Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak - Can't boot to Safe Mode

Started by kephyr , Aug 29 2012 11:09 AM

  • Please log in to reply
7 replies to this topic

#1 kephyr

kephyr

    Member

  • Members
  • PipPip
  • 45 posts

Posted 29 August 2012 - 11:09 AM

On a Sony VAIO laptop running Vista Home Premium infected with the FBI Moneypak virus, it won't boot to safe mode to proceed with the removal instructions under virus-removal here.

So now what do I do??

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 29 August 2012 - 11:34 AM

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

If yes

Select System restore

If you have restore point before you were infected,restore it and let me know if you can boot now

#3 kephyr

kephyr

    Member

  • Members
  • PipPip
  • 45 posts

Posted 29 August 2012 - 12:50 PM

Was able to restore. Can now boot up in Safe mode.

Do I proceed with Emsisoft?

#4 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 29 August 2012 - 12:51 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 kephyr

kephyr

    Member

  • Members
  • PipPip
  • 45 posts

Posted 29 August 2012 - 05:00 PM

Finished the scans. Here are the results:

TDSSKiller:

11:03:23.0549 2024 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
11:03:24.0064 2024 ============================================================
11:03:24.0064 2024 Current date / time: 2012/08/29 11:03:24.0064
11:03:24.0064 2024 SystemInfo:
11:03:24.0064 2024
11:03:24.0064 2024 OS Version: 6.0.6002 ServicePack: 2.0
11:03:24.0064 2024 Product type: Workstation
11:03:24.0064 2024 ComputerName: OLYPIAKOS-PC
11:03:24.0064 2024 UserName: OLYPIAKOS
11:03:24.0064 2024 Windows directory: C:\Windows
11:03:24.0064 2024 System windows directory: C:\Windows
11:03:24.0064 2024 Running under WOW64
11:03:24.0064 2024 Processor architecture: Intel x64
11:03:24.0064 2024 Number of processors: 2
11:03:24.0064 2024 Page size: 0x1000
11:03:24.0064 2024 Boot type: Safe boot with network
11:03:24.0064 2024 ============================================================
11:03:24.0547 2024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:03:24.0563 2024 ============================================================
11:03:24.0563 2024 \Device\Harddisk0\DR0:
11:03:24.0563 2024 MBR partitions:
11:03:24.0563 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x145A800, BlocksNum 0x1BD6A970
11:03:24.0563 2024 ============================================================
11:03:24.0594 2024 C: <-> \Device\Harddisk0\DR0\Partition1
11:03:24.0594 2024 ============================================================
11:03:24.0610 2024 Initialize success
11:03:24.0610 2024 ============================================================
11:03:37.0714 2072 ============================================================
11:03:37.0714 2072 Scan started
11:03:37.0714 2072 Mode: Manual; TDLFS;
11:03:37.0714 2072 ============================================================
11:03:38.0135 2072 ================ Scan system memory ========================
11:03:38.0135 2072 System memory - ok
11:03:38.0150 2072 ================ Scan services =============================
11:03:38.0291 2072 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:03:38.0291 2072 ACDaemon - ok
11:03:38.0494 2072 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:03:38.0509 2072 ACPI - ok
11:03:38.0728 2072 [ 5E1A953C6472E7BB644892A4D0DF5E72 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:03:38.0743 2072 AdobeFlashPlayerUpdateSvc - ok
11:03:38.0837 2072 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:03:38.0852 2072 adp94xx - ok
11:03:38.0899 2072 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:03:38.0899 2072 adpahci - ok
11:03:38.0930 2072 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:03:38.0930 2072 adpu160m - ok
11:03:38.0946 2072 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:03:38.0946 2072 adpu320 - ok
11:03:39.0024 2072 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:03:39.0040 2072 AeLookupSvc - ok
11:03:39.0102 2072 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
11:03:39.0102 2072 Afc - ok
11:03:39.0180 2072 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
11:03:39.0196 2072 AFD - ok
11:03:39.0242 2072 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:03:39.0242 2072 agp440 - ok
11:03:39.0289 2072 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:03:39.0289 2072 aic78xx - ok
11:03:39.0305 2072 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
11:03:39.0305 2072 ALG - ok
11:03:39.0352 2072 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
11:03:39.0352 2072 aliide - ok
11:03:39.0367 2072 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
11:03:39.0367 2072 amdide - ok
11:03:39.0398 2072 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:03:39.0398 2072 AmdK8 - ok
11:03:39.0476 2072 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
11:03:39.0476 2072 Appinfo - ok
11:03:39.0617 2072 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:03:39.0617 2072 Apple Mobile Device - ok
11:03:39.0664 2072 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
11:03:39.0664 2072 arc - ok
11:03:39.0710 2072 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:03:39.0710 2072 arcsas - ok
11:03:39.0757 2072 [ 1CE3822B05A5E229286A15EA39369870 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
11:03:39.0757 2072 ArcSoftKsUFilter - ok
11:03:39.0804 2072 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:39.0804 2072 AsyncMac - ok
11:03:39.0851 2072 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
11:03:39.0851 2072 atapi - ok
11:03:39.0929 2072 [ 390BC9B68E1EF2A299731BC775D43004 ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:03:39.0976 2072 athr - ok
11:03:40.0038 2072 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:03:40.0054 2072 AudioEndpointBuilder - ok
11:03:40.0085 2072 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:03:40.0085 2072 AudioSrv - ok
11:03:40.0381 2072 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:03:40.0381 2072 BBSvc - ok
11:03:40.0444 2072 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:03:40.0444 2072 BBUpdate - ok
11:03:40.0522 2072 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
11:03:40.0537 2072 BFE - ok
11:03:40.0615 2072 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
11:03:40.0678 2072 BITS - ok
11:03:40.0709 2072 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:03:40.0724 2072 blbdrive - ok
11:03:41.0036 2072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:03:41.0068 2072 Bonjour Service - ok
11:03:41.0099 2072 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:03:41.0099 2072 bowser - ok
11:03:41.0146 2072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:03:41.0146 2072 BrFiltLo - ok
11:03:41.0177 2072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:03:41.0177 2072 BrFiltUp - ok
11:03:41.0239 2072 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
11:03:41.0239 2072 Browser - ok
11:03:41.0286 2072 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
11:03:41.0286 2072 Brserid - ok
11:03:41.0302 2072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:03:41.0302 2072 BrSerWdm - ok
11:03:41.0302 2072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:03:41.0317 2072 BrUsbMdm - ok
11:03:41.0317 2072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:03:41.0317 2072 BrUsbSer - ok
11:03:41.0364 2072 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:03:41.0364 2072 BTHMODEM - ok
11:03:41.0395 2072 Bulk1528 - ok
11:03:41.0411 2072 Ca1528av - ok
11:03:41.0489 2072 [ FDB53A8D3BC52DC29884587E768E3388 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:03:41.0504 2072 CAXHWAZL - ok
11:03:41.0520 2072 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:03:41.0520 2072 cdfs - ok
11:03:41.0582 2072 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:03:41.0582 2072 cdrom - ok
11:03:41.0660 2072 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
11:03:41.0660 2072 CertPropSvc - ok
11:03:41.0676 2072 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
11:03:41.0676 2072 circlass - ok
11:03:41.0723 2072 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
11:03:41.0723 2072 CLFS - ok
11:03:41.0832 2072 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:41.0832 2072 clr_optimization_v2.0.50727_32 - ok
11:03:41.0894 2072 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:41.0894 2072 clr_optimization_v2.0.50727_64 - ok
11:03:41.0957 2072 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:03:41.0957 2072 CmBatt - ok
11:03:41.0972 2072 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:03:41.0972 2072 cmdide - ok
11:03:41.0988 2072 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:03:41.0988 2072 Compbatt - ok
11:03:41.0988 2072 COMSysApp - ok
11:03:42.0004 2072 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:03:42.0004 2072 crcdisk - ok
11:03:42.0082 2072 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:03:42.0082 2072 CryptSvc - ok
11:03:42.0160 2072 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:03:42.0206 2072 DcomLaunch - ok
11:03:42.0284 2072 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:03:42.0284 2072 DfsC - ok
11:03:42.0440 2072 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
11:03:42.0581 2072 DFSR - ok
11:03:42.0674 2072 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:03:42.0690 2072 Dhcp - ok
11:03:42.0706 2072 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
11:03:42.0706 2072 disk - ok
11:03:42.0737 2072 DMICall - ok
11:03:42.0784 2072 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:03:42.0784 2072 Dnscache - ok
11:03:42.0799 2072 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
11:03:42.0799 2072 dot3svc - ok
11:03:42.0893 2072 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:03:42.0893 2072 Dot4 - ok
11:03:42.0924 2072 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:03:42.0924 2072 Dot4Print - ok
11:03:42.0940 2072 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:03:42.0940 2072 dot4usb - ok
11:03:43.0002 2072 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
11:03:43.0002 2072 DPS - ok
11:03:43.0064 2072 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:03:43.0064 2072 drmkaud - ok
11:03:43.0111 2072 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:03:43.0142 2072 DXGKrnl - ok
11:03:43.0158 2072 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
11:03:43.0158 2072 E1G60 - ok
11:03:43.0205 2072 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
11:03:43.0205 2072 EapHost - ok
11:03:43.0267 2072 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
11:03:43.0283 2072 Ecache - ok
11:03:43.0330 2072 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:03:43.0330 2072 ehRecvr - ok
11:03:43.0361 2072 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
11:03:43.0361 2072 ehSched - ok
11:03:43.0408 2072 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
11:03:43.0408 2072 ehstart - ok
11:03:43.0454 2072 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:03:43.0470 2072 elxstor - ok
11:03:43.0517 2072 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:03:43.0517 2072 EMDMgmt - ok
11:03:43.0532 2072 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:03:43.0532 2072 ErrDev - ok
11:03:43.0564 2072 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
11:03:43.0564 2072 EventSystem - ok
11:03:43.0610 2072 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
11:03:43.0610 2072 exfat - ok
11:03:43.0642 2072 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:03:43.0642 2072 fastfat - ok
11:03:43.0688 2072 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:03:43.0688 2072 fdc - ok
11:03:43.0720 2072 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
11:03:43.0720 2072 fdPHost - ok
11:03:43.0735 2072 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
11:03:43.0735 2072 FDResPub - ok
11:03:43.0751 2072 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:03:43.0751 2072 FileInfo - ok
11:03:43.0766 2072 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:03:43.0766 2072 Filetrace - ok
11:03:43.0766 2072 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:03:43.0782 2072 flpydisk - ok
11:03:43.0798 2072 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:03:43.0798 2072 FltMgr - ok
11:03:43.0891 2072 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
11:03:43.0922 2072 FontCache - ok
11:03:43.0969 2072 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:43.0969 2072 FontCache3.0.0.0 - ok
11:03:44.0016 2072 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:03:44.0016 2072 Fs_Rec - ok
11:03:44.0032 2072 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:03:44.0047 2072 gagp30kx - ok
11:03:44.0063 2072 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:03:44.0063 2072 GEARAspiWDM - ok
11:03:44.0110 2072 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
11:03:44.0141 2072 gpsvc - ok
11:03:44.0219 2072 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9cf8f33e9b278 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:03:44.0234 2072 gupdate1c9cf8f33e9b278 - ok
11:03:44.0266 2072 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:03:44.0266 2072 gupdatem - ok
11:03:44.0312 2072 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:03:44.0312 2072 gusvc - ok
11:03:44.0375 2072 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:03:44.0375 2072 HdAudAddService - ok
11:03:44.0437 2072 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:44.0468 2072 HDAudBus - ok
11:03:44.0484 2072 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:03:44.0484 2072 HidBth - ok
11:03:44.0515 2072 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:03:44.0515 2072 HidIr - ok
11:03:44.0546 2072 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
11:03:44.0546 2072 hidserv - ok
11:03:44.0546 2072 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:03:44.0562 2072 HidUsb - ok
11:03:44.0578 2072 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
11:03:44.0578 2072 hkmsvc - ok
11:03:44.0624 2072 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:03:44.0640 2072 HpCISSs - ok
11:03:44.0702 2072 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:03:44.0718 2072 hpqcxs08 - ok
11:03:44.0734 2072 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:03:44.0734 2072 hpqddsvc - ok
11:03:44.0812 2072 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:03:44.0812 2072 HSFHWAZL - ok
11:03:44.0874 2072 [ E90D0E3D9715F3BEC7DB2D6321DDDEE8 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:03:44.0905 2072 HSF_DPV - ok
11:03:44.0952 2072 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:03:45.0030 2072 HTTP - ok
11:03:45.0077 2072 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:03:45.0077 2072 i2omp - ok
11:03:45.0124 2072 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:45.0124 2072 i8042prt - ok
11:03:45.0155 2072 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:03:45.0170 2072 iaStor - ok
11:03:45.0202 2072 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:03:45.0202 2072 iaStorV - ok
11:03:45.0311 2072 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:45.0342 2072 idsvc - ok
11:03:45.0529 2072 [ 51D1FC6B0D4C3855A75D167DA9D87BBA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:03:45.0716 2072 igfx - ok
11:03:45.0763 2072 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:03:45.0763 2072 iirsp - ok
11:03:45.0794 2072 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
11:03:45.0810 2072 IKEEXT - ok
11:03:45.0904 2072 [ 18F7691B18D4A93559D2A998AB2142BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:03:45.0950 2072 IntcAzAudAddService - ok
11:03:46.0044 2072 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
11:03:46.0044 2072 intelide - ok
11:03:46.0060 2072 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:03:46.0060 2072 intelppm - ok
11:03:46.0091 2072 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:03:46.0091 2072 IPBusEnum - ok
11:03:46.0122 2072 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:46.0122 2072 IpFilterDriver - ok
11:03:46.0169 2072 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:03:46.0169 2072 iphlpsvc - ok
11:03:46.0184 2072 IpInIp - ok
11:03:46.0247 2072 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:03:46.0247 2072 IPMIDRV - ok
11:03:46.0262 2072 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:03:46.0262 2072 IPNAT - ok
11:03:46.0356 2072 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:03:46.0387 2072 iPod Service - ok
11:03:46.0387 2072 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:03:46.0387 2072 IRENUM - ok
11:03:46.0465 2072 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:03:46.0465 2072 isapnp - ok
11:03:46.0512 2072 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:03:46.0512 2072 iScsiPrt - ok
11:03:46.0528 2072 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:03:46.0528 2072 iteatapi - ok
11:03:46.0574 2072 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:03:46.0574 2072 iteraid - ok
11:03:46.0606 2072 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:03:46.0606 2072 IviRegMgr - ok
11:03:46.0606 2072 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:46.0606 2072 kbdclass - ok
11:03:46.0621 2072 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:03:46.0621 2072 kbdhid - ok
11:03:46.0652 2072 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
11:03:46.0652 2072 KeyIso - ok
11:03:46.0715 2072 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:03:46.0746 2072 KSecDD - ok
11:03:46.0824 2072 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:03:46.0824 2072 ksthunk - ok
11:03:46.0886 2072 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
11:03:46.0886 2072 KtmRm - ok
11:03:46.0918 2072 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:03:46.0964 2072 LanmanServer - ok
11:03:47.0027 2072 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:03:47.0027 2072 LanmanWorkstation - ok
11:03:47.0042 2072 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:03:47.0042 2072 lltdio - ok
11:03:47.0089 2072 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:03:47.0105 2072 lltdsvc - ok
11:03:47.0120 2072 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:03:47.0120 2072 lmhosts - ok
11:03:47.0136 2072 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:03:47.0152 2072 LSI_FC - ok
11:03:47.0167 2072 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:03:47.0167 2072 LSI_SAS - ok
11:03:47.0183 2072 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:03:47.0183 2072 LSI_SCSI - ok
11:03:47.0198 2072 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
11:03:47.0198 2072 luafv - ok
11:03:47.0230 2072 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:03:47.0230 2072 Mcx2Svc - ok
11:03:47.0261 2072 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:03:47.0261 2072 mdmxsdk - ok
11:03:47.0323 2072 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
11:03:47.0323 2072 megasas - ok
11:03:47.0386 2072 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
11:03:47.0386 2072 MegaSR - ok
11:03:47.0417 2072 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
11:03:47.0417 2072 MMCSS - ok
11:03:47.0432 2072 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
11:03:47.0432 2072 Modem - ok
11:03:47.0464 2072 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:03:47.0464 2072 monitor - ok
11:03:47.0479 2072 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:03:47.0479 2072 mouclass - ok
11:03:47.0526 2072 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:03:47.0526 2072 mouhid - ok
11:03:47.0542 2072 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:03:47.0542 2072 MountMgr - ok
11:03:47.0588 2072 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:03:47.0588 2072 MpFilter - ok
11:03:47.0651 2072 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
11:03:47.0651 2072 mpio - ok
11:03:47.0666 2072 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:03:47.0666 2072 mpsdrv - ok
11:03:47.0713 2072 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
11:03:47.0729 2072 MpsSvc - ok
11:03:47.0776 2072 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:03:47.0776 2072 Mraid35x - ok
11:03:47.0822 2072 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:03:47.0822 2072 MRxDAV - ok
11:03:47.0822 2072 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:47.0838 2072 mrxsmb - ok
11:03:47.0869 2072 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:47.0869 2072 mrxsmb10 - ok
11:03:47.0900 2072 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:47.0900 2072 mrxsmb20 - ok
11:03:47.0947 2072 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
11:03:47.0947 2072 msahci - ok
11:03:47.0963 2072 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:03:47.0963 2072 msdsm - ok
11:03:47.0978 2072 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
11:03:47.0978 2072 MSDTC - ok
11:03:48.0010 2072 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:03:48.0010 2072 Msfs - ok
11:03:48.0041 2072 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:03:48.0056 2072 msisadrv - ok
11:03:48.0088 2072 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:03:48.0088 2072 MSiSCSI - ok
11:03:48.0088 2072 msiserver - ok
11:03:48.0150 2072 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:03:48.0150 2072 MSKSSRV - ok
11:03:48.0228 2072 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:03:48.0228 2072 MsMpSvc - ok
11:03:48.0228 2072 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:03:48.0228 2072 MSPCLOCK - ok
11:03:48.0244 2072 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:03:48.0244 2072 MSPQM - ok
11:03:48.0275 2072 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:03:48.0275 2072 MsRPC - ok
11:03:48.0290 2072 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:03:48.0290 2072 mssmbios - ok
11:03:48.0290 2072 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:03:48.0290 2072 MSTEE - ok
11:03:48.0306 2072 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
11:03:48.0306 2072 Mup - ok
11:03:48.0384 2072 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
11:03:48.0400 2072 napagent - ok
11:03:48.0462 2072 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:03:48.0478 2072 NativeWifiP - ok
11:03:48.0524 2072 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:03:48.0556 2072 NDIS - ok
11:03:48.0618 2072 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:03:48.0618 2072 NdisTapi - ok
11:03:48.0634 2072 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:03:48.0634 2072 Ndisuio - ok
11:03:48.0665 2072 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:03:48.0665 2072 NdisWan - ok
11:03:48.0680 2072 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:03:48.0680 2072 NDProxy - ok
11:03:48.0743 2072 [ BD94210175C488F18ADD3E189EE9304C ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:03:48.0758 2072 Net Driver HPZ12 - ok
11:03:48.0790 2072 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:03:48.0805 2072 NetBIOS - ok
11:03:48.0805 2072 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:03:48.0821 2072 netbt - ok
11:03:48.0821 2072 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
11:03:48.0821 2072 Netlogon - ok
11:03:48.0914 2072 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
11:03:48.0930 2072 Netman - ok
11:03:48.0946 2072 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
11:03:48.0946 2072 netprofm - ok
11:03:48.0977 2072 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:03:48.0992 2072 NetTcpPortSharing - ok
11:03:49.0024 2072 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:03:49.0024 2072 nfrd960 - ok
11:03:49.0055 2072 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:03:49.0055 2072 NisDrv - ok
11:03:49.0102 2072 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:03:49.0102 2072 NisSrv - ok
11:03:49.0117 2072 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
11:03:49.0133 2072 NlaSvc - ok
11:03:49.0148 2072 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:03:49.0164 2072 Npfs - ok
11:03:49.0180 2072 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
11:03:49.0180 2072 nsi - ok
11:03:49.0195 2072 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:03:49.0195 2072 nsiproxy - ok
11:03:49.0242 2072 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:03:49.0289 2072 Ntfs - ok
11:03:49.0320 2072 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
11:03:49.0320 2072 Null - ok
11:03:49.0351 2072 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:03:49.0351 2072 nvraid - ok
11:03:49.0367 2072 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:03:49.0367 2072 nvstor - ok
11:03:49.0382 2072 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:03:49.0382 2072 nv_agp - ok
11:03:49.0382 2072 NwlnkFlt - ok
11:03:49.0398 2072 NwlnkFwd - ok
11:03:49.0492 2072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:03:49.0507 2072 odserv - ok
11:03:49.0570 2072 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:03:49.0570 2072 ohci1394 - ok
11:03:49.0632 2072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:49.0632 2072 ose - ok
11:03:49.0694 2072 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:03:49.0710 2072 p2pimsvc - ok
11:03:49.0726 2072 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
11:03:49.0726 2072 p2psvc - ok
11:03:49.0960 2072 [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
11:03:49.0960 2072 PACSPTISVR - ok
11:03:50.0022 2072 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
11:03:50.0038 2072 Parport - ok
11:03:50.0084 2072 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:03:50.0084 2072 partmgr - ok
11:03:50.0116 2072 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
11:03:50.0116 2072 PcaSvc - ok
11:03:50.0162 2072 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
11:03:50.0162 2072 pci - ok
11:03:50.0178 2072 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
11:03:50.0178 2072 pciide - ok
11:03:50.0194 2072 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:03:50.0194 2072 pcmcia - ok
11:03:50.0225 2072 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:03:50.0256 2072 PEAUTH - ok
11:03:50.0381 2072 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:03:50.0396 2072 PerfHost - ok
11:03:50.0506 2072 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
11:03:50.0537 2072 pla - ok
11:03:50.0615 2072 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:03:50.0615 2072 PlugPlay - ok
11:03:50.0693 2072 [ 7FE2AFB17D91CF39843D6766EA31CFC7 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:03:50.0708 2072 Pml Driver HPZ12 - ok
11:03:50.0786 2072 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:03:50.0786 2072 PNRPAutoReg - ok
11:03:51.0208 2072 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:03:51.0223 2072 PNRPsvc - ok
11:03:51.0348 2072 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:03:51.0348 2072 PolicyAgent - ok
11:03:51.0410 2072 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:03:51.0410 2072 PptpMiniport - ok
11:03:51.0473 2072 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
11:03:51.0473 2072 Processor - ok
11:03:51.0504 2072 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
11:03:51.0504 2072 ProfSvc - ok
11:03:51.0535 2072 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
11:03:51.0535 2072 ProtectedStorage - ok
11:03:51.0551 2072 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:03:51.0551 2072 PSched - ok
11:03:51.0582 2072 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:03:51.0582 2072 PxHlpa64 - ok
11:03:51.0644 2072 [ 17996CA5C59259AE02CA95BD11D7BEEC ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:03:51.0644 2072 QBCFMonitorService - ok
11:03:51.0754 2072 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:03:51.0754 2072 QBFCService - ok
11:03:51.0878 2072 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:03:51.0956 2072 ql2300 - ok
11:03:52.0003 2072 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:03:52.0003 2072 ql40xx - ok
11:03:52.0034 2072 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
11:03:52.0034 2072 QWAVE - ok
11:03:52.0066 2072 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:03:52.0066 2072 QWAVEdrv - ok
11:03:52.0066 2072 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:03:52.0081 2072 RasAcd - ok
11:03:52.0081 2072 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
11:03:52.0097 2072 RasAuto - ok
11:03:52.0128 2072 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:03:52.0128 2072 Rasl2tp - ok
11:03:52.0175 2072 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
11:03:52.0175 2072 RasMan - ok
11:03:52.0222 2072 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:03:52.0237 2072 RasPppoe - ok
11:03:52.0237 2072 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:03:52.0237 2072 RasSstp - ok
11:03:52.0268 2072 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:03:52.0268 2072 rdbss - ok
11:03:52.0300 2072 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:03:52.0300 2072 RDPCDD - ok
11:03:52.0315 2072 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:03:52.0331 2072 rdpdr - ok
11:03:52.0331 2072 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:03:52.0331 2072 RDPENCDD - ok
11:03:52.0924 2072 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:03:52.0939 2072 RDPWD - ok
11:03:52.0970 2072 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:03:52.0970 2072 RemoteAccess - ok
11:03:52.0986 2072 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:03:52.0986 2072 RemoteRegistry - ok
11:03:53.0033 2072 [ 7EAE3999B94A8CE60BFBAA83462B89A1 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
11:03:53.0033 2072 rimsptsk - ok
11:03:53.0033 2072 [ FA6D7CD63AD08A01D9259F58E0C5C09E ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
11:03:53.0033 2072 risdptsk - ok
11:03:53.0080 2072 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
11:03:53.0080 2072 RpcLocator - ok
11:03:53.0126 2072 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
11:03:53.0142 2072 RpcSs - ok
11:03:53.0579 2072 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:03:53.0579 2072 rspndr - ok
11:03:53.0626 2072 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
11:03:53.0626 2072 SamSs - ok
11:03:53.0641 2072 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:03:53.0641 2072 sbp2port - ok
11:03:53.0672 2072 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:03:53.0672 2072 SCardSvr - ok
11:03:53.0735 2072 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
11:03:53.0750 2072 Schedule - ok
11:03:53.0797 2072 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:03:53.0797 2072 SCPolicySvc - ok
11:03:53.0860 2072 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:03:53.0860 2072 sdbus - ok
11:03:53.0906 2072 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:03:53.0906 2072 SDRSVC - ok
11:03:53.0922 2072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:03:53.0922 2072 secdrv - ok
11:03:53.0953 2072 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
11:03:53.0953 2072 seclogon - ok
11:03:53.0969 2072 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
11:03:53.0969 2072 SENS - ok
11:03:53.0984 2072 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:03:53.0984 2072 Serenum - ok
11:03:54.0000 2072 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
11:03:54.0016 2072 Serial - ok
11:03:54.0016 2072 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:03:54.0031 2072 sermouse - ok
11:03:54.0047 2072 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
11:03:54.0062 2072 SessionEnv - ok
11:03:54.0109 2072 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
11:03:54.0109 2072 SFEP - ok
11:03:54.0125 2072 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:03:54.0125 2072 sffdisk - ok
11:03:54.0125 2072 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:03:54.0125 2072 sffp_mmc - ok
11:03:54.0140 2072 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:03:54.0156 2072 sffp_sd - ok
11:03:54.0172 2072 [ 40567781F0785C4A69411D1B40DA8987 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:03:54.0172 2072 sfloppy - ok
11:03:54.0187 2072 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:03:54.0203 2072 SharedAccess - ok
11:03:54.0234 2072 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:03:54.0250 2072 ShellHWDetection - ok
11:03:54.0265 2072 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:03:54.0265 2072 SiSRaid2 - ok
11:03:54.0281 2072 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:03:54.0281 2072 SiSRaid4 - ok
11:03:54.0671 2072 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:03:54.0780 2072 Skype C2C Service - ok
11:03:54.0874 2072 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:03:54.0874 2072 SkypeUpdate - ok
11:03:54.0952 2072 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
11:03:55.0076 2072 slsvc - ok
11:03:55.0108 2072 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:03:55.0108 2072 SLUINotify - ok
11:03:55.0139 2072 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:03:55.0139 2072 Smb - ok
11:03:55.0170 2072 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:03:55.0170 2072 SNMPTRAP - ok
11:03:55.0217 2072 [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
11:03:55.0217 2072 SOHCImp - ok
11:03:55.0232 2072 [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
11:03:55.0232 2072 SOHDBSvr - ok
11:03:55.0264 2072 [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
11:03:55.0264 2072 SOHDms - ok
11:03:55.0279 2072 [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
11:03:55.0279 2072 SOHDs - ok
11:03:55.0295 2072 [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
11:03:55.0295 2072 SOHPlMgr - ok
11:03:55.0342 2072 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
11:03:55.0342 2072 spldr - ok
11:03:55.0373 2072 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
11:03:55.0373 2072 Spooler - ok
11:03:55.0420 2072 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
11:03:55.0435 2072 srv - ok
11:03:55.0513 2072 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:03:55.0513 2072 srv2 - ok
11:03:55.0544 2072 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:03:55.0544 2072 srvnet - ok
11:03:55.0591 2072 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:03:55.0591 2072 SSDPSRV - ok
11:03:55.0654 2072 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:03:55.0654 2072 SstpSvc - ok
11:03:55.0700 2072 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
11:03:55.0716 2072 stisvc - ok
11:03:55.0778 2072 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:03:55.0778 2072 swenum - ok
11:03:55.0825 2072 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
11:03:55.0825 2072 swprv - ok
11:03:55.0841 2072 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:03:55.0841 2072 Symc8xx - ok
11:03:55.0856 2072 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:03:55.0856 2072 Sym_hi - ok
11:03:55.0872 2072 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:03:55.0872 2072 Sym_u3 - ok
11:03:55.0950 2072 [ 465E1231ADF3CB6E0BE5372C0FA83462 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:03:55.0950 2072 SynTP - ok
11:03:55.0997 2072 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
11:03:56.0012 2072 SysMain - ok
11:03:56.0044 2072 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:03:56.0044 2072 TabletInputService - ok
11:03:56.0075 2072 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:03:56.0090 2072 TapiSrv - ok
11:03:56.0090 2072 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
11:03:56.0106 2072 TBS - ok
11:03:56.0184 2072 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:03:56.0278 2072 Tcpip - ok
11:03:56.0324 2072 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:03:56.0324 2072 Tcpip6 - ok
11:03:56.0371 2072 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:03:56.0371 2072 tcpipreg - ok
11:03:56.0434 2072 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:03:56.0434 2072 TDPIPE - ok
11:03:56.0449 2072 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:03:56.0449 2072 TDTCP - ok
11:03:56.0480 2072 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:03:56.0480 2072 tdx - ok
11:03:56.0558 2072 [ 95FC7BAD2E32E00788C8E54F9536C835 ] TelevisionFanaticService C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
11:03:56.0558 2072 TelevisionFanaticService - ok
11:03:56.0590 2072 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:03:56.0590 2072 TermDD - ok
11:03:56.0621 2072 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
11:03:56.0652 2072 TermService - ok
11:03:57.0370 2072 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
11:03:57.0370 2072 Themes - ok
11:03:57.0401 2072 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
11:03:57.0401 2072 THREADORDER - ok
11:03:57.0432 2072 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
11:03:57.0432 2072 TrkWks - ok
11:03:57.0479 2072 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:03:57.0479 2072 TrustedInstaller - ok
11:03:57.0510 2072 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:03:57.0510 2072 tssecsrv - ok
11:03:57.0557 2072 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:03:57.0557 2072 tunmp - ok
11:03:57.0619 2072 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:03:57.0619 2072 tunnel - ok
11:03:57.0635 2072 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:03:57.0635 2072 uagp35 - ok
11:03:57.0682 2072 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
11:03:57.0682 2072 uCamMonitor - ok
11:03:57.0697 2072 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:03:57.0713 2072 udfs - ok
11:03:57.0775 2072 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:03:57.0791 2072 UI0Detect - ok
11:03:57.0806 2072 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:03:57.0806 2072 uliagpkx - ok
11:03:57.0853 2072 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:03:57.0869 2072 uliahci - ok
11:03:57.0884 2072 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:03:57.0884 2072 UlSata - ok
11:03:57.0916 2072 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:03:57.0916 2072 ulsata2 - ok
11:03:57.0947 2072 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:03:57.0947 2072 umbus - ok
11:03:57.0962 2072 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
11:03:57.0962 2072 upnphost - ok
11:03:58.0040 2072 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:03:58.0040 2072 USBAAPL64 - ok
11:03:58.0118 2072 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:03:58.0118 2072 usbccgp - ok
11:03:58.0150 2072 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:03:58.0150 2072 usbcir - ok
11:03:58.0165 2072 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:03:58.0165 2072 usbehci - ok
11:03:58.0196 2072 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:03:58.0212 2072 usbhub - ok
11:03:58.0212 2072 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:03:58.0212 2072 usbohci - ok
11:03:58.0243 2072 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:03:58.0243 2072 usbprint - ok
11:03:58.0274 2072 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:03:58.0274 2072 usbscan - ok
11:03:58.0290 2072 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:03:58.0290 2072 USBSTOR - ok
11:03:58.0337 2072 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:03:58.0337 2072 usbuhci - ok
11:03:58.0384 2072 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:03:58.0384 2072 usbvideo - ok
11:03:58.0415 2072 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
11:03:58.0415 2072 UxSms - ok
11:03:58.0493 2072 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
11:03:58.0493 2072 VAIO Entertainment TV Device Arbitration Service - ok
11:03:58.0555 2072 [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
11:03:58.0555 2072 VAIO Event Service - ok
11:03:58.0633 2072 [ B63F63960E7254D9D9ED28474B40EB31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
11:03:58.0633 2072 VAIO Power Management - ok
11:03:58.0820 2072 [ 0ED1D51DCEC67F96CC313D02A1741CF3 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
11:03:58.0930 2072 VCFw - ok
11:03:58.0961 2072 Vcsw - ok
11:03:58.0992 2072 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
11:03:59.0008 2072 vds - ok
11:03:59.0070 2072 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:03:59.0070 2072 vga - ok
11:03:59.0086 2072 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:03:59.0086 2072 VgaSave - ok
11:03:59.0101 2072 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
11:03:59.0101 2072 viaide - ok
11:03:59.0117 2072 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:03:59.0117 2072 volmgr - ok
11:03:59.0164 2072 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:03:59.0164 2072 volmgrx - ok
11:03:59.0210 2072 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:03:59.0210 2072 volsnap - ok
11:03:59.0226 2072 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:03:59.0226 2072 vsmraid - ok
11:03:59.0273 2072 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
11:03:59.0304 2072 VSS - ok
11:03:59.0444 2072 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
11:03:59.0491 2072 VUAgent - ok
11:03:59.0522 2072 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
11:03:59.0538 2072 VzCdbSvc - ok
11:03:59.0569 2072 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
11:03:59.0585 2072 W32Time - ok
11:03:59.0647 2072 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:03:59.0647 2072 WacomPen - ok
11:03:59.0678 2072 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:03:59.0678 2072 Wanarp - ok
11:03:59.0678 2072 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:03:59.0694 2072 Wanarpv6 - ok
11:03:59.0772 2072 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:03:59.0803 2072 wcncsvc - ok
11:03:59.0819 2072 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:03:59.0834 2072 WcsPlugInService - ok
11:03:59.0850 2072 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
11:03:59.0850 2072 Wd - ok
11:03:59.0881 2072 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:03:59.0897 2072 Wdf01000 - ok
11:03:59.0912 2072 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:03:59.0912 2072 WdiServiceHost - ok
11:03:59.0928 2072 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:03:59.0928 2072 WdiSystemHost - ok
11:03:59.0944 2072 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
11:03:59.0944 2072 WebClient - ok
11:03:59.0975 2072 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:03:59.0975 2072 Wecsvc - ok
11:03:59.0990 2072 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:03:59.0990 2072 wercplsupport - ok
11:04:00.0006 2072 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
11:04:00.0006 2072 WerSvc - ok
11:04:00.0068 2072 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:04:00.0084 2072 WimFltr - ok
11:04:00.0100 2072 [ 057B062CF9A11E04DB45B8C3AFC28B11 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:04:00.0131 2072 winachsf - ok
11:04:00.0146 2072 WinDefend - ok
11:04:00.0146 2072 WinHttpAutoProxySvc - ok
11:04:00.0224 2072 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:04:00.0224 2072 Winmgmt - ok
11:04:00.0287 2072 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
11:04:00.0318 2072 WinRM - ok
11:04:00.0412 2072 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:04:00.0427 2072 Wlansvc - ok
11:04:00.0536 2072 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:00.0583 2072 wlidsvc - ok
11:04:00.0646 2072 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:04:00.0646 2072 WmiAcpi - ok
11:04:00.0677 2072 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:04:00.0677 2072 wmiApSrv - ok
11:04:00.0708 2072 WMPNetworkSvc - ok
11:04:00.0739 2072 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:04:00.0739 2072 WPCSvc - ok
11:04:00.0770 2072 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:04:00.0770 2072 WPDBusEnum - ok
11:04:00.0786 2072 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
11:04:00.0802 2072 WpdUsb - ok
11:04:00.0802 2072 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:04:00.0802 2072 ws2ifsl - ok
11:04:00.0848 2072 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
11:04:00.0848 2072 wscsvc - ok
11:04:00.0848 2072 WSearch - ok
11:04:00.0973 2072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:04:01.0051 2072 wuauserv - ok
11:04:01.0114 2072 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:01.0114 2072 WUDFRd - ok
11:04:01.0129 2072 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:04:01.0129 2072 wudfsvc - ok
11:04:01.0160 2072 [ 638C99D993AFAB0E1FAB226E2BBE6D79 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
11:04:01.0160 2072 XAudio - ok
11:04:01.0192 2072 [ 3E775F0BD28DDEFF53D78578B97A3CFF ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
11:04:01.0207 2072 XAudioService - ok
11:04:01.0254 2072 [ 3C5B0410FABA5B1014EEFEEE77E1296A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
11:04:01.0270 2072 yukonx64 - ok
11:04:01.0301 2072 ================ Scan global ===============================
11:04:01.0332 2072 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
11:04:01.0394 2072 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
11:04:01.0410 2072 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
11:04:01.0488 2072 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
11:04:01.0488 2072 [Global] - ok
11:04:01.0488 2072 ================ Scan MBR ==================================
11:04:01.0504 2072 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:04:02.0939 2072 \Device\Harddisk0\DR0 - ok
11:04:02.0939 2072 ================ Scan VBR ==================================
11:04:02.0970 2072 [ C674DFFA101BA0C33F7BA3346117CCDE ] \Device\Harddisk0\DR0\Partition1
11:04:02.0970 2072 \Device\Harddisk0\DR0\Partition1 - ok
11:04:02.0970 2072 ============================================================
11:04:02.0970 2072 Scan finished
11:04:02.0970 2072 ============================================================
11:04:02.0986 2192 Detected object count: 0
11:04:02.0986 2192 Actual detected object count: 0
11:04:19.0194 0452 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 11:04:23
-----------------------------
11:04:23.375 OS Version: Windows x64 6.0.6002 Service Pack 2
11:04:23.375 Number of processors: 2 586 0x170A
11:04:23.375 ComputerName: OLYPIAKOS-PC UserName: OLYPIAKOS
11:04:23.968 Initialize success
15:09:54.544 AVAST engine defs: 12082900
15:11:56.411 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:11:56.411 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
15:11:56.426 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005c
15:11:56.426 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
15:11:56.426 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000005d
15:11:56.426 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
15:11:56.442 Disk 0 MBR read successfully
15:11:56.442 Disk 0 MBR scan
15:11:56.458 Disk 0 Windows VISTA default MBR code
15:11:56.473 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10420 MB offset 2048
15:11:56.489 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228053 MB offset 21342208
15:11:56.520 Disk 0 scanning C:\Windows\system32\drivers
15:12:06.192 Service scanning
15:12:31.526 Modules scanning
15:12:31.526 Disk 0 trace - called modules:
15:12:31.573 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
15:12:31.589 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f8f630]
15:12:31.589 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa800324e680]
15:12:31.604 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003251050]
15:12:33.289 AVAST engine scan C:\Windows
15:12:36.191 AVAST engine scan C:\Windows\system32
15:15:43.906 AVAST engine scan C:\Windows\system32\drivers
15:15:55.574 AVAST engine scan C:\Users\OLYPIAKOS
15:19:25.472 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:19:25.597 The log file has been saved successfully to "F:\aswMBR.txt"


ESET:

C:\Program Files (x86)\FoxTabFlvPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\FoxTabFlvPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.E application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\ShopperReports3\bin\3.0.497.0\CntntCntr.dll a variant of Win32/Adware.Toolbar.Shopper.AD application cleaned by deleting - quarantined
C:\Program Files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll a variant of Win32/Adware.Toolbar.Shopper.AD application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DD7HP8HC\counter[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\VidSaver15_20120508.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\~!#A77B.tmp a variant of Win32/Injector.VDU trojan cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\~!#AECC.tmp Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\~!#B65C.tmp a variant of Win32/Kryptik.AJLR trojan cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\~!#DBBA.tmp Win32/PSW.Delf.OBN trojan cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\ICReinstall\FlvPlayerSetup.exe a variant of Win32/InstallCore.E application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\ICReinstall\FLVPlayerSetup[1].exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\is1972027439\zgInstaller.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\Local\Temp\is2063840535\YontooSetup-DropDownDeals-SilentInstaller.exe a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6aa09632-199ca0f1 a variant of Win32/Injector.RLN trojan deleted - quarantined
C:\Users\OLYPIAKOS\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\A0969CF6.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\Downloads\FlvPlayerSetup.exe a variant of Win32/InstallCore.E application cleaned by deleting - quarantined
C:\Users\OLYPIAKOS\Downloads\mplayer_1193.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined


Thanks

#6 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 29 August 2012 - 05:05 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 kephyr

kephyr

    Member

  • Members
  • PipPip
  • 45 posts

Posted 30 August 2012 - 04:52 PM

Here are the results of the scans:

MiniToolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by OLYPIAKOS (administrator) on 30-08-2012 at 17:37:14
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================












::1 localhost

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Generic Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller = Local Area Connection (Disconnected)
Atheros AR928X Wireless Network Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : OLYPIAKOS-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-2B-EF-48-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b487:27d5:de95:16cd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.18(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 30, 2012 3:55:59 PM
Lease Expires . . . . . . . . . . : Thursday, September 06, 2012 3:56:00 PM
Default Gateway . . . . . . . . . : 10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 268443618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-BC-37-3D-00-1D-BA-EF-26-07
DNS Servers . . . . . . . . . . . : 10.1.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3052:38ea:b3e7:45e5(Preferred)
Link-local IPv6 Address . . . . . : fe80::3052:38ea:b3e7:45e5%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{11CEBE68-0F2A-4D85-A572-A9F918F733EF}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.1.10.1

Name: google.com
Addresses: 2607:f8b0:4006:800::1004
74.125.226.232
74.125.226.226
74.125.226.233
74.125.226.228
74.125.226.227
74.125.226.238
74.125.226.229
74.125.226.224
74.125.226.231
74.125.226.230
74.125.226.225



Pinging google.com [74.125.226.225] with 32 bytes of data:

Reply from 74.125.226.225: bytes=32 time=19ms TTL=54

Reply from 74.125.226.225: bytes=32 time=20ms TTL=54



Ping statistics for 74.125.226.225:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 20ms, Average = 19ms

Server: UnKnown
Address: 10.1.10.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=233ms TTL=50

Reply from 98.139.183.24: bytes=32 time=142ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 142ms, Maximum = 233ms, Average = 187ms

Server: UnKnown
Address: 10.1.10.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2b ef 48 e1 ...... Atheros AR928X Wireless Network Adapter
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.Belkin
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{11CEBE68-0F2A-4D85-A572-A9F918F733EF}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.18 20
10.1.10.0 255.255.255.0 On-link 10.1.10.18 276
10.1.10.18 255.255.255.255 On-link 10.1.10.18 276
10.1.10.255 255.255.255.255 On-link 10.1.10.18 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.10.18 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.10.18 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:4137:9e76:3052:38ea:b3e7:45e5/128
On-link
11 276 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::3052:38ea:b3e7:45e5/128
On-link
11 276 fe80::b487:27d5:de95:16cd/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 03:59:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:59:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 03:57:43 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)


System errors:
=============

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.5)
Apple Mobile Device Support (Version: 5.1.1.4)
Bonjour (Version: 3.0.0.10)
Facebook Plug-In
FoxTab FLV Player
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
iCloud (Version: 1.1.0.40)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.1.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Play65 (Version: Jul_2_2009_17_35_11)
Synaptics Pointing Device Driver (Version: 10.2.7.0)
VAIO Update Merge Module x64 (Version: 5.5.19220)
VAIO Update Merge Module x64 (Version: 5.6.10270)
VAIO Update Merge Module x64 (Version: 5.7.13130)
VD64Inst (Version: 1.00.0000)
VU5x64 (Version: 1.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 2938.25 MB
Available physical RAM: 1182.48 MB
Total Pagefile: 6100.78 MB
Available Pagefile: 4020.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:222.71 GB) (Free:88.23 GB) NTFS
4 Drive f: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.37 GB) FAT32

========================= Users: ========================================

User accounts for \\OLYPIAKOS-PC

Administrator Guest OLYPIAKOS


**** End of log ****


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by OLYPIAKOS (administrator) on 30-08-2012 at 17:39:12
Running from "C:\NHCS Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-05-08 11:04] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 11:29] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 10:39] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 10:40] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-05-08 11:07] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-05-08 11:06] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-05-08 11:07] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-05-08 11:06] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-05-08 11:07] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-05-08 11:04] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-05-08 11:04] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-11 10:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-05-08 11:04] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

ADwCleaner:

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 17:40:16
# Updated 14/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : OLYPIAKOS - OLYPIAKOS-PC
# Boot Mode : Normal
# Running from : C:\NHCS Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Local\Conduit
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Local\Ilivid Player
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Local\Wajam
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Free_TV_Bar
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Free_TV_Bar_c3
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Maps_Bar
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\My_Poco
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Playbryte
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\searchquband
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\Searchqutoolbar
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\ShopperReports3
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\uTorrentControl2
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\LocalLow\vShare
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Roaming\Qwiklinx
Deleted on reboot : C:\Users\OLYPIAKOS\Documents\ShopToWin
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\WeCareReminder
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\Free_TV_Bar
Deleted on reboot : C:\Program Files (x86)\Free_TV_Bar_c3
Deleted on reboot : C:\Program Files (x86)\Ilivid
Deleted on reboot : C:\Program Files (x86)\Maps_Bar
Deleted on reboot : C:\Program Files (x86)\My_Poco
Deleted on reboot : C:\Program Files (x86)\Playbryte
Deleted on reboot : C:\Program Files (x86)\PriceGong
Deleted on reboot : C:\Program Files (x86)\Qwiklinx
Deleted on reboot : C:\Program Files (x86)\Search Toolbar
Deleted on reboot : C:\Program Files (x86)\Searchqu Toolbar
Deleted on reboot : C:\Program Files (x86)\Shop To Win
Deleted on reboot : C:\Program Files (x86)\uTorrentControl2
Deleted on reboot : C:\Program Files (x86)\vShare
Deleted on reboot : C:\Program Files (x86)\Wajam
Deleted on reboot : C:\Program Files (x86)\Yontoo Layers Runtime
Deleted on reboot : C:\Users\OLYPIAKOS\AppData\Local\bearshare
File Deleted : C:\Users\OLYPIAKOS\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\OLYPIA~1\AppData\Local\Temp\searchqutoolbar-manifest.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319576
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2860550
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT421487
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickpotatoliteSA
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Free_TV_Bar
Key Deleted : HKLM\SOFTWARE\Free_TV_Bar_c3
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Maps_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar_c3 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maps_Bar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My_Poco Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Deleted : HKLM\SOFTWARE\My_Poco
Key Deleted : HKLM\SOFTWARE\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0729639-D831-46C9-811B-9B0AA79FB45A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{145B6F08-AD50-406F-873C-B227476F60A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C8DC91-EC90-4778-B498-72BF861CFD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEEFBA7E-D81B-4626-AE50-E1A8C2FC7672}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE337D7B-1447-4780-9A52-48BDAC438235}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{771ACE06-5C31-4C6C-B368-B9850C6FE612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D44C9227-30BD-47D4-8137-95D32189D02A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2F9F4C67-C139-4203-B108-17159F9EA0C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0801C1BC-88BD-40D6-BD58-C4E7B24FB877}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D2A606A-DE79-462C-BF6A-73E23EE3A4D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{800477C0-7A57-452F-A6A5-782C539BCEBB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D83D52D3-652A-4BD1-A977-A96B7E0150A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4ED7BFE-FBAE-4600-9A8B-0D8B59F319E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DD65291-2E0C-4AE8-AF63-4DA5935A2ED1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0729639-D831-46C9-811B-9B0AA79FB45A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE337D7B-1447-4780-9A52-48BDAC438235}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D44C9227-30BD-47D4-8137-95D32189D02A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6C8DC91-EC90-4778-B498-72BF861CFD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEEFBA7E-D81B-4626-AE50-E1A8C2FC7672}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{771ACE06-5C31-4C6C-B368-B9850C6FE612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F9F4C67-C139-4203-B108-17159F9EA0C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0729639-D831-46C9-811B-9B0AA79FB45A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{145B6F08-AD50-406F-873C-B227476F60A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE337D7B-1447-4780-9A52-48BDAC438235}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D44C9227-30BD-47D4-8137-95D32189D02A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0729639-D831-46C9-811B-9B0AA79FB45A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6C8DC91-EC90-4778-B498-72BF861CFD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FEEFBA7E-D81B-4626-AE50-E1A8C2FC7672}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE337D7B-1447-4780-9A52-48BDAC438235}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D44C9227-30BD-47D4-8137-95D32189D02A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F9F4C67-C139-4203-B108-17159F9EA0C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A0729639-D831-46C9-811B-9B0AA79FB45A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE337D7B-1447-4780-9A52-48BDAC438235}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D44C9227-30BD-47D4-8137-95D32189D02A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A0729639-D831-46C9-811B-9B0AA79FB45A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE337D7B-1447-4780-9A52-48BDAC438235}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D44C9227-30BD-47D4-8137-95D32189D02A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D44C9227-30BD-47D4-8137-95D32189D02A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A0729639-D831-46C9-811B-9B0AA79FB45A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE337D7B-1447-4780-9A52-48BDAC438235}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D44C9227-30BD-47D4-8137-95D32189D02A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://vshareus.my-quick-search.com/?hp=df --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.83

File : C:\Users\OLYPIAKOS\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://www.searchnu.com/406",
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/406" ]
Deleted : "name": "Search Results",
Deleted : "search_url": "hxxp://dts.search-results.com/sr?src=crb&appid=394&systemid=406&sr=0&q={searchT[...]
Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT307225[...]
Deleted : "homepage": "hxxp://www.searchnu.com/406",
Deleted : "tips": [ "Click and hold down the back button to see your browsing history.", "Customize G[...]
Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[S1].txt - [24295 octets] - [30/08/2012 17:40:16]

########## EOF - C:\AdwCleaner[S1].txt - [24424 octets] ##########



rkill:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 05:48:41 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\OLYPIAKOS\Desktop\rkill\rkill-08-30-2012-05-48-46.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/30/2012 05:49:04 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)


Thanks for your help

#8 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 30 August 2012 - 08:47 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·