来源:蜘蛛抓取(WebSpider)
时间:2017-10-26 02:35
标签:
群发短信一次能发几个
辐射4 直播实录6Dota-在线观看-风行网
全部标记为已读
您暂未收到新消息哦~
安装PC客户端
把想看的剧下载到本地吧~
点击立即下载就可以下载当前视频了哦~
播放:33,519
播放:1,020
播放:2,529
播放:472,944
播放:15,046
播放:6,389
播放:4,975
播放:2,360
播放:1,122
播放:1,523
播放:21,635
精选视频号Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.
few instances of csrss running and service.exe error
Started by , Jan 01
This topic is locked
25 replies to this topic
Hi all. happy new year
I have read the FAQ and did the scans with the logs as requested.
For starters I'm running Windows 7 Home Premium 64-bit
so yeah i'm not really sure where to post this as i'm not sure if it is a malware infection or not
recently i noticed something rather worrying when i opened task manager i noticed 3 instances of crssc.exe running and one of them is crssc.exe*32 located in C:\Users\art248\AppData\Roaming\Adobe\crsscmgr others are in windows system32
i uploaded that file to virus total this is what came back :
that is the shapshot of the task manager
another issue that just occurred these few days is that whenever i shut down my laptop i encounter an error but if i leave it alone it disappears and the computer shuts down as usual, no such issue during startup. it's services.exe
and the file is located in the same place as the crssc.exe*32.  at first i did try using MicrosoftFixit50688.msi as i did not think it was an infection, thought it was a windows error or something based on internet search but it came back so i got worried. my avira picked it up as an infection as HEUR/ APC type. i also uploaded it to virus total and this is what i got:
this is the snap shot of the error
this is where the two files are located:
also late been getting spikes of 100% cpu usage abit more frequently but i do get a high load when i use IE or even chrome sometimes especially when i run some facebook games, but i guess that is to be expected but other than running those mentioned programs the system exhibits 100% load occasionally but it seems more than the usual. not sure if it is related to these matters. otherwise the laptop is mostly running fine, no hijacks as far as i can remember, no funny popups, except for those when i sometimes use mediafire its those that advertise how to get ladies, answer this and win an iphone etc, i generally juz close them. they seem harmless i doubt they could be any harm. hope someone can shed some light on this. thanks in advance.
*note: however these issues seem to hv disappeared after running mbam, especially the 1st two issues. the two files are gone as well. i hope someone can take a look at the logs for me and confirm that everything is fine i know that everyone is busy and having a good time with their loved ones so whenever someone is free i appreciate some advice. thanks
once again happy new year! 
The logs as below:
DDS (Ver_.01) - NTFS_AMD64 
Internet Explorer: 11.0.  BrowserJavaVersion: 10.45.2
Run by art248 at 1:50:02 on
Microsoft Windows 7 Home Premium   6.1..81.86.9724 [GMT 8:00]
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\crssc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\AsScrPro.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp:///home
uWindow Title = Internet Explorer (Inori version)
uDefault_Page_URL = hxxp:///home
uProxyOverride = &local&
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd--a82b-b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd--a82b-b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {-B461-4BC5-46192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd--a82b-b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AEE5C-4ED4-8F7B-F1F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-5} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {DB7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: ooVoo toolbar, powered : {D4A-4066-A1AD-} - C:\Program Files (x86)\\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC85b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD--A82B-B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Google Toolbar: {--9B18-CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd--a82b-b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll
TB: ooVoo toolbar, powered : {D4A-4066-A1AD-} - C:\Program Files (x86)\\GenericAskToolbar.dll
TB: Google Toolbar: {--9B18-CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [crsscmgr] C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\crssc.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3EFDD8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B58B2A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\art248\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\art248\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-DA} - {31D09BA0-12F5-4CCE-BE8A-DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC} - {898EA8C8-E7FF-479B-8935-AEC} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: lscsvrprn01
DPF: {B42-4E3C-AD81-7F0DF801B4AE} - hxxp:///download/C/9/C/C9C3D86D-84AC-4AF0-A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\36B637 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\36B637 : DHCPNameServer = 192.168.88.254 8.8.8.8
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\D4166656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\D4166656 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\F4CFF534F : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\F4CFF534F : DHCPNameServer = 192.168.88.254 8.8.8.8
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\F6CF : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F693090B-F740-4BEC-90A3-D1C33B6DC82C}\F6CF : DHCPNameServer = 192.168.9.1
Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {5-4E58-B298-A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - &orphaned&
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AEE5C-4ED4-8F7B-F1F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {DB7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - &no file&
x64-TB: Google Toolbar: {--9B18-CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-DA} - {31D09BA0-12F5-4CCE-BE8A-DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC} - {898EA8C8-E7FF-479B-8935-AEC} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {5-4E58-B298-A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-DD7F5D} - &orphaned&
x64-SSODL: WebCheck - &orphaned&
============= SERVICES / DRIVERS ===============
R1C:\Windows\System32\drivers\avfwot.sys [ 141376]
R1C:\Windows\System32\drivers\avkmgr.sys [ 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus DC:\Windows\System32\drivers\dtsoftbus01.sys [ 283064]
R2 AFBAAFBAC:\Windows\System32\FBAgent.exe [ 379520]
R2 AMD External Events UAMD External Events UC:\Windows\System32\atiesrxx.exe [ 239616]
R2 AMD FUEL SAMD FUEL SC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [ 361984]
R2 AntiVirFirewallSAvira FireWC:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [ 1012280]
R2 AntiVirMailSAvira Mail PC:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [ 896056]
R2 AntiVirSchedulerSAvira SC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [ 440376]
R2 AntiVirSAvira Real-Time PC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [ 440376]
R2 AntiVirWebSAvira Web PC:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [ 1011768]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [ 57472]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [ 15416]
R2C:\Windows\System32\drivers\avgntflt.sys [ 108440]
R2 RealNetworks Downloader Resolver SRealNetworks Downloader Resolver SC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [ 39056]
R2 Skype C2C SSkype C2C SC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [ 3275136]
R2 TuneUp.UtilitiesSTuneUp Utilities SC:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [ 1394504]
R3 AtiHDAudioSAMD Function Driver for HD Audio SC:\Windows\System32\drivers\AtihdW76.sys [ 96896]
R3AvFw Packet Filter MC:\Windows\System32\drivers\avfwim.sys [ 114608]
R3Bluetooth USB FC:\Windows\System32\drivers\btusbflt.sys [ 52264]
R3 btwl2Bluetooth L2CAP SC:\Windows\System32\drivers\btwl2cap.sys [ 35104]
R3 ETD;ELAN PS/2 Port Input DC:\Windows\System32\drivers\ETD.sys [ 135560]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [ 169048]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [ 115312]
R3 TuneUpUtilitiesDTuneUpUtilitiesDC:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [ 11856]
R3AMD USB Filter DC:\Windows\System32\drivers\usbfilter.sys [ 38456]
S2 ANSYS, Inc. License MANSYS, Inc. License MC:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [ 4954112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [ 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [ 124088]
S3 CoordinatorServiceHSW Distributed TS Coordinator SC:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [ 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [ 1431888]
S3 IEEtwCollectorSInternet Explorer ETW Collector SC:\Windows\System32\ieetwcollector.exe [ 111616]
S3 ose64;Office 64 Source EC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [ 178824]
S3 SkypeUSkype UC:\Program Files (x86)\Skype\Updater\Updater.exe [ 171680]
S3 Sony PC CSony PC CC:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [ 155824]
S3 taphss6;Anchorfree HSS VPN AC:\Windows\System32\drivers\taphss6.sys [ 40712]
S3 TsUsbFTsUsbFC:\Windows\System32\drivers\TsUsbFlt.sys [ 59392]
S3 TsUsbGD;Remote Desktop Generic USB DC:\Windows\System32\drivers\TsUsbGD.sys [ 31232]
S3 WatAdminSWindows Activation Technologies SC:\Windows\System32\Wat\WatAdminSvc.exe [ 1255736]
S3 WDC_SAM;WD SCSI Pass TC:\Windows\System32\drivers\wdcsam64.sys [ 14464]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [ 14544]
=============== Created Last 30 ================
12:46:02 -------- d-----w- C:\Users\art248\AppData\Roaming\Malwarebytes
12:45:45 -------- d-----w- C:\ProgramData\Malwarebytes
12:45:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
12:45:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
11:42:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
11:42:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
11:42:00 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
11:42:00 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
11:41:57 3155968 ----a-w- C:\Windows\System32\win32k.sys
11:41:41 150016 ----a-w- C:\Windows\System32\wshom.ocx
11:41:41 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
11:41:40 202752 ----a-w- C:\Windows\System32\scrrun.dll
11:41:40 168960 ----a-w- C:\Windows\System32\wscript.exe
11:41:40 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
11:41:40 156160 ----a-w- C:\Windows\System32\cscript.exe
11:41:40 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
11:41:40 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
07:52:26 456704 ----a-w- C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp63E0.exe
13:45:20 35384 ----a-w- C:\Windows\System32\drivers\AsDsm.sys
13:45:20 -------- d-----w- C:\ADSM_PData_0150
10:02:09 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
02:36:31 -------- d-----w- C:\Users\art248\AppData\Local\CrashDumps
17:29:01 -------- d-----w- C:\Windows\Migration
10:00:21 878080 ----a-w- C:\Windows\System32\advapi32.dll
09:59:20 327168 ----a-w- C:\Windows\System32\mswsock.dll
09:59:20 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
09:59:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
09:58:46 68608 ----a-w- C:\Windows\System32\taskhost.exe
==================== Find3M  ====================
13:10:13 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
13:10:13 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
16:09:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
16:09:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
10:00:21 859648 ----a-w- C:\Windows\System32\tdh.dll
10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
19:14:29 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
07:58:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
07:18:41 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
08:48:47 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
============= FINISH:  1:50:56.86 ===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.
art248 :: ART248-PC [administrator]
01-Jan-14 6:42:30 AM
mbam-log- (06-42-30).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 723391
Time elapsed: 2 hour(s), 29 minute(s), 54 second(s)
Memory Processes Detected: 1
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\crssc.exe (Trojan.FakeMS) -& 4012 -& Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 7
HKCR\AppID\{CA12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -& Quarantined and deleted successfully.
HKCR\CLSID\{3c4-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -& Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -& Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -& Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -& Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -& Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|crsscmgr (Trojan.FakeMS) -& Data: C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\crssc.exe -& Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 7
C:\Users\art248\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy\DE (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy\FC93CA98C4B (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
Files Detected: 22
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\crssc.exe (Trojan.FakeMS) -& Delete on reboot.
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\keygen.exe (Trojan.Agent.CK) -& Quarantined and deleted successfully.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -& Quarantined and deleted successfully.
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -& Quarantined and deleted successfully.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp63E0.exe (Trojan.FakeMS) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\service.exe (PUP.Optional.Bitminer) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy\DE\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy.A) -& Quarantined and deleted successfully.
C:\Users\art248\Downloads\Installers\DTLite.exe (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
C:\Users\art248\Downloads\Installers\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
C:\Users\art248\Downloads\Installers\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy\DE\RealPlayerR71POC_p2v2.exe (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
C:\Users\art248\AppData\Roaming\OpenCandy\FC93CA98C4B\IE9-Windows7-x64-enuUK_p2v2.exe (PUP.Optional.OpenCandy) -& Quarantined and deleted successfully.
security check log:
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Utilities    
 TuneUp Utilities Language Pack (en-GB) 
 TuneUp Utilities    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log``````````````````````
the earlier avira logs prior to performing all these scans
Avira Internet Security
Report file date: Tuesday, December 31, 2013  13:49
The program is running as an unrestricted full version.
Online services are available.
Licensee        : Arthur Saw
Serial number   : [removed]
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : art248
Computer name   : ART248-PC
Version information:
BUILD.DAT       : 14.0.2.286     67097 Bytes   11:37:00
AVSCAN.EXE      : 14.0.2.254   1032760 Bytes   12:59:43
AVSCANRC.DLL    : 14.0.2.180     52280 Bytes   12:59:43
LUKE.DLL        : 14.0.2.234     65592 Bytes   13:07:27
AVSCPLR.DLL     : 14.0.2.254    124472 Bytes   12:59:44
AVREG.DLL       : 14.0.2.212    250424 Bytes   12:59:34
avlode.dll      : 14.0.2.254    540216 Bytes   12:58:47
avlode.rdf      : 13.0.1.62      56973 Bytes   12:50:28
VBASE000.VDF    : 7.11.70.0  
Bytes   09:09:42
VBASE001.VDF    : 7.11.74.226  2201600 Bytes   13:34:48
VBASE002.VDF    : 7.11.80.60   2751488 Bytes   17:46:24
VBASE003.VDF    : 7.11.85.214  2162688 Bytes   18:18:05
VBASE004.VDF    : 7.11.91.176  3903488 Bytes   12:49:33
VBASE005.VDF    : 7.11.98.186  6822912 Bytes   17:22:48
VBASE006.VDF    : 7.11.103.230  2293248 Bytes   10:29:43
VBASE007.VDF    : 7.11.116.38  5485568 Bytes   13:23:01
VBASE008.VDF    : 7.11.120.140  1154560 Bytes   15:23:17
VBASE009.VDF    : 7.11.120.141     2048 Bytes   15:23:17
VBASE010.VDF    : 7.11.120.142     2048 Bytes   15:23:18
VBASE011.VDF    : 7.11.120.143     2048 Bytes   15:23:18
VBASE012.VDF    : 7.11.120.144     2048 Bytes   15:23:19
VBASE013.VDF    : 7.11.120.145     2048 Bytes   15:23:19
VBASE014.VDF    : 7.11.121.19   126976 Bytes   13:56:47
VBASE015.VDF    : 7.11.121.147   122880 Bytes   10:48:15
VBASE016.VDF    : 7.11.121.233   115712 Bytes   16:21:19
VBASE017.VDF    : 7.11.122.57   325120 Bytes   16:37:25
VBASE018.VDF    : 7.11.122.123   199680 Bytes   13:42:41
VBASE019.VDF    : 7.11.122.124     2048 Bytes   13:42:41
VBASE020.VDF    : 7.11.122.125     2048 Bytes   13:42:42
VBASE021.VDF    : 7.11.122.126     2048 Bytes   13:42:42
VBASE022.VDF    : 7.11.122.127     2048 Bytes   13:42:43
VBASE023.VDF    : 7.11.122.128     2048 Bytes   13:42:43
VBASE024.VDF    : 7.11.122.129     2048 Bytes   13:42:44
VBASE025.VDF    : 7.11.122.130     2048 Bytes   13:42:44
VBASE026.VDF    : 7.11.122.131     2048 Bytes   13:42:44
VBASE027.VDF    : 7.11.122.132     2048 Bytes   13:42:45
VBASE028.VDF    : 7.11.122.133     2048 Bytes   13:42:45
VBASE029.VDF    : 7.11.122.134     2048 Bytes   13:42:45
VBASE030.VDF    : 7.11.122.135     2048 Bytes   13:42:46
VBASE031.VDF    : 7.11.122.188   309248 Bytes   13:53:45
Engine version  : 8.2.12.166
AEVDF.DLL       : 8.1.3.4       102774 Bytes   13:33:25
AESCRIPT.DLL    : 8.1.4.176     520574 Bytes   15:24:26
AESCN.DLL       : 8.1.10.6      131447 Bytes   14:44:22
AESBX.DLL       : 8.2.16.26    1245560 Bytes   10:48:31
AERDL.DLL       : 8.2.0.138     704888 Bytes   15:22:50
AEPACK.DLL      : 8.3.3.8       762232 Bytes   15:24:25
AEOFFICE.DLL    : 8.1.2.76      205181 Bytes   07:43:13
AEHEUR.DLL      : 8.1.4.830    6386042 Bytes   15:24:22
AEHELP.DLL      : 8.1.27.10     266618 Bytes   10:44:21
AEGEN.DLL       : 8.1.7.20      446839 Bytes   18:58:10
AEEXP.DLL       : 8.4.1.138     418168 Bytes   15:34:57
AEEMU.DLL       : 8.1.3.2       393587 Bytes   19:31:41
AECORE.DLL      : 8.1.33.0      225657 Bytes   14:44:21
AEBB.DLL        : 8.1.1.4        53619 Bytes   19:31:41
AVWINLL.DLL     : 14.0.2.180     23608 Bytes   12:51:49
AVPREF.DLL      : 14.0.2.180     48696 Bytes   12:59:27
AVREP.DLL       : 14.0.2.180    175672 Bytes   12:59:39
AVARKT.DLL      : 14.0.2.254    256056 Bytes   12:55:04
AVEVTLOG.DLL    : 14.0.2.180    165944 Bytes   12:56:52
SQLITE3.DLL     : 3.7.0.1       397088 Bytes   16:04:03
AVSMTP.DLL      : 14.0.2.180     60472 Bytes   12:59:53
NETNT.DLL       : 14.0.2.180     13368 Bytes   13:07:34
RCIMAGE.DLL     : 14.0.2.180   5162040 Bytes   12:51:49
RCTEXT.DLL      : 14.0.2.236     72760 Bytes   12:51:49
Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
Deviating risk categories...........: +JOKE,+PCK,
Start of the scan: Tuesday, December 31, 2013  13:49
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'svchost.exe' - '106' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'svchost.exe' - '150' Module(s) have been scanned
Scan process 'atieclxx.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'FBAgent.exe' - '41' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '25' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '14' Module(s) have been scanned
Scan process 'spoolsv.exe' - '78' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'Fuel.Service.exe' - '36' Module(s) have been scanned
Scan process 'taskhost.exe' - '58' Module(s) have been scanned
Scan process 'avfwsvc.exe' - '61' Module(s) have been scanned
Scan process 'avguard.exe' - '120' Module(s) have been scanned
Scan process 'Dwm.exe' - '40' Module(s) have been scanned
Scan process 'Explorer.EXE' - '189' Module(s) have been scanned
Scan process 'taskeng.exe' - '30' Module(s) have been scanned
Scan process 'rndlresolversvc.exe' - '25' Module(s) have been scanned
Scan process 'ALU.exe' - '60' Module(s) have been scanned
Scan process 'ControlDeck.exe' - '98' Module(s) have been scanned
Scan process 'wcourier.exe' - '39' Module(s) have been scanned
Scan process 'sensorsrv.exe' - '32' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '51' Module(s) have been scanned
Scan process 'c2c_service.exe' - '41' Module(s) have been scanned
Scan process 'HControl.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'TuneUpUtilitiesService64.exe' - '47' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '47' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '22' Module(s) have been scanned
Scan process 'WDC.exe' - '33' Module(s) have been scanned
Scan process 'ETDCtrl.exe' - '46' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '49' Module(s) have been scanned
Scan process 'itype.exe' - '68' Module(s) have been scanned
Scan process 'ipoint.exe' - '67' Module(s) have been scanned
Scan process 'StikyNot.exe' - '36' Module(s) have been scanned
Scan process 'TuneUpUtilitiesApp64.exe' - '29' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '63' Module(s) have been scanned
Scan process 'sidebar.exe' - '86' Module(s) have been scanned
Scan process 'crssc.exe' - '38' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '32' Module(s) have been scanned
Scan process 'DMedia.exe' - '30' Module(s) have been scanned
Scan process 'HControlUser.exe' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '109' Module(s) have been scanned
Scan process 'SRSPremiumPanel_64.exe' - '40' Module(s) have been scanned
Scan process 'ADSMTray.exe' - '28' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '36' Module(s) have been scanned
Scan process 'BTTray.exe' - '54' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'avmailc.exe' - '62' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '72' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '34' Module(s) have been scanned
Scan process 'btwdins.exe' - '29' Module(s) have been scanned
Scan process 'ETDCtrlHelper.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'avcenter.exe' - '149' Module(s) have been scanned
Scan process 'avscan.exe' - '116' Module(s) have been scanned
Scan process 'MOM.exe' - '84' Module(s) have been scanned
Scan process 'wuauclt.exe' - '37' Module(s) have been scanned
Scan process 'CCC.exe' - '248' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'LogonUI.exe' - '87' Module(s) have been scanned
Scan process 'smartlogon.exe' - '46' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '35' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'lsass.exe' - '66' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Initiating scan of system files:
Signed -& 'C:\Windows\system32\svchost.exe'
Signed -& 'C:\Windows\system32\winlogon.exe'
Signed -& 'C:\Windows\explorer.exe'
Signed -& 'C:\Windows\system32\smss.exe'
Signed -& 'C:\Windows\system32\wininet.DLL'
Signed -& 'C:\Windows\system32\wsock32.DLL'
Signed -& 'C:\Windows\system32\ws2_32.DLL'
Signed -& 'C:\Windows\system32\services.exe'
Signed -& 'C:\Windows\system32\lsass.exe'
Signed -& 'C:\Windows\system32\csrss.exe'
Signed -& 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -& 'C:\Windows\system32\spoolsv.exe'
Signed -& 'C:\Windows\system32\alg.exe'
Signed -& 'C:\Windows\system32\wuauclt.exe'
Signed -& 'C:\Windows\system32\advapi32.DLL'
Signed -& 'C:\Windows\system32\user32.DLL'
Signed -& 'C:\Windows\system32\gdi32.DLL'
Signed -& 'C:\Windows\system32\kernel32.DLL'
Signed -& 'C:\Windows\system32\ntdll.DLL'
Signed -& 'C:\Windows\system32\ntoskrnl.exe'
Signed -& 'C:\Windows\system32\drivers\beep.sys'
Signed -& 'C:\Windows\system32\ctfmon.exe'
Signed -& 'C:\Windows\system32\imm32.dll'
Signed -& 'C:\Windows\system32\dsound.dll'
Signed -& 'C:\Windows\system32\aclui.dll'
Signed -& 'C:\Windows\system32\msvcrt.dll'
Signed -& 'C:\Windows\system32\d3d9.dll'
Signed -& 'C:\Windows\system32\dnsapi.dll'
Signed -& 'C:\Windows\system32\mshtml.dll'
Signed -& 'C:\Windows\system32\regsvr32.exe'
Signed -& 'C:\Windows\system32\rundll32.exe'
Signed -& 'C:\Windows\system32\userinit.exe'
Signed -& 'C:\Windows\system32\reg.exe'
Signed -& 'C:\Windows\regedit.exe'
The system files were scanned ('34' files)
Starting to scan executable files (registry):
The registry was scanned ( '4328' files ).
Starting the file scan:
Begin scan in 'C:' &OS&
    [0] Archive type: RSRC
    --& C:\Downloads\Software\JavaSetup7u9.exe
        [1] Archive type: Runtime Packed
      --& C:\Program Files (x86)\ooVoo\ooVoo.exe
          [2] Archive type: RSRC
        --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\CurrentSigned\x86x64\amd64\WUDFUpdate_01007.dll
            [3] Archive type: RSRC
          --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\CurrentSigned\x86x64\i386\WUDFUpdate_01007.dll
              [4] Archive type: RSRC
            --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{2CD1390C-A74E-434A-B652-73D3683B3BEF}\amd64\winusbcoinstaller2.dll
                [5] Archive type: RSRC
              --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{2CD1390C-A74E-434A-B652-73D3683B3BEF}\amd64\WUDFUpdate_01009.dll
                  [6] Archive type: RSRC
                --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{2CD1390C-A74E-434A-B652-73D3683B3BEF}\i386\winusbcoinstaller2.dll
                    [7] Archive type: RSRC
                  --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{2CD1390C-A74E-434A-B652-73D3683B3BEF}\i386\WUDFUpdate_01009.dll
                      [8] Archive type: RSRC
                    --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{5A2F2D1B-F67A--6E6F20C68D85}\amd64\winusbcoinstaller2.dll
                        [9] Archive type: RSRC
                      --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{5A2F2D1B-F67A--6E6F20C68D85}\amd64\WUDFUpdate_01009.dll
                          [10] Archive type: RSRC
                        --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{5A2F2D1B-F67A--6E6F20C68D85}\i386\winusbcoinstaller2.dll
                            [11] Archive type: RSRC
                          --& C:\Program Files (x86)\Sony\Sony PC Companion\Drivers\{5A2F2D1B-F67A--6E6F20C68D85}\i386\WUDFUpdate_01009.dll
                              [12] Archive type: RSRC
                            --& C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpBF4A.exe
                                [13] Archive type: RAR SFX (self extracting)
                              --& services.exe
                                  [DETECTION] Is the TR/Rogue. Trojan
                                  [WARNING]   Infected files in archives cannot be repaired
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpBF4A.exe
  [DETECTION] Is the TR/Rogue. Trojan
C:\Users\art248\AppData\Local\Temp\1AF0.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
C:\Users\art248\AppData\Local\Temp\3052.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
C:\Users\art248\AppData\Local\Temp\403A.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
C:\Users\art248\AppData\Local\Temp\533D.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
C:\Users\art248\AppData\Local\Temp\F7B6.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
                            --& C:\Users\art248\Documents\Engineering\Monash\Year 3\TRC3000\Conveyor_data_sheets_MPSProj\FESTO_Installation_inst_downloaded.zip
                                [13] Archive type: ZIP
                              --& FESTO_Installation_inst_downloaded/MPS500_STEP7/V06/InTouchEthernet/Visualisierungsapplikation/MPS500 L1 Ethernet.exe
                                  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
                                  [WARNING]   Infected files in archives cannot be repaired
C:\Users\art248\Documents\Engineering\Monash\Year 3\TRC3000\Conveyor_data_sheets_MPSProj\FESTO_Installation_inst_downloaded.zip
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Beginning disinfection:
C:\Users\art248\Documents\Engineering\Monash\Year 3\TRC3000\Conveyor_data_sheets_MPSProj\FESTO_Installation_inst_downloaded.zip
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [WARNING]   The file was ignored.
C:\Users\art248\AppData\Local\Temp\F7B6.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5e860f24.qua'!
C:\Users\art248\AppData\Local\Temp\533D.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '47e0208f.qua'!
C:\Users\art248\AppData\Local\Temp\403A.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '15bf7a64.qua'!
C:\Users\art248\AppData\Local\Temp\3052.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '738a35a6.qua'!
C:\Users\art248\AppData\Local\Temp\1AF0.tmp
  [DETECTION] Is the TR/Fakealert.141.15 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '37f11889.qua'!
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpBF4A.exe
  [DETECTION] Is the TR/Rogue. Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '48d02d3c.qua'!
End of the scan: Tuesday, December 31, 2013  19:00
Used time:  5:03:09 Hour(s)
The scan has been done completely.
  46776 Scanned directories
 2289092 Files were scanned
      9 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      6 Files were moved to quara
Edited by TheJoker, 02 January 2014 - 09:04 PM.
Removed Avira serial number
oh yeah btw for the security check log, it states that windows firewall is disabled but i'm using the firewall that came with avira and avira is set to turn off windows firewall by default. and avira desktop confirms that the firewall is active. although pc issues still show that windows firewall is off but i guess its ok since avira shows avira firewall is running
Hi art248, and welcome to SWI.
Lot's of things there to take care of.
Please run instructions in the order posted.
Please download Malwarebytes Anti-Rootkit .Unzip the contents to a folder on the Desktop.
Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Please post the two logs produced.
Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.
by OldTimer to your Desktop.
Close all windows and double click OTL.exe.
In the Extra Registry section, click and select "All".
In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
[EmptyTemp]
Click Run Scan and let the program run uninterrupted.
When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post each in their own reply due to length.
Please scan your system with
Click the "Run ESET Online Scanner" button.
For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
Save it to your desktop, and double-click to run it.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
Please post the two logs from Malwarebytes Anti-Malware, Then in a second reply (so nothing is cut off by the maximum post length) the contents of OTL.Txt and the ESET Online Scan results, and then in a third reply, the contents of Extras.Txt.
Free Tools for Fighting Malware
Anti-Virus:
OnLine Anti-Virus:
Anti-Malware:
Spyware/Adware Tools:
Tutorials:
/ If we have helped, please help us continue the fight by using the Donate button, or see
for other ways to donate.
and ASAP Member since 2005
hey TheJoker, thanks for the prompt response. i will perform those actions that are requested and get back to you as soon as i can. thanks
right, sorry the ESET scan took quite awhile, nearly 10 hours
malwarebytes rootkit logs:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.
art248 :: ART248-PC [administrator]
02-Jan-14 4:18:00 AM
mbar-log- (04-18-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 239601
Time elapsed: 18 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr (Trojan.Bitminer) -& Delete on reboot.
Files Detected: 3
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\libcurl-4.dll (Trojan.Bitminer) -& Delete on reboot.
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\libgcc_s_dw2-1.dll (Trojan.Bitminer) -& Delete on reboot.
C:\Users\art248\AppData\Roaming\Adobe\crsscmgr\pthreadGC2.dll (Trojan.Bitminer) -& Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
& Malwarebytes Corporation
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: , free:
Downloaded database version: v.05
Downloaded database version: v.01
=======================================
Initializing...
------------ Kernel report ------------
     01/02/:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\JME.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\user32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Wi
