comes packaged with a rootkit. This tool should expose it if it exists:
Please download Roguekiller from http://majorgeeks.com/RogueKiller_d6983.html
-start it with a dclick and wait for the initial scan to complete. Press the report button, post the log that pops in notepad. Do not remove anything at this stage.
Q8iEnG
0
Junior Poster
Okie Dokie. Here is the log file. It found 3 files:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Q8iEnG [Admin rights]
Mode: Scan -- Date: 08/12/2012 18:00:26
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxps=localhost:9050;ftp=localhost:9050;socks=localhost:9050) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
74.208.10.249 gs.apple.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] af53f3eb5efaad180a14847ae0ba6943
[BSP] ebf84c6303b4d67eacc84dc32386ee73 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14590 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29882368 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30087168 | Size: 298408 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 641228800 | Size: 163839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
gerbil
216
Industrious Poster
No problems there, Q8i. Looks like you are ready to release into the wild, again.
Your trojan chose one of many ways to hide in Windows while having an effect upon something seemigly unrelated, hence nothing showed in Chrome itself, but only in IE settings.
You might google searchscopes. Most of the corrections we made in that Fix file were simply orphaned entries in reg, a tidy-up.
Q8iEnG
0
Junior Poster
So, I don't remove anything that appeared on Roguekiller?
This trojan drove me crazy, so thank you in helping and giving me from your time.
gerbil
216
Industrious Poster
No, nothing bad there, false positives is all. Here:
http://www.sevenforums.com/tutorials/48123-user-folder-add-remove-navigation-pane.html
Q8iEnG
0
Junior Poster
Okie Dokie. Thank you again for the help :-)
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.