Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trogan i cant seem to shake


  • Please log in to reply
14 replies to this topic

#1 hidaian

hidaian

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 09:06 PM

I have Ran malwarbytes and it detects a trogan, asks me to restart but its there again everytime i reboot and rerun malwarebytes, it says its running in my memory

Its called Trogan.agent c://windows/svchost.exe



20:09:12.0123 3300 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:09:12.0465 3300 ============================================================
20:09:12.0465 3300 Current date / time: 2012/07/30 20:09:12.0465
20:09:12.0465 3300 SystemInfo:
20:09:12.0465 3300
20:09:12.0465 3300 OS Version: 6.1.7601 ServicePack: 1.0
20:09:12.0465 3300 Product type: Workstation
20:09:12.0465 3300 ComputerName: HIDAIAN-PC
20:09:12.0465 3300 UserName: Hidaian
20:09:12.0465 3300 Windows directory: C:\Windows
20:09:12.0465 3300 System windows directory: C:\Windows
20:09:12.0465 3300 Running under WOW64
20:09:12.0465 3300 Processor architecture: Intel x64
20:09:12.0465 3300 Number of processors: 4
20:09:12.0465 3300 Page size: 0x1000
20:09:12.0465 3300 Boot type: Normal boot
20:09:12.0465 3300 ============================================================
20:09:13.0150 3300 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:13.0154 3300 ============================================================
20:09:13.0154 3300 \Device\Harddisk0\DR0:
20:09:13.0154 3300 MBR partitions:
20:09:13.0154 3300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:09:13.0154 3300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
20:09:13.0154 3300 ============================================================
20:09:13.0166 3300 C: <-> \Device\Harddisk0\DR0\Partition1
20:09:13.0166 3300 ============================================================
20:09:13.0166 3300 Initialize success
20:09:13.0166 3300 ============================================================
20:09:45.0535 3208 ============================================================
20:09:45.0535 3208 Scan started
20:09:45.0535 3208 Mode: Manual; TDLFS;
20:09:45.0535 3208 ============================================================
20:09:46.0576 3208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:09:46.0579 3208 1394ohci - ok
20:09:46.0611 3208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:09:46.0614 3208 ACPI - ok
20:09:46.0618 3208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:09:46.0619 3208 AcpiPmi - ok
20:09:46.0698 3208 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:46.0700 3208 AdobeFlashPlayerUpdateSvc - ok
20:09:46.0740 3208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:09:46.0753 3208 adp94xx - ok
20:09:46.0771 3208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:09:46.0775 3208 adpahci - ok
20:09:46.0788 3208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:09:46.0791 3208 adpu320 - ok
20:09:46.0821 3208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:09:46.0822 3208 AeLookupSvc - ok
20:09:46.0867 3208 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:09:46.0880 3208 AFD - ok
20:09:46.0893 3208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:09:46.0894 3208 agp440 - ok
20:09:46.0905 3208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:09:46.0906 3208 ALG - ok
20:09:46.0916 3208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:09:46.0916 3208 aliide - ok
20:09:46.0931 3208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:09:46.0932 3208 amdide - ok
20:09:46.0937 3208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:09:46.0938 3208 AmdK8 - ok
20:09:46.0943 3208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:09:46.0944 3208 AmdPPM - ok
20:09:46.0964 3208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:09:46.0966 3208 amdsata - ok
20:09:46.0975 3208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:09:46.0977 3208 amdsbs - ok
20:09:47.0003 3208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:09:47.0003 3208 amdxata - ok
20:09:47.0042 3208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:09:47.0044 3208 AppID - ok
20:09:47.0052 3208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:09:47.0053 3208 AppIDSvc - ok
20:09:47.0072 3208 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:09:47.0073 3208 Appinfo - ok
20:09:47.0135 3208 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:47.0137 3208 Apple Mobile Device - ok
20:09:47.0148 3208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:09:47.0150 3208 arc - ok
20:09:47.0168 3208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:09:47.0170 3208 arcsas - ok
20:09:47.0195 3208 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
20:09:47.0196 3208 asmthub3 - ok
20:09:47.0229 3208 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
20:09:47.0232 3208 asmtxhci - ok
20:09:47.0278 3208 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:09:47.0279 3208 aspnet_state - ok
20:09:47.0305 3208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:47.0306 3208 AsyncMac - ok
20:09:47.0312 3208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:09:47.0313 3208 atapi - ok
20:09:47.0342 3208 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:47.0351 3208 AudioEndpointBuilder - ok
20:09:47.0359 3208 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:47.0364 3208 AudioSrv - ok
20:09:47.0391 3208 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:09:47.0393 3208 AxInstSV - ok
20:09:47.0423 3208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:09:47.0437 3208 b06bdrv - ok
20:09:47.0533 3208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:47.0537 3208 b57nd60a - ok
20:09:47.0583 3208 BBSvc (6f8638ea0a55d65b03e24f6d1153d8f7) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:09:47.0585 3208 BBSvc - ok
20:09:47.0614 3208 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:09:47.0616 3208 BBUpdate - ok
20:09:47.0636 3208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:09:47.0638 3208 BDESVC - ok
20:09:47.0647 3208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:09:47.0647 3208 Beep - ok
20:09:47.0672 3208 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
20:09:47.0673 3208 BIOS - ok
20:09:47.0683 3208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:47.0684 3208 blbdrive - ok
20:09:47.0735 3208 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:09:47.0739 3208 Bonjour Service - ok
20:09:47.0762 3208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:09:47.0764 3208 bowser - ok
20:09:47.0767 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:09:47.0768 3208 BrFiltLo - ok
20:09:47.0771 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:09:47.0772 3208 BrFiltUp - ok
20:09:47.0785 3208 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:09:47.0787 3208 Browser - ok
20:09:47.0804 3208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:09:47.0809 3208 Brserid - ok
20:09:47.0814 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:47.0815 3208 BrSerWdm - ok
20:09:47.0818 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:47.0819 3208 BrUsbMdm - ok
20:09:47.0823 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:47.0823 3208 BrUsbSer - ok
20:09:47.0829 3208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:09:47.0830 3208 BTHMODEM - ok
20:09:47.0845 3208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:09:47.0846 3208 bthserv - ok
20:09:47.0860 3208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:09:47.0861 3208 cdfs - ok
20:09:47.0881 3208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:09:47.0882 3208 cdrom - ok
20:09:47.0899 3208 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:09:47.0900 3208 CertPropSvc - ok
20:09:47.0903 3208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:09:47.0904 3208 circlass - ok
20:09:47.0921 3208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:09:47.0924 3208 CLFS - ok
20:09:47.0950 3208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:47.0951 3208 clr_optimization_v2.0.50727_32 - ok
20:09:47.0982 3208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:47.0983 3208 clr_optimization_v2.0.50727_64 - ok
20:09:48.0021 3208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:48.0022 3208 clr_optimization_v4.0.30319_32 - ok
20:09:48.0054 3208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:48.0055 3208 clr_optimization_v4.0.30319_64 - ok
20:09:48.0059 3208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:09:48.0059 3208 CmBatt - ok
20:09:48.0072 3208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:09:48.0073 3208 cmdide - ok
20:09:48.0110 3208 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:09:48.0114 3208 CNG - ok
20:09:48.0122 3208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:09:48.0123 3208 Compbatt - ok
20:09:48.0139 3208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:09:48.0140 3208 CompositeBus - ok
20:09:48.0143 3208 COMSysApp - ok
20:09:48.0194 3208 cpuz135 - ok
20:09:48.0217 3208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:09:48.0218 3208 crcdisk - ok
20:09:48.0250 3208 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:09:48.0252 3208 CryptSvc - ok
20:09:48.0287 3208 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:09:48.0293 3208 DcomLaunch - ok
20:09:48.0324 3208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:09:48.0327 3208 defragsvc - ok
20:09:48.0347 3208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:09:48.0348 3208 DfsC - ok
20:09:48.0360 3208 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:09:48.0363 3208 Dhcp - ok
20:09:48.0376 3208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:09:48.0377 3208 discache - ok
20:09:48.0381 3208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:09:48.0382 3208 Disk - ok
20:09:48.0406 3208 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:09:48.0409 3208 Dnscache - ok
20:09:48.0434 3208 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:09:48.0437 3208 dot3svc - ok
20:09:48.0450 3208 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:09:48.0452 3208 DPS - ok
20:09:48.0493 3208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:09:48.0494 3208 drmkaud - ok
20:09:48.0539 3208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:09:48.0546 3208 DXGKrnl - ok
20:09:48.0555 3208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:09:48.0556 3208 EapHost - ok
20:09:48.0660 3208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:09:48.0709 3208 ebdrv - ok
20:09:48.0762 3208 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:09:48.0763 3208 EFS - ok
20:09:48.0832 3208 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:09:48.0837 3208 ehRecvr - ok
20:09:48.0855 3208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:09:48.0856 3208 ehSched - ok
20:09:48.0889 3208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:09:48.0901 3208 elxstor - ok
20:09:48.0916 3208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:09:48.0916 3208 ErrDev - ok
20:09:48.0942 3208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:09:48.0947 3208 EventSystem - ok
20:09:48.0957 3208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:09:48.0960 3208 exfat - ok
20:09:48.0969 3208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:09:48.0972 3208 fastfat - ok
20:09:49.0018 3208 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:09:49.0036 3208 Fax - ok
20:09:49.0046 3208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:09:49.0047 3208 fdc - ok
20:09:49.0058 3208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:09:49.0059 3208 fdPHost - ok
20:09:49.0066 3208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:09:49.0068 3208 FDResPub - ok
20:09:49.0081 3208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:09:49.0082 3208 FileInfo - ok
20:09:49.0091 3208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:09:49.0092 3208 Filetrace - ok
20:09:49.0095 3208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:09:49.0096 3208 flpydisk - ok
20:09:49.0108 3208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:09:49.0111 3208 FltMgr - ok
20:09:49.0164 3208 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:09:49.0180 3208 FontCache - ok
20:09:49.0218 3208 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:49.0219 3208 FontCache3.0.0.0 - ok
20:09:49.0235 3208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:09:49.0237 3208 FsDepends - ok
20:09:49.0251 3208 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:09:49.0252 3208 Fs_Rec - ok
20:09:49.0267 3208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:09:49.0269 3208 fvevol - ok
20:09:49.0287 3208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:09:49.0289 3208 gagp30kx - ok
20:09:49.0318 3208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:49.0319 3208 GEARAspiWDM - ok
20:09:49.0357 3208 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:09:49.0372 3208 gpsvc - ok
20:09:49.0380 3208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:09:49.0381 3208 hcw85cir - ok
20:09:49.0418 3208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:09:49.0422 3208 HdAudAddService - ok
20:09:49.0449 3208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:09:49.0451 3208 HDAudBus - ok
20:09:49.0454 3208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:09:49.0455 3208 HidBatt - ok
20:09:49.0460 3208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:09:49.0461 3208 HidBth - ok
20:09:49.0470 3208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:09:49.0471 3208 HidIr - ok
20:09:49.0475 3208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:09:49.0476 3208 hidserv - ok
20:09:49.0520 3208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:09:49.0521 3208 HidUsb - ok
20:09:49.0555 3208 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
20:09:49.0556 3208 hitmanpro36 - ok
20:09:49.0570 3208 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:09:49.0572 3208 hkmsvc - ok
20:09:49.0600 3208 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:09:49.0604 3208 HomeGroupListener - ok
20:09:49.0638 3208 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:09:49.0642 3208 HomeGroupProvider - ok
20:09:49.0660 3208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:09:49.0662 3208 HpSAMD - ok
20:09:49.0698 3208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:09:49.0715 3208 HTTP - ok
20:09:49.0722 3208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:09:49.0723 3208 hwpolicy - ok
20:09:49.0729 3208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:09:49.0731 3208 i8042prt - ok
20:09:49.0762 3208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:09:49.0768 3208 iaStorV - ok
20:09:49.0817 3208 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:49.0824 3208 idsvc - ok
20:09:49.0836 3208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:09:49.0837 3208 iirsp - ok
20:09:49.0885 3208 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:09:49.0900 3208 IKEEXT - ok
20:09:50.0023 3208 IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
20:09:50.0035 3208 IntcAzAudAddService - ok
20:09:50.0095 3208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:09:50.0096 3208 intelide - ok
20:09:50.0113 3208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:09:50.0114 3208 intelppm - ok
20:09:50.0129 3208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:09:50.0131 3208 IPBusEnum - ok
20:09:50.0140 3208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:50.0141 3208 IpFilterDriver - ok
20:09:50.0147 3208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:09:50.0149 3208 IPMIDRV - ok
20:09:50.0156 3208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:09:50.0157 3208 IPNAT - ok
20:09:50.0256 3208 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:09:50.0263 3208 iPod Service - ok
20:09:50.0287 3208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:09:50.0288 3208 IRENUM - ok
20:09:50.0302 3208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:09:50.0303 3208 isapnp - ok
20:09:50.0326 3208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:09:50.0330 3208 iScsiPrt - ok
20:09:50.0343 3208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:50.0344 3208 kbdclass - ok
20:09:50.0348 3208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:50.0348 3208 kbdhid - ok
20:09:50.0361 3208 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:50.0362 3208 KeyIso - ok
20:09:50.0425 3208 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:09:50.0427 3208 KSecDD - ok
20:09:50.0455 3208 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:09:50.0457 3208 KSecPkg - ok
20:09:50.0466 3208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:09:50.0466 3208 ksthunk - ok
20:09:50.0485 3208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:09:50.0490 3208 KtmRm - ok
20:09:50.0536 3208 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:09:50.0540 3208 LanmanServer - ok
20:09:50.0556 3208 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:09:50.0559 3208 LanmanWorkstation - ok
20:09:50.0568 3208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:09:50.0569 3208 lltdio - ok
20:09:50.0592 3208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:09:50.0596 3208 lltdsvc - ok
20:09:50.0600 3208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:09:50.0601 3208 lmhosts - ok
20:09:50.0674 3208 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:09:50.0676 3208 LMS - ok
20:09:50.0695 3208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:09:50.0697 3208 LSI_FC - ok
20:09:50.0704 3208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:09:50.0706 3208 LSI_SAS - ok
20:09:50.0718 3208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:09:50.0719 3208 LSI_SAS2 - ok
20:09:50.0726 3208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:09:50.0728 3208 LSI_SCSI - ok
20:09:50.0738 3208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:09:50.0739 3208 luafv - ok
20:09:50.0755 3208 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:09:50.0757 3208 Mcx2Svc - ok
20:09:50.0769 3208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:09:50.0770 3208 megasas - ok
20:09:50.0782 3208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:09:50.0786 3208 MegaSR - ok
20:09:50.0800 3208 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:09:50.0800 3208 MEIx64 - ok
20:09:50.0813 3208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:09:50.0815 3208 MMCSS - ok
20:09:50.0824 3208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:09:50.0825 3208 Modem - ok
20:09:50.0836 3208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:09:50.0837 3208 monitor - ok
20:09:50.0841 3208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:09:50.0842 3208 mouclass - ok
20:09:50.0846 3208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:09:50.0846 3208 mouhid - ok
20:09:50.0858 3208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:09:50.0859 3208 mountmgr - ok
20:09:50.0868 3208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:09:50.0870 3208 mpio - ok
20:09:50.0879 3208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:09:50.0880 3208 mpsdrv - ok
20:09:50.0888 3208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:09:50.0890 3208 MRxDAV - ok
20:09:50.0916 3208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:50.0918 3208 mrxsmb - ok
20:09:50.0930 3208 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:50.0934 3208 mrxsmb10 - ok
20:09:50.0955 3208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:50.0957 3208 mrxsmb20 - ok
20:09:50.0961 3208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:09:50.0962 3208 msahci - ok
20:09:50.0969 3208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:09:50.0971 3208 msdsm - ok
20:09:50.0984 3208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:09:50.0987 3208 MSDTC - ok
20:09:51.0004 3208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:09:51.0005 3208 Msfs - ok
20:09:51.0014 3208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:09:51.0015 3208 mshidkmdf - ok
20:09:51.0024 3208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:09:51.0024 3208 msisadrv - ok
20:09:51.0050 3208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:09:51.0053 3208 MSiSCSI - ok
20:09:51.0056 3208 msiserver - ok
20:09:51.0079 3208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:09:51.0080 3208 MSKSSRV - ok
20:09:51.0093 3208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:51.0094 3208 MSPCLOCK - ok
20:09:51.0111 3208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:09:51.0112 3208 MSPQM - ok
20:09:51.0133 3208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:09:51.0137 3208 MsRPC - ok
20:09:51.0145 3208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:09:51.0146 3208 mssmbios - ok
20:09:51.0152 3208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:09:51.0153 3208 MSTEE - ok
20:09:51.0159 3208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:09:51.0160 3208 MTConfig - ok
20:09:51.0165 3208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:09:51.0166 3208 Mup - ok
20:09:51.0212 3208 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:09:51.0226 3208 napagent - ok
20:09:51.0250 3208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:09:51.0254 3208 NativeWifiP - ok
20:09:51.0335 3208 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:09:51.0338 3208 NAUpdate - ok
20:09:51.0391 3208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:09:51.0401 3208 NDIS - ok
20:09:51.0408 3208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:09:51.0409 3208 NdisCap - ok
20:09:51.0413 3208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:51.0413 3208 NdisTapi - ok
20:09:51.0426 3208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:51.0428 3208 Ndisuio - ok
20:09:51.0449 3208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:51.0451 3208 NdisWan - ok
20:09:51.0477 3208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:09:51.0478 3208 NDProxy - ok
20:09:51.0487 3208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:09:51.0488 3208 NetBIOS - ok
20:09:51.0505 3208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:09:51.0509 3208 NetBT - ok
20:09:51.0536 3208 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:51.0537 3208 Netlogon - ok
20:09:51.0560 3208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:09:51.0565 3208 Netman - ok
20:09:51.0618 3208 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0620 3208 NetMsmqActivator - ok
20:09:51.0634 3208 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0635 3208 NetPipeActivator - ok
20:09:51.0675 3208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:09:51.0679 3208 netprofm - ok
20:09:51.0681 3208 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0681 3208 NetTcpActivator - ok
20:09:51.0683 3208 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0684 3208 NetTcpPortSharing - ok
20:09:51.0769 3208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:09:51.0770 3208 nfrd960 - ok
20:09:51.0794 3208 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:09:51.0797 3208 NlaSvc - ok
20:09:51.0799 3208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:09:51.0800 3208 Npfs - ok
20:09:51.0802 3208 npggsvc - ok
20:09:51.0840 3208 npkcft64 - ok
20:09:51.0842 3208 npkuft64 - ok
20:09:51.0849 3208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:09:51.0850 3208 nsi - ok
20:09:51.0854 3208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:09:51.0854 3208 nsiproxy - ok
20:09:51.0915 3208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:09:51.0929 3208 Ntfs - ok
20:09:51.0966 3208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:09:51.0966 3208 Null - ok
20:09:51.0989 3208 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
20:09:51.0990 3208 NVHDA - ok
20:09:52.0390 3208 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:09:52.0437 3208 nvlddmkm - ok
20:09:52.0472 3208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:09:52.0474 3208 nvraid - ok
20:09:52.0486 3208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:09:52.0488 3208 nvstor - ok
20:09:52.0544 3208 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
20:09:52.0562 3208 nvsvc - ok
20:09:52.0643 3208 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:09:52.0657 3208 nvUpdatusService - ok
20:09:52.0693 3208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:09:52.0694 3208 nv_agp - ok
20:09:52.0697 3208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:09:52.0698 3208 ohci1394 - ok
20:09:52.0730 3208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:09:52.0733 3208 p2pimsvc - ok
20:09:52.0755 3208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:09:52.0761 3208 p2psvc - ok
20:09:52.0788 3208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:09:52.0789 3208 Parport - ok
20:09:52.0804 3208 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:09:52.0805 3208 partmgr - ok
20:09:52.0820 3208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:09:52.0823 3208 PcaSvc - ok
20:09:52.0837 3208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:09:52.0839 3208 pci - ok
20:09:52.0844 3208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:09:52.0845 3208 pciide - ok
20:09:52.0860 3208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:09:52.0862 3208 pcmcia - ok
20:09:52.0867 3208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:09:52.0867 3208 pcw - ok
20:09:52.0900 3208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:09:52.0910 3208 PEAUTH - ok
20:09:53.0045 3208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:09:53.0046 3208 PerfHost - ok
20:09:53.0110 3208 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:09:53.0128 3208 pla - ok
20:09:53.0163 3208 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:09:53.0168 3208 PlugPlay - ok
20:09:53.0175 3208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:09:53.0176 3208 PNRPAutoReg - ok
20:09:53.0196 3208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:09:53.0198 3208 PNRPsvc - ok
20:09:53.0237 3208 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:09:53.0249 3208 PolicyAgent - ok
20:09:53.0266 3208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:09:53.0269 3208 Power - ok
20:09:53.0286 3208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:09:53.0288 3208 PptpMiniport - ok
20:09:53.0292 3208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:09:53.0293 3208 Processor - ok
20:09:53.0319 3208 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:09:53.0322 3208 ProfSvc - ok
20:09:53.0353 3208 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:53.0354 3208 ProtectedStorage - ok
20:09:53.0370 3208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:09:53.0371 3208 Psched - ok
20:09:53.0433 3208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:09:53.0457 3208 ql2300 - ok
20:09:53.0503 3208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:09:53.0505 3208 ql40xx - ok
20:09:53.0515 3208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:09:53.0518 3208 QWAVE - ok
20:09:53.0529 3208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:09:53.0530 3208 QWAVEdrv - ok
20:09:53.0553 3208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:09:53.0554 3208 RasAcd - ok
20:09:53.0559 3208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:09:53.0560 3208 RasAgileVpn - ok
20:09:53.0575 3208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:09:53.0578 3208 RasAuto - ok
20:09:53.0593 3208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:53.0594 3208 Rasl2tp - ok
20:09:53.0616 3208 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:09:53.0620 3208 RasMan - ok
20:09:53.0636 3208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:53.0637 3208 RasPppoe - ok
20:09:53.0645 3208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:09:53.0647 3208 RasSstp - ok
20:09:53.0667 3208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:09:53.0671 3208 rdbss - ok
20:09:53.0674 3208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:09:53.0675 3208 rdpbus - ok
20:09:53.0685 3208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:53.0685 3208 RDPCDD - ok
20:09:53.0691 3208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:09:53.0691 3208 RDPENCDD - ok
20:09:53.0700 3208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:09:53.0700 3208 RDPREFMP - ok
20:09:53.0724 3208 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:09:53.0726 3208 RDPWD - ok
20:09:53.0747 3208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:09:53.0749 3208 rdyboost - ok
20:09:53.0764 3208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:09:53.0766 3208 RemoteAccess - ok
20:09:53.0801 3208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:09:53.0804 3208 RemoteRegistry - ok
20:09:53.0815 3208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:09:53.0817 3208 RpcEptMapper - ok
20:09:53.0833 3208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:09:53.0835 3208 RpcLocator - ok
20:09:53.0863 3208 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:09:53.0867 3208 RpcSs - ok
20:09:53.0883 3208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:09:53.0885 3208 rspndr - ok
20:09:53.0929 3208 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:09:53.0932 3208 RTL8167 - ok
20:09:53.0937 3208 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:53.0938 3208 SamSs - ok
20:09:53.0945 3208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:09:53.0947 3208 sbp2port - ok
20:09:53.0963 3208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:09:53.0965 3208 SCardSvr - ok
20:09:53.0974 3208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:09:53.0975 3208 scfilter - ok
20:09:54.0013 3208 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:09:54.0032 3208 Schedule - ok
20:09:54.0054 3208 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:09:54.0055 3208 SCPolicySvc - ok
20:09:54.0068 3208 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:09:54.0070 3208 SDRSVC - ok
20:09:54.0082 3208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:09:54.0083 3208 secdrv - ok
20:09:54.0086 3208 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:09:54.0087 3208 seclogon - ok
20:09:54.0096 3208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:09:54.0098 3208 SENS - ok
20:09:54.0101 3208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:09:54.0103 3208 SensrSvc - ok
20:09:54.0125 3208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:09:54.0125 3208 Serenum - ok
20:09:54.0139 3208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:09:54.0140 3208 Serial - ok
20:09:54.0155 3208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:09:54.0156 3208 sermouse - ok
20:09:54.0177 3208 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:09:54.0179 3208 SessionEnv - ok
20:09:54.0181 3208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:09:54.0182 3208 sffdisk - ok
20:09:54.0184 3208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:09:54.0185 3208 sffp_mmc - ok
20:09:54.0187 3208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:09:54.0187 3208 sffp_sd - ok
20:09:54.0190 3208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:09:54.0191 3208 sfloppy - ok
20:09:54.0213 3208 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:09:54.0217 3208 ShellHWDetection - ok
20:09:54.0231 3208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:09:54.0232 3208 SiSRaid2 - ok
20:09:54.0242 3208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:09:54.0243 3208 SiSRaid4 - ok
20:09:54.0278 3208 sj - ok
20:09:54.0320 3208 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:09:54.0321 3208 SkypeUpdate - ok
20:09:54.0328 3208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:09:54.0330 3208 Smb - ok
20:09:54.0353 3208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:09:54.0355 3208 SNMPTRAP - ok
20:09:54.0364 3208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:09:54.0364 3208 spldr - ok
20:09:54.0397 3208 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:09:54.0417 3208 Spooler - ok
20:09:54.0545 3208 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:09:54.0623 3208 sppsvc - ok
20:09:54.0675 3208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:09:54.0677 3208 sppuinotify - ok
20:09:54.0715 3208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:09:54.0720 3208 srv - ok
20:09:54.0743 3208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:09:54.0748 3208 srv2 - ok
20:09:54.0777 3208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:09:54.0779 3208 srvnet - ok
20:09:54.0796 3208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:09:54.0800 3208 SSDPSRV - ok
20:09:54.0812 3208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:09:54.0815 3208 SstpSvc - ok
20:09:54.0843 3208 Steam Client Service - ok
20:09:54.0919 3208 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:09:54.0922 3208 Stereo Service - ok
20:09:54.0936 3208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:09:54.0937 3208 stexstor - ok
20:09:54.0971 3208 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:09:54.0982 3208 stisvc - ok
20:09:55.0008 3208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:09:55.0008 3208 swenum - ok
20:09:55.0036 3208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:09:55.0049 3208 swprv - ok
20:09:55.0115 3208 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:09:55.0138 3208 SysMain - ok
20:09:55.0167 3208 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:09:55.0170 3208 TabletInputService - ok
20:09:55.0189 3208 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:09:55.0194 3208 TapiSrv - ok
20:09:55.0207 3208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:09:55.0209 3208 TBS - ok
20:09:55.0294 3208 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:09:55.0310 3208 Tcpip - ok
20:09:55.0388 3208 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:09:55.0396 3208 TCPIP6 - ok
20:09:55.0419 3208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:09:55.0420 3208 tcpipreg - ok
20:09:55.0432 3208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:09:55.0433 3208 TDPIPE - ok
20:09:55.0447 3208 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:09:55.0448 3208 TDTCP - ok
20:09:55.0457 3208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:09:55.0459 3208 tdx - ok
20:09:55.0472 3208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:09:55.0473 3208 TermDD - ok
20:09:55.0519 3208 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:09:55.0527 3208 TermService - ok
20:09:55.0547 3208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:09:55.0549 3208 Themes - ok
20:09:55.0564 3208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:09:55.0565 3208 THREADORDER - ok
20:09:55.0594 3208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:09:55.0597 3208 TrkWks - ok
20:09:55.0619 3208 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:09:55.0620 3208 TrustedInstaller - ok
20:09:55.0636 3208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:55.0637 3208 tssecsrv - ok
20:09:55.0646 3208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:09:55.0647 3208 TsUsbFlt - ok
20:09:55.0652 3208 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:09:55.0653 3208 TsUsbGD - ok
20:09:55.0663 3208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:09:55.0664 3208 tunnel - ok
20:09:55.0670 3208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:09:55.0671 3208 uagp35 - ok
20:09:55.0690 3208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:09:55.0695 3208 udfs - ok
20:09:55.0715 3208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:09:55.0717 3208 UI0Detect - ok
20:09:55.0726 3208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:09:55.0727 3208 uliagpkx - ok
20:09:55.0742 3208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:09:55.0743 3208 umbus - ok
20:09:55.0755 3208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:09:55.0756 3208 UmPass - ok
20:09:55.0875 3208 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:09:55.0892 3208 UNS - ok
20:09:55.0931 3208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:09:55.0934 3208 upnphost - ok
20:09:55.0961 3208 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:09:55.0962 3208 USBAAPL64 - ok
20:09:55.0987 3208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:55.0988 3208 usbccgp - ok
20:09:56.0002 3208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:09:56.0004 3208 usbcir - ok
20:09:56.0026 3208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:09:56.0027 3208 usbehci - ok
20:09:56.0040 3208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:09:56.0043 3208 usbhub - ok
20:09:56.0066 3208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:09:56.0067 3208 usbohci - ok
20:09:56.0082 3208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:09:56.0083 3208 usbprint - ok
20:09:56.0111 3208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:56.0112 3208 USBSTOR - ok
20:09:56.0128 3208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:09:56.0129 3208 usbuhci - ok
20:09:56.0145 3208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:09:56.0147 3208 UxSms - ok
20:09:56.0158 3208 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:56.0159 3208 VaultSvc - ok
20:09:56.0171 3208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:09:56.0171 3208 vdrvroot - ok
20:09:56.0211 3208 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:09:56.0223 3208 vds - ok
20:09:56.0238 3208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:56.0239 3208 vga - ok
20:09:56.0252 3208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:09:56.0252 3208 VgaSave - ok
20:09:56.0272 3208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:09:56.0274 3208 vhdmp - ok
20:09:56.0286 3208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:09:56.0287 3208 viaide - ok
20:09:56.0292 3208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:09:56.0293 3208 volmgr - ok
20:09:56.0320 3208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:09:56.0324 3208 volmgrx - ok
20:09:56.0340 3208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:09:56.0343 3208 volsnap - ok
20:09:56.0361 3208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:09:56.0364 3208 vsmraid - ok
20:09:56.0425 3208 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:09:56.0463 3208 VSS - ok
20:09:56.0492 3208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:09:56.0493 3208 vwifibus - ok
20:09:56.0520 3208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:09:56.0525 3208 W32Time - ok
20:09:56.0539 3208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:09:56.0540 3208 WacomPen - ok
20:09:56.0546 3208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:56.0547 3208 WANARP - ok
20:09:56.0550 3208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:56.0551 3208 Wanarpv6 - ok
20:09:56.0646 3208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:09:56.0671 3208 WatAdminSvc - ok
20:09:56.0738 3208 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:09:56.0771 3208 wbengine - ok
20:09:56.0804 3208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:09:56.0807 3208 WbioSrvc - ok
20:09:56.0831 3208 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:09:56.0836 3208 wcncsvc - ok
20:09:56.0851 3208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:09:56.0853 3208 WcsPlugInService - ok
20:09:56.0866 3208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:09:56.0867 3208 Wd - ok
20:09:56.0898 3208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:09:56.0905 3208 Wdf01000 - ok
20:09:56.0911 3208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:09:56.0914 3208 WdiServiceHost - ok
20:09:56.0916 3208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:09:56.0918 3208 WdiSystemHost - ok
20:09:56.0940 3208 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:09:56.0943 3208 WebClient - ok
20:09:56.0957 3208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:09:56.0960 3208 Wecsvc - ok
20:09:56.0969 3208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:09:56.0970 3208 wercplsupport - ok
20:09:56.0983 3208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:09:56.0985 3208 WerSvc - ok
20:09:56.0999 3208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:57.0000 3208 WfpLwf - ok
20:09:57.0002 3208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:09:57.0003 3208 WIMMount - ok
20:09:57.0013 3208 WinHttpAutoProxySvc - ok
20:09:57.0043 3208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:09:57.0045 3208 Winmgmt - ok
20:09:57.0118 3208 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:09:57.0144 3208 WinRM - ok
20:09:57.0188 3208 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:57.0189 3208 WinUsb - ok
20:09:57.0228 3208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:09:57.0242 3208 Wlansvc - ok
20:09:57.0354 3208 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:57.0369 3208 wlidsvc - ok
20:09:57.0388 3208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:09:57.0389 3208 WmiAcpi - ok
20:09:57.0402 3208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:09:57.0405 3208 wmiApSrv - ok
20:09:57.0421 3208 WMPNetworkSvc - ok
20:09:57.0426 3208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:09:57.0427 3208 WPCSvc - ok
20:09:57.0443 3208 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:09:57.0445 3208 WPDBusEnum - ok
20:09:57.0459 3208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:09:57.0459 3208 ws2ifsl - ok
20:09:57.0461 3208 WSearch - ok
20:09:57.0500 3208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:09:57.0502 3208 WudfPf - ok
20:09:57.0516 3208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:57.0518 3208 WUDFRd - ok
20:09:57.0525 3208 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:09:57.0527 3208 wudfsvc - ok
20:09:57.0539 3208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:09:57.0542 3208 WwanSvc - ok
20:09:57.0572 3208 X6va008 - ok
20:09:57.0590 3208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:09:57.0639 3208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:09:57.0639 3208 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:09:57.0681 3208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:57.0681 3208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:09:57.0684 3208 Boot (0x1200) (d21e82291b8ac016687a965b1c50ce92) \Device\Harddisk0\DR0\Partition0
20:09:57.0685 3208 \Device\Harddisk0\DR0\Partition0 - ok
20:09:57.0688 3208 Boot (0x1200) (1dde78ab64080a2602dfdb1fb3e81b65) \Device\Harddisk0\DR0\Partition1
20:09:57.0689 3208 \Device\Harddisk0\DR0\Partition1 - ok
20:09:57.0690 3208 ============================================================
20:09:57.0690 3208 Scan finished
20:09:57.0690 3208 ============================================================
20:09:57.0700 3540 Detected object count: 2
20:09:57.0700 3540 Actual detected object count: 2
20:10:11.0708 3540 \Device\Harddisk0\DR0\# - copied to quarantine
20:10:11.0708 3540 \Device\Harddisk0\DR0 - copied to quarantine
20:10:11.0729 3540 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:10:11.0730 3540 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:10:11.0732 3540 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:10:11.0735 3540 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:10:11.0741 3540 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:10:11.0746 3540 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:10:11.0747 3540 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:10:11.0748 3540 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:10:11.0749 3540 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:10:11.0751 3540 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:10:11.0753 3540 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:10:11.0779 3540 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:10:11.0780 3540 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:10:11.0781 3540 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:10:11.0783 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:10:11.0784 3540 \Device\Harddisk0\DR0 - ok
20:10:11.0792 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:10:11.0792 3540 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:10:11.0793 3540 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:10:25.0936 2800 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 20:18:39
-----------------------------
20:18:39.024 OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:39.024 Number of processors: 4 586 0x2A07
20:18:39.024 ComputerName: HIDAIAN-PC UserName: Hidaian
20:18:40.983 Initialize success
20:19:37.137 AVAST engine defs: 12073100
20:20:13.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:20:13.082 Disk 0 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 3
20:20:13.101 Disk 0 MBR read successfully
20:20:13.104 Disk 0 MBR scan
20:20:13.108 Disk 0 Windows 7 default MBR code
20:20:13.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:20:13.121 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
20:20:13.139 Disk 0 scanning C:\Windows\system32\drivers
20:20:16.895 Service scanning
20:20:28.970 Modules scanning
20:20:28.978 Disk 0 trace - called modules:
20:20:29.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:20:29.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da5060]
20:20:29.012 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007786520]
20:20:29.017 5 ACPI.sys[fffff88000f667a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007760060]
20:20:30.454 AVAST engine scan C:\Windows
20:20:31.860 AVAST engine scan C:\Windows\system32
20:21:54.912 AVAST engine scan C:\Windows\system32\drivers
20:22:00.337 AVAST engine scan C:\Users\Hidaian
20:23:09.935 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
20:23:09.935 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
20:26:21.486 File: C:\Users\Hidaian\AppData\Local\Temp\51DA.tmp **INFECTED** Win32:Alureon-AUN [Trj]
20:27:48.675 File: C:\Users\Hidaian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6f87c2e5-4ae8cd18 **INFECTED** Win32:Karagany-IU [Trj]
20:31:44.328 AVAST engine scan C:\ProgramData
20:35:02.124 Scan finished successfully
21:33:07.308 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
21:33:07.320 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
21:33:19.899 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
21:33:19.902 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
21:33:32.275 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Documents\MBR.dat"
21:33:32.278 The log file has been saved successfully to "C:\Users\Hidaian\Documents\aswMBR.txt"


C:\ProgramData\Microsoft\Windows\DRM\51B9.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\51BA.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Hidaian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6f87c2e5-4ae8cd18 a variant of Win32/Injector.UEZ trojan cleaned by deleting - quarantined
C:\Windows\Installer\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCGHMLA0\script[1].js JS/Agent.NEJ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined


any help would be appreciated

Thanks !

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 30 July 2012 - 09:12 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{25bbb843-78d7-f71c-3ba3-1c5560fd8569}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 30 July 2012 - 09:13 PM.


#3 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 09:44 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:14 on 30/07/2012 by Hidaian
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{ff24043d-55f8-5ce9-a20a-8337d9b4b888}"
No folders found.

-= EOF =-



MiniToolBox by Farbar Version: 23-07-2012
Ran by Hidaian (administrator) on 30-07-2012 at 22:38:18
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Hidaian-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nycap.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : nycap.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-30-67-CB-50-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::78f9:71b1:3c4b:1b2e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 10:32:40 PM
Lease Expires . . . . . . . . . . : Tuesday, July 31, 2012 10:32:39 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234893415
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-89-0E-6D-00-30-67-CB-50-35
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.nycap.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4004:800::1009
74.125.228.72
74.125.228.73
74.125.228.78
74.125.228.64
74.125.228.65
74.125.228.66
74.125.228.67
74.125.228.68
74.125.228.69
74.125.228.70
74.125.228.71


Pinging google.com [74.125.228.104] with 32 bytes of data:
Reply from 74.125.228.104: bytes=32 time=34ms TTL=53
Reply from 74.125.228.104: bytes=32 time=31ms TTL=53

Ping statistics for 74.125.228.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 34ms, Average = 32ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=63ms TTL=52
Reply from 209.191.122.70: bytes=32 time=64ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 64ms, Average = 63ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 30 67 cb 50 35 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.106 276
192.168.1.106 255.255.255.255 On-link 192.168.1.106 276
192.168.1.255 255.255.255.255 On-link 192.168.1.106 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.106 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.106 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::78f9:71b1:3c4b:1b2e/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/30/2012 10:34:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 08:23:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/30/2012 08:23:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/30/2012 08:12:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Hidaian-PC.local already in use; will try Hidaian-PC-2.local instead

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hidaian-PC.local. Addr 192.168.1.106

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.101:5353 4 Hidaian-PC.local. Addr 192.168.1.101

Error: (07/30/2012 07:52:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 07:50:33 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Hidaian-PC.local already in use; will try Hidaian-PC-2.local instead

Error: (07/30/2012 07:50:33 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hidaian-PC.local. Addr 192.168.1.106


System errors:
=============
Error: (07/30/2012 10:33:04 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/30/2012 10:33:04 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/30/2012 10:32:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/30/2012 10:32:43 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/30/2012 10:32:43 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/30/2012 08:56:39 PM) (Source: NetBT) (User: )
Description: The name "HIDAIAN-PC :0" could not be registered on the interface with IP address 192.168.1.106.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.

Error: (07/30/2012 08:56:39 PM) (Source: NetBT) (User: )
Description: The name "HIDAIAN-PC :0" could not be registered on the interface with IP address 192.168.1.106.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.

Error: (07/30/2012 08:53:11 PM) (Source: NetBT) (User: )
Description: The name "HIDAIAN-PC :0" could not be registered on the interface with IP address 192.168.1.106.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.

Error: (07/30/2012 08:53:11 PM) (Source: NetBT) (User: )
Description: The name "HIDAIAN-PC :0" could not be registered on the interface with IP address 192.168.1.106.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.

Error: (07/30/2012 08:47:00 PM) (Source: NetBT) (User: )
Description: The name "HIDAIAN-PC :0" could not be registered on the interface with IP address 192.168.1.106.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (07/30/2012 10:34:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 08:23:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPJQXUGJ\esetsmartinstaller_enu.exe

Error: (07/30/2012 08:23:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPJQXUGJ\esetsmartinstaller_enu.exe

Error: (07/30/2012 08:12:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Hidaian-PC.local already in use; will try Hidaian-PC-2.local instead

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hidaian-PC.local. Addr 192.168.1.106

Error: (07/30/2012 08:11:13 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.101:5353 4 Hidaian-PC.local. Addr 192.168.1.101

Error: (07/30/2012 07:52:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 07:50:33 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Hidaian-PC.local already in use; will try Hidaian-PC-2.local instead

Error: (07/30/2012 07:50:33 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Hidaian-PC.local. Addr 192.168.1.106


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
AIM 7
Akamai NetSession Interface
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.6.9.0)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
AviSynth 2.5
Bandisoft MPEG-1 Decoder
Bing Bar (Version: 7.0.858.0)
Bonjour (Version: 3.0.0.10)
Browse For Change
Curse Client (Version: 5.1.1.370)
D3DX10 (Version: 15.4.2368.0902)
DH Driver Cleaner Professional Edition (Version: Version 1.5)
Diablo III (Version: 1.0.3.10485)
Download Updater (AOL LLC)
ESET Online Scanner v3
EverQuest
iCloud (Version: 1.1.0.40)
Intel® Management Engine Components (Version: 7.0.0.1144)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
Java™ 6 Update 31 (Version: 6.0.310)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Kingdoms of Amalur: Reckoning™
League of Legends (Version: 1.3)
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect™ 3 (Version: 1.01.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BurnRights 10 (Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10900)
Nero Control Center 10 (Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10900)
Nero Core Components 10 (Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10900)
Nero DiscSpeed 10 (Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10900)
Nero Express 10 (Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (Version: 1.0.10900)
Nero InfoTool 10 (Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10900)
Nero MediaHub 10 (Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (Version: 10.0.10300)
Nero StartSmart 10 (Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10900)
Nero Update (Version: 1.0.0018)
Nexon Game Manager
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.1107)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Orcs Must Die!
Origin (Version: 8.5.0.4554)
Pando Media Booster (Version: 2.6.0.1)
Portal 2
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6343)
RIFT
Skype Click to Call (Version: 5.8.8855)
Skype™ 5.9 (Version: 5.9.123)
Spybot - Search & Destroy (Version: 1.6.2)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Super MNC Invitational
System Requirements Lab CYRI (Version: 4.5.1.0)
TeamSpeak 3 Client (Version: 3.0.6)
Terraria
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
USB Driver
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Vindictus
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
World of Warcraft (Version: 4.3.4.15595)
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8173.18 MB
Available physical RAM: 6034.45 MB
Total Pagefile: 16344.55 MB
Available Pagefile: 13836.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:420.6 GB) NTFS

========================= Users: ========================================

User accounts for \\HIDAIAN-PC

Administrator Guest Hidaian
UpdatusUser


**** End of log ****


# AdwCleaner v1.703 - Logfile created 07/30/2012 at 22:40:01
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hidaian - HIDAIAN-PC
# Running from : C:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94M0YE8D\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Hidaian\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Hidaian\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Hidaian\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\extensions\plugin@yontoo.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\prefs.js

C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110014&tt=050412_30b");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "f2140038000000000000003067cb5035");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "f2140038000000000000003067cb5035");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15446");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110014&tt=05041[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:44:57");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=KW_ss&mntrId=[...]

*************************

AdwCleaner[S1].txt - [10246 octets] - [30/07/2012 22:40:01]

########## EOF - C:\AdwCleaner[S1].txt - [10375 octets] ##########


# AdwCleaner v1.703 - Logfile created 07/30/2012 at 22:40:01
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Hidaian - HIDAIAN-PC
# Running from : C:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94M0YE8D\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Hidaian\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Hidaian\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Hidaian\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\extensions\plugin@yontoo.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\prefs.js

C:\Users\Hidaian\AppData\Roaming\Mozilla\Firefox\Profiles\su07po6g.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110014&tt=050412_30b");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "f2140038000000000000003067cb5035");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "f2140038000000000000003067cb5035");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15446");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110014&tt=05041[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:44:57");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110014&tt=050412_30b&babsrc=KW_ss&mntrId=[...]

*************************

AdwCleaner[S1].txt - [10246 octets] - [30/07/2012 22:40:01]

########## EOF - C:\AdwCleaner[S1].txt - [10375 octets] ##########

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 30 July 2012 - 09:46 PM

Can you re run the System look with script again?

#5 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 09:52 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 30/07/2012 by Hidaian
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{25bbb843-78d7-f71c-3ba3-1c5560fd8569}"
C:\Windows\Installer\{25bbb843-78d7-f71c-3ba3-1c5560fd8569} d--hs-- [13:13 11/01/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{25bbb843-78d7-f71c-3ba3-1c5560fd8569} d--hs-- [13:13 11/01/2012]

-= EOF =-

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 30 July 2012 - 10:01 PM

I will wait for MBAM and FSS log before giving further instructions.

#7 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 10:05 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 30/07/2012 by Hidaian
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{25bbb843-78d7-f71c-3ba3-1c5560fd8569}"
C:\Windows\Installer\{25bbb843-78d7-f71c-3ba3-1c5560fd8569} d--hs-- [13:13 11/01/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{25bbb843-78d7-f71c-3ba3-1c5560fd8569} d--hs-- [13:13 11/01/2012]

-= EOF =-

#8 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 10:07 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hidaian :: HIDAIAN-PC [administrator]

7/30/2012 11:05:01 PM
mbam-log-2012-07-30 (23-05-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211588
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 30 July 2012 - 10:07 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


You missed this one

#10 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 10:07 PM

Farbar Service Scanner Version: 26-07-2012
Ran by Hidaian (administrator) on 30-07-2012 at 23:05:39
Running from "C:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPJQXUGJ"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 30 July 2012 - 10:15 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Restart the PC

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}

delete the folders


Download

MpsSvc
BFE
wscsvc
defender
Sharedaccess
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Edited by narenxp, 30 July 2012 - 10:16 PM.


#12 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 July 2012 - 11:04 PM

arbar Service Scanner Version: 26-07-2012
Ran by Hidaian (administrator) on 31-07-2012 at 00:04:02
Running from "C:\Users\Hidaian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPJQXUGJ"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 31 July 2012 - 06:35 AM

Please run the system look again and post the new log

Delete this file

c:\windows\system32\services.exe.old

Do you any current issues?

#14 hidaian

hidaian
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 31 July 2012 - 08:01 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:52 on 31/07/2012 by Hidaian
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{25bbb843-78d7-f71c-3ba3-1c5560fd8569}"
No folders found.

-= EOF =-


Heading to work if i have any issues tonight i will post. Thank you for your help

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:35 AM

Posted 31 July 2012 - 08:15 AM

I could see Firefox hijacked by babylon toolbar

Uninstall firefox ,makesure to checkmark Remove my personal data option

Reinstall firefox

Uninstall ask toolbar

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users