Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with W32/Patched.UB Help pls!


  • Please log in to reply
14 replies to this topic

#1 marts_8

marts_8

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 August 2012 - 06:18 AM

im infected just now with W32/Patched.UB in file C:\Windows\System 32\services.exe Avira detected it and i have not done anything yet to remove it. Im using Win Vista service pack 2. help please!!!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:39 PM

Posted 01 August 2012 - 06:25 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 August 2012 - 06:27 AM

ok, will do it now. THanks!

#4 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 August 2012 - 06:39 AM

TDSSKiller log: other logs to follow



19:28:40.0747 2612 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:28:41.0804 2612 ============================================================
19:28:41.0804 2612 Current date / time: 2012/08/01 19:28:41.0804
19:28:41.0804 2612 SystemInfo:
19:28:41.0804 2612
19:28:41.0805 2612 OS Version: 6.0.6002 ServicePack: 2.0
19:28:41.0805 2612 Product type: Workstation
19:28:41.0805 2612 ComputerName: USER
19:28:41.0805 2612 UserName: user
19:28:41.0805 2612 Windows directory: C:\Windows
19:28:41.0805 2612 System windows directory: C:\Windows
19:28:41.0805 2612 Processor architecture: Intel x86
19:28:41.0805 2612 Number of processors: 2
19:28:41.0805 2612 Page size: 0x1000
19:28:41.0805 2612 Boot type: Normal boot
19:28:41.0805 2612 ============================================================
19:28:43.0084 2612 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:43.0087 2612 ============================================================
19:28:43.0087 2612 \Device\Harddisk0\DR0:
19:28:43.0087 2612 MBR partitions:
19:28:43.0087 2612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00
19:28:43.0115 2612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47
19:28:43.0115 2612 ============================================================
19:28:43.0166 2612 C: <-> \Device\Harddisk0\DR0\Partition0
19:28:43.0326 2612 D: <-> \Device\Harddisk0\DR0\Partition1
19:28:43.0326 2612 ============================================================
19:28:43.0326 2612 Initialize success
19:28:43.0326 2612 ============================================================
19:28:56.0711 2584 ============================================================
19:28:56.0711 2584 Scan started
19:28:56.0711 2584 Mode: Manual; TDLFS;
19:28:56.0711 2584 ============================================================
19:28:57.0344 2584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:28:57.0346 2584 ACPI - ok
19:28:57.0403 2584 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
19:28:57.0414 2584 adfs - ok
19:28:57.0499 2584 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:28:57.0503 2584 adp94xx - ok
19:28:57.0541 2584 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:28:57.0588 2584 adpahci - ok
19:28:57.0634 2584 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:28:57.0635 2584 adpu160m - ok
19:28:57.0695 2584 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:28:57.0696 2584 adpu320 - ok
19:28:57.0841 2584 ADSMService (7ffb991d5d5a833df7a203c0b75bb2cf) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
19:28:57.0843 2584 ADSMService - ok
19:28:57.0866 2584 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:28:57.0872 2584 AeLookupSvc - ok
19:28:57.0946 2584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:28:57.0948 2584 AFD - ok
19:28:58.0000 2584 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:28:58.0001 2584 agp440 - ok
19:28:58.0030 2584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:28:58.0031 2584 aic78xx - ok
19:28:58.0055 2584 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:28:58.0056 2584 ALG - ok
19:28:58.0070 2584 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:28:58.0078 2584 aliide - ok
19:28:58.0109 2584 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:28:58.0110 2584 amdagp - ok
19:28:58.0128 2584 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:28:58.0134 2584 amdide - ok
19:28:58.0147 2584 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:28:58.0148 2584 AmdK7 - ok
19:28:58.0165 2584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:28:58.0166 2584 AmdK8 - ok
19:28:58.0239 2584 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:28:58.0240 2584 AntiVirSchedulerService - ok
19:28:58.0309 2584 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:28:58.0310 2584 AntiVirService - ok
19:28:58.0364 2584 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:28:58.0370 2584 Appinfo - ok
19:28:58.0430 2584 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:28:58.0437 2584 arc - ok
19:28:58.0503 2584 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:28:58.0510 2584 arcsas - ok
19:28:58.0641 2584 AsDsm (588fd2a3222cb53a15c06d6329c21e8c) C:\Windows\system32\drivers\AsDsm.sys
19:28:58.0647 2584 AsDsm - ok
19:28:58.0732 2584 ASLDRService (f938371ad29da0f22d3745130fccef1a) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
19:28:58.0733 2584 ASLDRService - ok
19:28:58.0757 2584 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
19:28:58.0763 2584 ASMMAP - ok
19:28:58.0798 2584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:58.0803 2584 AsyncMac - ok
19:28:58.0840 2584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:28:58.0841 2584 atapi - ok
19:28:58.0924 2584 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
19:28:58.0954 2584 athr - ok
19:28:59.0022 2584 Ati External Event Utility (168cbac9512edfa034e7c8a0333ec4de) C:\Windows\system32\Ati2evxx.exe
19:28:59.0046 2584 Ati External Event Utility - ok
19:28:59.0255 2584 atikmdag (e1696e95447c87de1e37e854db91028c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:28:59.0352 2584 atikmdag - ok
19:28:59.0433 2584 ATKGFNEXSrv (b01ee08c931f012f3327bee9c3f96c34) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
19:28:59.0434 2584 ATKGFNEXSrv - ok
19:28:59.0543 2584 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:28:59.0571 2584 AudioEndpointBuilder - ok
19:28:59.0577 2584 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:28:59.0581 2584 Audiosrv - ok
19:28:59.0674 2584 Autorun CDROM Monitor (924c533bc0dcd205f2f868f3ae771fcb) C:\Windows\system32\SupportAppXL\cdrom_mon.exe
19:28:59.0682 2584 Autorun CDROM Monitor - ok
19:28:59.0753 2584 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:28:59.0754 2584 avgntflt - ok
19:28:59.0821 2584 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:28:59.0823 2584 avipbb - ok
19:28:59.0855 2584 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:28:59.0856 2584 avkmgr - ok
19:28:59.0902 2584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:28:59.0907 2584 Beep - ok
19:28:59.0996 2584 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:29:00.0016 2584 BITS - ok
19:29:00.0038 2584 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:29:00.0039 2584 blbdrive - ok
19:29:00.0113 2584 Bonjour Service (a50a49c3864b0085befb3675b9a93baf) C:\Program Files\Bonjour\mDNSResponder.exe
19:29:00.0115 2584 Bonjour Service - ok
19:29:00.0159 2584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:29:00.0160 2584 bowser - ok
19:29:00.0211 2584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:29:00.0218 2584 BrFiltLo - ok
19:29:00.0228 2584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:29:00.0233 2584 BrFiltUp - ok
19:29:00.0267 2584 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:29:00.0274 2584 Browser - ok
19:29:00.0293 2584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:29:00.0295 2584 Brserid - ok
19:29:00.0313 2584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:29:00.0319 2584 BrSerWdm - ok
19:29:00.0337 2584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:29:00.0343 2584 BrUsbMdm - ok
19:29:00.0359 2584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:29:00.0365 2584 BrUsbSer - ok
19:29:00.0408 2584 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:29:00.0409 2584 BthEnum - ok
19:29:00.0452 2584 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:00.0453 2584 BTHMODEM - ok
19:29:00.0494 2584 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:29:00.0495 2584 BthPan - ok
19:29:00.0550 2584 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:29:00.0606 2584 BTHPORT - ok
19:29:00.0681 2584 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:29:00.0682 2584 BthServ - ok
19:29:00.0698 2584 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:29:00.0703 2584 BTHUSB - ok
19:29:00.0747 2584 btwaudio (463483285b2d2d345443aaee7b9391e7) C:\Windows\system32\drivers\btwaudio.sys
19:29:00.0748 2584 btwaudio - ok
19:29:00.0785 2584 btwavdt (4f82b6173ef8637cb26cf4e73b90f172) C:\Windows\system32\drivers\btwavdt.sys
19:29:00.0786 2584 btwavdt - ok
19:29:00.0890 2584 btwdins (81f3e267af851f9b59a76e93499661c3) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
19:29:00.0904 2584 btwdins - ok
19:29:00.0951 2584 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:29:00.0957 2584 btwl2cap - ok
19:29:00.0973 2584 btwrchid (f771034f5b59a4a5054a2fa6f4e9f28b) C:\Windows\system32\DRIVERS\btwrchid.sys
19:29:00.0980 2584 btwrchid - ok
19:29:01.0017 2584 catchme - ok
19:29:01.0066 2584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:29:01.0068 2584 cdfs - ok
19:29:01.0098 2584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:29:01.0099 2584 cdrom - ok
19:29:01.0126 2584 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:29:01.0127 2584 CertPropSvc - ok
19:29:01.0151 2584 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:29:01.0152 2584 circlass - ok
19:29:01.0190 2584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:29:01.0208 2584 CLFS - ok
19:29:01.0257 2584 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:01.0295 2584 clr_optimization_v2.0.50727_32 - ok
19:29:01.0404 2584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:01.0459 2584 clr_optimization_v4.0.30319_32 - ok
19:29:01.0565 2584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:01.0570 2584 CmBatt - ok
19:29:01.0598 2584 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:29:01.0607 2584 cmdide - ok
19:29:01.0630 2584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:29:01.0631 2584 Compbatt - ok
19:29:01.0637 2584 COMSysApp - ok
19:29:01.0649 2584 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:29:01.0651 2584 crcdisk - ok
19:29:01.0681 2584 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\Windows\system32\DRIVERS\CRFILTER.sys
19:29:01.0686 2584 CRFILTER - ok
19:29:01.0711 2584 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:29:01.0712 2584 Crusoe - ok
19:29:01.0782 2584 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:29:01.0784 2584 CryptSvc - ok
19:29:01.0840 2584 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:29:01.0842 2584 ctxusbm - ok
19:29:01.0892 2584 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:29:01.0919 2584 DcomLaunch - ok
19:29:01.0984 2584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:29:01.0986 2584 DfsC - ok
19:29:02.0092 2584 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:29:02.0137 2584 DFSR - ok
19:29:02.0247 2584 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:29:02.0252 2584 Dhcp - ok
19:29:02.0282 2584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:29:02.0283 2584 disk - ok
19:29:02.0353 2584 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:29:02.0362 2584 Dnscache - ok
19:29:02.0399 2584 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:29:02.0402 2584 dot3svc - ok
19:29:02.0449 2584 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:29:02.0452 2584 DPS - ok
19:29:02.0488 2584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:29:02.0494 2584 drmkaud - ok
19:29:02.0580 2584 DvmMDES (9517020b510b82fad016967140c0b582) C:\ASUS.SYS\DVMExportService.exe
19:29:02.0583 2584 DvmMDES - ok
19:29:02.0645 2584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:29:02.0678 2584 DXGKrnl - ok
19:29:02.0704 2584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:29:02.0706 2584 E1G60 - ok
19:29:02.0741 2584 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:29:02.0751 2584 EapHost - ok
19:29:02.0798 2584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:29:02.0800 2584 Ecache - ok
19:29:02.0847 2584 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:29:02.0851 2584 ehRecvr - ok
19:29:02.0871 2584 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:29:02.0873 2584 ehSched - ok
19:29:02.0884 2584 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:29:02.0885 2584 ehstart - ok
19:29:02.0942 2584 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:29:02.0954 2584 elxstor - ok
19:29:03.0013 2584 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:29:03.0036 2584 EMDMgmt - ok
19:29:03.0079 2584 EMNG2USB (739b948c5c6ea11414e8bbb899c6c768) C:\Windows\system32\drivers\emng2usb.sys
19:29:03.0084 2584 EMNG2USB - ok
19:29:03.0114 2584 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:29:03.0119 2584 ErrDev - ok
19:29:03.0166 2584 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:29:03.0173 2584 EventSystem - ok
19:29:03.0216 2584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:29:03.0229 2584 exfat - ok
19:29:03.0262 2584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:29:03.0273 2584 fastfat - ok
19:29:03.0305 2584 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:29:03.0306 2584 fdc - ok
19:29:03.0341 2584 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:29:03.0344 2584 fdPHost - ok
19:29:03.0354 2584 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:29:03.0356 2584 FDResPub - ok
19:29:03.0398 2584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:29:03.0399 2584 FileInfo - ok
19:29:03.0407 2584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:29:03.0409 2584 Filetrace - ok
19:29:03.0496 2584 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:29:03.0519 2584 FLEXnet Licensing Service - ok
19:29:03.0555 2584 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:03.0562 2584 flpydisk - ok
19:29:03.0625 2584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:29:03.0628 2584 FltMgr - ok
19:29:03.0740 2584 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:29:03.0761 2584 FontCache - ok
19:29:03.0825 2584 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:29:03.0826 2584 FontCache3.0.0.0 - ok
19:29:03.0875 2584 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:29:03.0881 2584 Fs_Rec - ok
19:29:03.0910 2584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:29:03.0918 2584 gagp30kx - ok
19:29:04.0030 2584 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:29:04.0032 2584 GoogleDesktopManager-051210-111108 - ok
19:29:04.0080 2584 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:29:04.0105 2584 gpsvc - ok
19:29:04.0158 2584 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:29:04.0160 2584 gupdate - ok
19:29:04.0179 2584 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:29:04.0181 2584 gupdatem - ok
19:29:04.0222 2584 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:29:04.0224 2584 gusvc - ok
19:29:04.0284 2584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:29:04.0287 2584 HdAudAddService - ok
19:29:04.0345 2584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:29:04.0360 2584 HDAudBus - ok
19:29:04.0404 2584 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
19:29:04.0410 2584 HidBth - ok
19:29:04.0425 2584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:29:04.0427 2584 HidIr - ok
19:29:04.0477 2584 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:29:04.0485 2584 hidserv - ok
19:29:04.0512 2584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:29:04.0518 2584 HidUsb - ok
19:29:04.0541 2584 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:29:04.0550 2584 hkmsvc - ok
19:29:04.0587 2584 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:29:04.0589 2584 HpCISSs - ok
19:29:04.0644 2584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:29:04.0650 2584 HTTP - ok
19:29:04.0665 2584 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:29:04.0671 2584 i2omp - ok
19:29:04.0726 2584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:29:04.0728 2584 i8042prt - ok
19:29:04.0760 2584 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:29:04.0764 2584 iaStorV - ok
19:29:04.0876 2584 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:29:04.0878 2584 IDriverT - ok
19:29:04.0975 2584 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:29:05.0038 2584 idsvc - ok
19:29:05.0056 2584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:29:05.0057 2584 iirsp - ok
19:29:05.0138 2584 IJPLMSVC (23ffb66e90a0daf022b08872d30726df) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
19:29:05.0139 2584 IJPLMSVC - ok
19:29:05.0198 2584 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:29:05.0227 2584 IKEEXT - ok
19:29:05.0440 2584 IntcAzAudAddService (50cfd8fe34ae9659b8566a51b6dfdcf3) C:\Windows\system32\drivers\RTKVHDA.sys
19:29:05.0525 2584 IntcAzAudAddService - ok
19:29:05.0622 2584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:29:05.0631 2584 intelide - ok
19:29:05.0659 2584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:29:05.0661 2584 intelppm - ok
19:29:05.0695 2584 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:29:05.0698 2584 IPBusEnum - ok
19:29:05.0717 2584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:05.0729 2584 IpFilterDriver - ok
19:29:05.0735 2584 IpInIp - ok
19:29:05.0756 2584 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:29:05.0766 2584 IPMIDRV - ok
19:29:05.0786 2584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:29:05.0788 2584 IPNAT - ok
19:29:05.0813 2584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:29:05.0819 2584 IRENUM - ok
19:29:05.0841 2584 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:29:05.0843 2584 isapnp - ok
19:29:05.0908 2584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:29:05.0910 2584 iScsiPrt - ok
19:29:05.0941 2584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:29:05.0943 2584 iteatapi - ok
19:29:05.0966 2584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:29:05.0968 2584 iteraid - ok
19:29:05.0990 2584 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:05.0992 2584 kbdclass - ok
19:29:06.0056 2584 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:06.0061 2584 kbdhid - ok
19:29:06.0100 2584 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:29:06.0107 2584 kbfiltr - ok
19:29:06.0153 2584 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:29:06.0156 2584 KeyIso - ok
19:29:06.0194 2584 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:29:06.0222 2584 KSecDD - ok
19:29:06.0282 2584 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:29:06.0290 2584 KtmRm - ok
19:29:06.0349 2584 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:29:06.0362 2584 LanmanServer - ok
19:29:06.0399 2584 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:29:06.0413 2584 LanmanWorkstation - ok
19:29:06.0519 2584 LightScribeService (9a571e2e184d059d9bd9fb60a4ea00cf) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:29:06.0520 2584 LightScribeService - ok
19:29:06.0561 2584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:29:06.0567 2584 lltdio - ok
19:29:06.0600 2584 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:29:06.0604 2584 lltdsvc - ok
19:29:06.0635 2584 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:29:06.0642 2584 lmhosts - ok
19:29:06.0727 2584 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:29:06.0736 2584 LSI_FC - ok
19:29:06.0764 2584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:29:06.0765 2584 LSI_SAS - ok
19:29:06.0801 2584 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:29:06.0810 2584 LSI_SCSI - ok
19:29:06.0839 2584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:29:06.0841 2584 luafv - ok
19:29:06.0869 2584 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
19:29:06.0876 2584 lullaby - ok
19:29:06.0914 2584 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:29:06.0917 2584 Mcx2Svc - ok
19:29:06.0962 2584 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:29:06.0969 2584 megasas - ok
19:29:07.0006 2584 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:29:07.0013 2584 MegaSR - ok
19:29:07.0033 2584 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:29:07.0041 2584 MMCSS - ok
19:29:07.0060 2584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:29:07.0066 2584 Modem - ok
19:29:07.0099 2584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:29:07.0100 2584 monitor - ok
19:29:07.0121 2584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:29:07.0123 2584 mouclass - ok
19:29:07.0135 2584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:29:07.0141 2584 mouhid - ok
19:29:07.0157 2584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:29:07.0159 2584 MountMgr - ok
19:29:07.0282 2584 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:29:07.0291 2584 MozillaMaintenance - ok
19:29:07.0305 2584 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:29:07.0307 2584 mpio - ok
19:29:07.0336 2584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:29:07.0343 2584 mpsdrv - ok
19:29:07.0358 2584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:29:07.0360 2584 Mraid35x - ok
19:29:07.0394 2584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:29:07.0403 2584 MRxDAV - ok
19:29:07.0450 2584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:07.0452 2584 mrxsmb - ok
19:29:07.0506 2584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:07.0509 2584 mrxsmb10 - ok
19:29:07.0524 2584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:07.0533 2584 mrxsmb20 - ok
19:29:07.0566 2584 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:29:07.0572 2584 msahci - ok
19:29:07.0599 2584 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:29:07.0608 2584 msdsm - ok
19:29:07.0644 2584 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:29:07.0648 2584 MSDTC - ok
19:29:07.0665 2584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:29:07.0671 2584 Msfs - ok
19:29:07.0702 2584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:29:07.0709 2584 msisadrv - ok
19:29:07.0737 2584 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:29:07.0747 2584 MSiSCSI - ok
19:29:07.0753 2584 msiserver - ok
19:29:07.0781 2584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:29:07.0787 2584 MSKSSRV - ok
19:29:07.0808 2584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:07.0814 2584 MSPCLOCK - ok
19:29:07.0831 2584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:29:07.0839 2584 MSPQM - ok
19:29:07.0864 2584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:29:07.0878 2584 MsRPC - ok
19:29:07.0926 2584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:29:07.0928 2584 mssmbios - ok
19:29:07.0951 2584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:29:07.0957 2584 MSTEE - ok
19:29:08.0198 2584 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
19:29:08.0272 2584 msvsmon90 - ok
19:29:08.0350 2584 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
19:29:08.0355 2584 MTsensor - ok
19:29:08.0387 2584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:29:08.0394 2584 Mup - ok
19:29:08.0431 2584 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:29:08.0439 2584 napagent - ok
19:29:08.0525 2584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:29:08.0527 2584 NativeWifiP - ok
19:29:08.0583 2584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:29:08.0616 2584 NDIS - ok
19:29:08.0649 2584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:08.0651 2584 NdisTapi - ok
19:29:08.0661 2584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:08.0667 2584 Ndisuio - ok
19:29:08.0707 2584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:08.0710 2584 NdisWan - ok
19:29:08.0731 2584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:29:08.0742 2584 NDProxy - ok
19:29:08.0759 2584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:29:08.0762 2584 NetBIOS - ok
19:29:08.0794 2584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:29:08.0797 2584 netbt - ok
19:29:08.0840 2584 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:29:08.0843 2584 Netlogon - ok
19:29:08.0868 2584 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:29:08.0975 2584 Netman - ok
19:29:08.0997 2584 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:29:09.0004 2584 netprofm - ok
19:29:09.0073 2584 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:29:09.0084 2584 NetTcpPortSharing - ok
19:29:09.0113 2584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:29:09.0120 2584 nfrd960 - ok
19:29:09.0148 2584 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:29:09.0153 2584 NlaSvc - ok
19:29:09.0217 2584 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
19:29:09.0223 2584 nmwcd - ok
19:29:09.0261 2584 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
19:29:09.0262 2584 nmwcdc - ok
19:29:09.0316 2584 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\Windows\system32\drivers\nmwcdnsu.sys
19:29:09.0318 2584 nmwcdnsu - ok
19:29:09.0389 2584 Normandy (725c122397718b813d0e8249ea638cd6) C:\Windows\system32\drivers\Normandy.sys
19:29:09.0399 2584 Normandy - ok
19:29:09.0430 2584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:29:09.0437 2584 Npfs - ok
19:29:09.0455 2584 npggsvc - ok
19:29:09.0492 2584 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:29:09.0502 2584 nsi - ok
19:29:09.0527 2584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:29:09.0534 2584 nsiproxy - ok
19:29:09.0615 2584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:29:09.0710 2584 Ntfs - ok
19:29:09.0734 2584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:29:09.0736 2584 ntrigdigi - ok
19:29:09.0761 2584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:29:09.0767 2584 Null - ok
19:29:09.0791 2584 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:29:09.0793 2584 nvraid - ok
19:29:09.0816 2584 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:29:09.0823 2584 nvstor - ok
19:29:09.0847 2584 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:29:09.0849 2584 nv_agp - ok
19:29:09.0854 2584 NwlnkFlt - ok
19:29:09.0864 2584 NwlnkFwd - ok
19:29:10.0014 2584 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:29:10.0021 2584 odserv - ok
19:29:10.0089 2584 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:29:10.0098 2584 ohci1394 - ok
19:29:10.0189 2584 OracleDBConsoleORCL - ok
19:29:10.0269 2584 OracleDBConsoleTIFFDB - ok
19:29:10.0326 2584 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:10.0336 2584 ose - ok
19:29:10.0394 2584 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:29:10.0430 2584 p2pimsvc - ok
19:29:10.0441 2584 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:29:10.0450 2584 p2psvc - ok
19:29:10.0517 2584 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
19:29:10.0523 2584 PalmUSBD - ok
19:29:10.0551 2584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:29:10.0558 2584 Parport - ok
19:29:10.0597 2584 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:29:10.0599 2584 partmgr - ok
19:29:10.0622 2584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:29:10.0628 2584 Parvdm - ok
19:29:10.0655 2584 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:29:10.0666 2584 PcaSvc - ok
19:29:10.0711 2584 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:29:10.0713 2584 pccsmcfd - ok
19:29:10.0747 2584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:29:10.0751 2584 pci - ok
19:29:10.0793 2584 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:29:10.0799 2584 pciide - ok
19:29:10.0830 2584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:29:10.0833 2584 pcmcia - ok
19:29:10.0897 2584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:29:10.0969 2584 PEAUTH - ok
19:29:11.0067 2584 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:29:11.0124 2584 pla - ok
19:29:11.0200 2584 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:29:11.0219 2584 PlugPlay - ok
19:29:11.0272 2584 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:29:11.0281 2584 PNRPAutoReg - ok
19:29:11.0292 2584 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:29:11.0301 2584 PNRPsvc - ok
19:29:11.0324 2584 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:29:11.0352 2584 PolicyAgent - ok
19:29:11.0470 2584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:11.0477 2584 PptpMiniport - ok
19:29:11.0503 2584 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:29:11.0505 2584 Processor - ok
19:29:11.0550 2584 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:29:11.0555 2584 ProfSvc - ok
19:29:11.0600 2584 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:29:11.0603 2584 ProtectedStorage - ok
19:29:11.0633 2584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:29:11.0635 2584 PSched - ok
19:29:11.0660 2584 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:29:11.0662 2584 PxHelp20 - ok
19:29:11.0733 2584 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:29:11.0763 2584 ql2300 - ok
19:29:11.0791 2584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:29:11.0793 2584 ql40xx - ok
19:29:11.0836 2584 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:29:11.0843 2584 QWAVE - ok
19:29:11.0863 2584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:29:11.0869 2584 QWAVEdrv - ok
19:29:11.0886 2584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:11.0891 2584 RasAcd - ok
19:29:11.0956 2584 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:29:11.0961 2584 RasAuto - ok
19:29:12.0037 2584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:12.0039 2584 Rasl2tp - ok
19:29:12.0213 2584 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:29:12.0245 2584 RasMan - ok
19:29:12.0278 2584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:12.0280 2584 RasPppoe - ok
19:29:12.0292 2584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:12.0294 2584 RasSstp - ok
19:29:12.0319 2584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:12.0324 2584 rdbss - ok
19:29:12.0340 2584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:12.0346 2584 RDPCDD - ok
19:29:12.0379 2584 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:29:12.0382 2584 rdpdr - ok
19:29:12.0389 2584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:29:12.0395 2584 RDPENCDD - ok
19:29:12.0451 2584 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:29:12.0465 2584 RDPWD - ok
19:29:12.0489 2584 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:29:12.0493 2584 RemoteAccess - ok
19:29:12.0529 2584 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:29:12.0534 2584 RemoteRegistry - ok
19:29:12.0603 2584 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:12.0606 2584 RFCOMM - ok
19:29:12.0633 2584 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:29:12.0636 2584 RpcLocator - ok
19:29:12.0686 2584 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:29:12.0695 2584 RpcSs - ok
19:29:12.0729 2584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:12.0731 2584 rspndr - ok
19:29:12.0756 2584 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
19:29:12.0758 2584 RTHDMIAzAudService - ok
19:29:12.0804 2584 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:29:12.0808 2584 SamSs - ok
19:29:12.0835 2584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:29:12.0837 2584 sbp2port - ok
19:29:12.0881 2584 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:29:12.0886 2584 SCardSvr - ok
19:29:12.0999 2584 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:29:13.0022 2584 Schedule - ok
19:29:13.0041 2584 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:29:13.0042 2584 SCPolicySvc - ok
19:29:13.0093 2584 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:29:13.0095 2584 sdbus - ok
19:29:13.0128 2584 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:29:13.0134 2584 SDRSVC - ok
19:29:13.0151 2584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:29:13.0159 2584 secdrv - ok
19:29:13.0167 2584 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:29:13.0176 2584 seclogon - ok
19:29:13.0195 2584 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:29:13.0200 2584 SENS - ok
19:29:13.0217 2584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:29:13.0223 2584 Serenum - ok
19:29:13.0241 2584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:29:13.0244 2584 Serial - ok
19:29:13.0273 2584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:29:13.0278 2584 sermouse - ok
19:29:13.0453 2584 ServiceLayer (c2644dc3cac06aff97a9359632c9c175) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
19:29:13.0499 2584 ServiceLayer - ok
19:29:13.0560 2584 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:29:13.0565 2584 SessionEnv - ok
19:29:13.0581 2584 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:29:13.0586 2584 sffdisk - ok
19:29:13.0613 2584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:29:13.0618 2584 sffp_mmc - ok
19:29:13.0678 2584 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:29:13.0683 2584 sffp_sd - ok
19:29:13.0693 2584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:29:13.0699 2584 sfloppy - ok
19:29:13.0769 2584 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:29:13.0785 2584 ShellHWDetection - ok
19:29:13.0806 2584 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:29:13.0808 2584 sisagp - ok
19:29:13.0841 2584 SiSGbeLH (f7da61bd62a16510227656c3477e2b52) C:\Windows\system32\DRIVERS\SiSGB6.sys
19:29:13.0848 2584 SiSGbeLH - ok
19:29:13.0872 2584 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:29:13.0874 2584 SiSRaid2 - ok
19:29:13.0890 2584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:29:13.0892 2584 SiSRaid4 - ok
19:29:14.0086 2584 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:29:14.0172 2584 slsvc - ok
19:29:14.0264 2584 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:29:14.0269 2584 SLUINotify - ok
19:29:14.0307 2584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:29:14.0309 2584 Smb - ok
19:29:14.0386 2584 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
19:29:14.0416 2584 smserial - ok
19:29:14.0490 2584 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:29:14.0498 2584 SNMPTRAP - ok
19:29:14.0671 2584 SNP2UVC (a709dfa1674c1ed61ef7b5f29b38eeb1) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:29:14.0709 2584 SNP2UVC - ok
19:29:14.0845 2584 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
19:29:14.0896 2584 Sony PC Companion - ok
19:29:15.0047 2584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:29:15.0056 2584 spldr - ok
19:29:15.0093 2584 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:29:15.0099 2584 Spooler - ok
19:29:15.0148 2584 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
19:29:15.0150 2584 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:29:15.0152 2584 sptd ( LockedFile.Multi.Generic ) - warning
19:29:15.0152 2584 sptd - detected LockedFile.Multi.Generic (1)
19:29:15.0209 2584 SRS_PremiumSound_Service (43e8e8238ff52a807d5c17f1ae5cc49c) C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
19:29:15.0214 2584 SRS_PremiumSound_Service - ok
19:29:15.0276 2584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:29:15.0282 2584 srv - ok
19:29:15.0315 2584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:29:15.0318 2584 srv2 - ok
19:29:15.0333 2584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:29:15.0335 2584 srvnet - ok
19:29:15.0362 2584 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:29:15.0368 2584 SSDPSRV - ok
19:29:15.0417 2584 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:29:15.0419 2584 ssmdrv - ok
19:29:15.0449 2584 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:29:15.0455 2584 SstpSvc - ok
19:29:15.0498 2584 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
19:29:15.0504 2584 StarOpen - ok
19:29:15.0557 2584 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:29:15.0596 2584 stisvc - ok
19:29:15.0633 2584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:29:15.0640 2584 swenum - ok
19:29:15.0673 2584 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:29:15.0683 2584 swprv - ok
19:29:15.0701 2584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:29:15.0704 2584 Symc8xx - ok
19:29:15.0724 2584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:29:15.0732 2584 Sym_hi - ok
19:29:15.0746 2584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:29:15.0749 2584 Sym_u3 - ok
19:29:15.0792 2584 SynTP (74c8a2be9dc85cc7bd9849575d33ffcc) C:\Windows\system32\DRIVERS\SynTP.sys
19:29:15.0797 2584 SynTP - ok
19:29:15.0841 2584 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:29:15.0876 2584 SysMain - ok
19:29:15.0965 2584 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:29:15.0971 2584 TabletInputService - ok
19:29:16.0006 2584 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:29:16.0016 2584 TapiSrv - ok
19:29:16.0032 2584 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:29:16.0037 2584 TBS - ok
19:29:16.0102 2584 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:29:16.0131 2584 Tcpip - ok
19:29:16.0148 2584 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:29:16.0156 2584 Tcpip6 - ok
19:29:16.0191 2584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:29:16.0198 2584 tcpipreg - ok
19:29:16.0219 2584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:29:16.0226 2584 TDPIPE - ok
19:29:16.0248 2584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:29:16.0254 2584 TDTCP - ok
19:29:16.0286 2584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:29:16.0289 2584 tdx - ok
19:29:16.0488 2584 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:29:16.0595 2584 TeamViewer7 - ok
19:29:16.0735 2584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:29:16.0738 2584 TermDD - ok
19:29:16.0824 2584 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:29:16.0852 2584 TermService - ok
19:29:16.0922 2584 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:29:16.0928 2584 Themes - ok
19:29:16.0960 2584 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:29:16.0964 2584 THREADORDER - ok
19:29:17.0042 2584 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:29:17.0054 2584 TrkWks - ok
19:29:17.0100 2584 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:29:17.0142 2584 TrustedInstaller - ok
19:29:17.0174 2584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:17.0176 2584 tssecsrv - ok
19:29:17.0193 2584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:29:17.0200 2584 tunmp - ok
19:29:17.0290 2584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:29:17.0293 2584 tunnel - ok
19:29:17.0420 2584 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:29:17.0423 2584 uagp35 - ok
19:29:17.0448 2584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:29:17.0476 2584 udfs - ok
19:29:17.0517 2584 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:29:17.0530 2584 UI0Detect - ok
19:29:17.0557 2584 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:29:17.0559 2584 uliagpkx - ok
19:29:17.0607 2584 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:29:17.0612 2584 uliahci - ok
19:29:17.0636 2584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:29:17.0638 2584 UlSata - ok
19:29:17.0662 2584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:29:17.0665 2584 ulsata2 - ok
19:29:17.0691 2584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:29:17.0693 2584 umbus - ok
19:29:17.0719 2584 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:29:17.0748 2584 upnphost - ok
19:29:17.0782 2584 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:29:17.0789 2584 upperdev - ok
19:29:17.0799 2584 USBAAPL - ok
19:29:17.0833 2584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:17.0836 2584 usbccgp - ok
19:29:17.0867 2584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:29:17.0869 2584 usbcir - ok
19:29:17.0893 2584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:29:17.0898 2584 usbehci - ok
19:29:17.0939 2584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:29:17.0949 2584 usbhub - ok
19:29:18.0008 2584 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:29:18.0015 2584 usbohci - ok
19:29:18.0044 2584 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:29:18.0051 2584 usbprint - ok
19:29:18.0088 2584 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:29:18.0091 2584 usbscan - ok
19:29:18.0129 2584 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
19:29:18.0132 2584 usbser - ok
19:29:18.0147 2584 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:29:18.0153 2584 UsbserFilt - ok
19:29:18.0185 2584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:18.0193 2584 USBSTOR - ok
19:29:18.0232 2584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:29:18.0235 2584 usbuhci - ok
19:29:18.0262 2584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:29:18.0265 2584 usbvideo - ok
19:29:18.0295 2584 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:29:18.0306 2584 UxSms - ok
19:29:18.0352 2584 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:29:18.0368 2584 vds - ok
19:29:18.0412 2584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:18.0414 2584 vga - ok
19:29:18.0450 2584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:29:18.0452 2584 VgaSave - ok
19:29:18.0465 2584 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:29:18.0467 2584 viaagp - ok
19:29:18.0549 2584 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:29:18.0551 2584 ViaC7 - ok
19:29:18.0573 2584 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:29:18.0583 2584 viaide - ok
19:29:18.0604 2584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:29:18.0607 2584 volmgr - ok
19:29:18.0638 2584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:29:18.0653 2584 volmgrx - ok
19:29:18.0687 2584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:29:18.0690 2584 volsnap - ok
19:29:18.0715 2584 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:29:18.0725 2584 vsmraid - ok
19:29:18.0789 2584 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:29:18.0811 2584 VSS - ok
19:29:18.0846 2584 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:29:18.0875 2584 W32Time - ok
19:29:18.0944 2584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:29:18.0947 2584 WacomPen - ok
19:29:18.0986 2584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:18.0993 2584 Wanarp - ok
19:29:18.0998 2584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:29:19.0001 2584 Wanarpv6 - ok
19:29:19.0080 2584 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:29:19.0109 2584 wcncsvc - ok
19:29:19.0139 2584 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:29:19.0144 2584 WcsPlugInService - ok
19:29:19.0162 2584 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:29:19.0164 2584 Wd - ok
19:29:19.0197 2584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:29:19.0210 2584 Wdf01000 - ok
19:29:19.0228 2584 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:29:19.0241 2584 WdiServiceHost - ok
19:29:19.0245 2584 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:29:19.0254 2584 WdiSystemHost - ok
19:29:19.0289 2584 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:29:19.0308 2584 WebClient - ok
19:29:19.0344 2584 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:29:19.0351 2584 Wecsvc - ok
19:29:19.0371 2584 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:29:19.0377 2584 wercplsupport - ok
19:29:19.0400 2584 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:29:19.0414 2584 WerSvc - ok
19:29:19.0422 2584 WinHttpAutoProxySvc - ok
19:29:19.0471 2584 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:29:19.0535 2584 Winmgmt - ok
19:29:19.0621 2584 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:29:19.0669 2584 WinRM - ok
19:29:19.0723 2584 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:29:19.0749 2584 Wlansvc - ok
19:29:19.0803 2584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:29:19.0809 2584 WmiAcpi - ok
19:29:19.0863 2584 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:29:19.0865 2584 wmiApSrv - ok
19:29:19.0994 2584 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:29:20.0016 2584 WMPNetworkSvc - ok
19:29:20.0050 2584 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:29:20.0057 2584 WPCSvc - ok
19:29:20.0112 2584 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:29:20.0127 2584 WPDBusEnum - ok
19:29:20.0213 2584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:29:20.0216 2584 WpdUsb - ok
19:29:20.0410 2584 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:29:20.0454 2584 WPFFontCache_v0400 - ok
19:29:20.0476 2584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:29:20.0478 2584 ws2ifsl - ok
19:29:20.0486 2584 WSearch - ok
19:29:20.0585 2584 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:29:20.0665 2584 wuauserv - ok
19:29:20.0767 2584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:20.0770 2584 WUDFRd - ok
19:29:20.0803 2584 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:29:20.0809 2584 wudfsvc - ok
19:29:20.0842 2584 XDva326 - ok
19:29:20.0867 2584 XDva349 - ok
19:29:21.0046 2584 YahooAUService (a430ac85206d524672e7b393d7366e56) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:29:21.0081 2584 YahooAUService - ok
19:29:21.0145 2584 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:29:21.0154 2584 yukonwlh - ok
19:29:21.0194 2584 ZTEusbmdm6k (1d4eb2e5fc4276cd5e9b862d349f68bd) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:29:21.0197 2584 ZTEusbmdm6k - ok
19:29:21.0215 2584 ZTEusbnmea (1d4eb2e5fc4276cd5e9b862d349f68bd) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:29:21.0218 2584 ZTEusbnmea - ok
19:29:21.0245 2584 ZTEusbser6k (1d4eb2e5fc4276cd5e9b862d349f68bd) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:29:21.0247 2584 ZTEusbser6k - ok
19:29:21.0283 2584 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
19:29:21.0689 2584 \Device\Harddisk0\DR0 - ok
19:29:21.0694 2584 Boot (0x1200) (ed865d473fb721f81a5ecf5f39afc279) \Device\Harddisk0\DR0\Partition0
19:29:21.0696 2584 \Device\Harddisk0\DR0\Partition0 - ok
19:29:21.0703 2584 Boot (0x1200) (92b19784da768d863001651f9d19d140) \Device\Harddisk0\DR0\Partition1
19:29:21.0704 2584 \Device\Harddisk0\DR0\Partition1 - ok
19:29:21.0706 2584 ============================================================
19:29:21.0706 2584 Scan finished
19:29:21.0706 2584 ============================================================
19:29:21.0721 1248 Detected object count: 1
19:29:21.0722 1248 Actual detected object count: 1
19:29:42.0142 1248 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:29:42.0142 1248 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Edited by marts_8, 01 August 2012 - 06:41 AM.


#5 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 August 2012 - 06:48 AM

aswMBR log, last scan which is eset, to follow:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 19:31:36
-----------------------------
19:31:36.693 OS Version: Windows 6.0.6002 Service Pack 2
19:31:36.693 Number of processors: 2 586 0x170A
19:31:36.695 ComputerName: USER UserName: user
19:32:22.409 Initialize success
19:36:32.815 AVAST engine defs: 12080100
19:36:37.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:36:37.860 Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 3
19:36:37.873 Disk 0 MBR read successfully
19:36:37.876 Disk 0 MBR scan
19:36:37.906 Disk 0 unknown MBR code
19:36:37.909 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
19:36:37.970 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 20482875
19:36:37.977 Disk 0 Partition - 00 0F Extended LBA 142623 MB offset 333043515
19:36:38.014 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142623 MB offset 333043578
19:36:38.022 Disk 0 scanning sectors +625137345
19:36:38.229 Disk 0 scanning C:\Windows\system32\drivers
19:37:01.115 Service scanning
19:37:23.681 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:37:31.997 Modules scanning
19:37:39.121 Disk 0 trace - called modules:
19:37:39.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85d231f8]<<
19:37:39.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fb3ac8]
19:37:39.378 3 CLASSPNP.SYS[8afa18b3] -> nt!IofCallDriver -> [0x85dc9598]
19:37:39.383 5 acpi.sys[807c16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85dc96c0]
19:37:39.388 \Driver\atapi[0x85d85030] -> IRP_MJ_CREATE -> 0x85d231f8
19:37:41.173 AVAST engine scan C:\Windows
19:37:49.211 AVAST engine scan C:\Windows\system32
19:44:52.082 AVAST engine scan C:\Windows\system32\drivers
19:45:14.627 AVAST engine scan C:\Users\user
19:45:41.963 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\Desktop\MBR.dat"
19:45:41.970 The log file has been saved successfully to "C:\Users\user\Documents\Desktop\aswMBR.txt"

#6 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 01 August 2012 - 10:56 AM

last scan from eset:

C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGHYQCTO\soft5[1].exe a variant of Win32/Kryptik.AJGC trojan
C:\Users\user\AppData\Local\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\n a variant of Win32/Kryptik.AJGF trojan
C:\Users\user\Downloads\trojankiller2094-setup.exe a variant of Win32/1AntiVirus application
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\n a variant of Win32/Kryptik.AJGF trojan
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\U\80000000.@ a variant of Win32/Sirefef.FA trojan
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\Windows\System32\c_48822.nl_ a variant of Win32/Sirefef.CR trojan
Operating memory Win32/Sirefef.EV trojan

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:39 PM

Posted 01 August 2012 - 12:40 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 02 August 2012 - 04:45 AM

here is the systemLOOK log:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:46 on 02/08/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache\services.exe --a---- 279552 bytes [09:52 02/11/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe --a---- 279552 bytes [06:27 22/07/2009] [06:27 11/04/2009] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:24 21/01/2008] [02:24 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [06:27 22/07/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}"
C:\Users\user\AppData\Local\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b} d--hs-- [05:35 11/01/2012]
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b} d--hs-- [05:35 11/01/2012]

-= EOF =-


the Malwarebytes log for first full scan saw a lot of virus. i did a second one on quick scan (or should i still do the full scan)? and it detected 1 virus. im now doing it a third time which i think will have the same result as the 2nd scan. the virus just cant be deleted by MBAM.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER [administrator]

8/2/2012 10:51:11 AM
mbam-log-2012-08-02 (10-51-11).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 538884
Time elapsed: 6 hour(s), 13 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\user\AppData\Local\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Program Files\games\Gardenscapes.v1.0.cracked-THETA(2)\Gardenscapes.v1.0.cracked-THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Program Files\games\kitchen brigade\Stubs\826154509cc482d6fef19219e49a855a5fb554c\KitchenBrigade.RWG (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Program Files\games\kitchen brigade\Stubs\bd175276687ab701f2cd79c5ad369192847ce8d\RAW_003.wdt (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\user\AppData\Local\6188829d\X.vir (Trojan.Agent.PE3) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\user\AppData\Local\6188829d\U\80000000.@.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\user\AppData\Local\6188829d\U\800000cb.@.vir (Backdoor.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QGHYQCTO\soft5[1].exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKOC14I0\soft4[2].exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\temp\4E14.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\temp\55D1.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\n (RootKit.0Access) -> Delete on reboot.
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\n (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\c_48822.nl_ (Backdoor.0Access) -> Quarantined and deleted successfully.
D:\Program Files\games\Stand O Food 3\Crack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\marts d drive\audio video\VSO ConvertXtoDVD 3.8.0.193h+keygen\Keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.

(end)


this is the second scan done quick scan mode:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER [administrator]

8/2/2012 5:20:25 PM
mbam-log-2012-08-02 (17-20-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227647
Time elapsed: 11 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

#9 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 02 August 2012 - 04:48 AM

Im going to do the Minitool box, FSS and adwcleaner next.

#10 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 02 August 2012 - 05:07 AM

the rest of the logs:

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 02-08-2012 at 17:55:23
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: proxy.dlsu.edu.ph:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

SiS191 Ethernet Controller = Local Area Connection (Connected)
Atheros AR928X Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1
add address name="Local Area Connection" address=192.168.1.26
add address name="Wireless Network Connection" address=192.168.1.27


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : user
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR928X Wireless Network Adapter
Physical Address. . . . . . . . . : 00-22-43-70-A8-F2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SiS191 Ethernet Controller
Physical Address. . . . . . . . . : 00-24-8C-3C-A5-E5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac33:eba9:8479:9346%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.26(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268444812
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2B-D1-DC-00-24-8C-3C-A5-E5
DNS Servers . . . . . . . . . . . : 192.168.1.1
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.2_WAN_Broadband_Router
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F3BF58C8-9FCE-41A9-9009-491D52D23C83}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8EA68164-26D8-4E23-A023-2A5EB03C3888}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: 2_WAN_Broadband_Router.2_WAN_Broadband_Router
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4003:803::1002
74.125.235.36
74.125.235.37
74.125.235.38
74.125.235.39
74.125.235.40
74.125.235.41
74.125.235.46
74.125.235.32
74.125.235.33
74.125.235.34
74.125.235.35

Pinging google.com [173.194.38.161] with 32 bytes of data:Reply from 173.194.38.161: bytes=32 time=121ms TTL=53Reply from 173.194.38.161: bytes=32 time=226ms TTL=56Ping statistics for 173.194.38.161: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 121ms, Maximum = 226ms, Average = 173msServer: 2_WAN_Broadband_Router.2_WAN_Broadband_Router
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:Reply from 209.191.122.70: bytes=32 time=288ms TTL=51Reply from 209.191.122.70: bytes=32 time=282ms TTL=51Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 282ms, Maximum = 288ms, Average = 285msServer: 2_WAN_Broadband_Router.2_WAN_Broadband_Router
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
17 ...00 22 43 70 a8 f2 ...... Atheros AR928X Wireless Network Adapter
12 ...00 24 8c 3c a5 e5 ...... SiS191 Ethernet Controller
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.2_WAN_Broadband_Router
19 ...00 00 00 00 00 00 00 e0 isatap.{F3BF58C8-9FCE-41A9-9009-491D52D23C83}
16 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.{8EA68164-26D8-4E23-A023-2A5EB03C3888}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.26 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.26 296
169.254.255.255 255.255.255.255 On-link 192.168.1.26 276
192.168.1.0 255.255.255.0 On-link 192.168.1.26 276
192.168.1.26 255.255.255.255 On-link 192.168.1.26 276
192.168.1.255 255.255.255.255 On-link 192.168.1.26 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.26 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.26 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 276 fe80::/64 On-link
12 276 fe80::ac33:eba9:8479:9346/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/02/2012 05:36:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 05:15:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 10:39:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2012 10:17:39 PM) (Source: Application Error) (User: )
Description: Faulting application YahooMessenger.exe, version 10.0.0.1270, time stamp 0x4c053ffe, faulting module YahooMessenger.exe, version 10.0.0.1270, time stamp 0x4c053ffe, exception code 0xc0000005, fault offset 0x00104daf,
process id 0x14b8, application start time 0xYahooMessenger.exe0.

Error: (08/01/2012 06:53:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2012 04:33:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2012 03:22:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 09:12:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 07:55:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2012 02:18:55 PM) (Source: Application Hang) (User: )
Description: The program YahooMessenger.exe version 10.0.0.1270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17e4
Start Time: 01cd6e17412e9f10
Termination Time: 54


System errors:
=============
Error: (08/02/2012 05:38:19 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (08/02/2012 05:36:43 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{F40211E8-05C9-4430-B832-041A5ECD7FA2}

Error: (08/02/2012 05:36:21 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{34ABA258-14C1-4290-B2EF-5787B6218996}

Error: (08/02/2012 05:18:37 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (08/02/2012 05:15:59 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{F40211E8-05C9-4430-B832-041A5ECD7FA2}

Error: (08/02/2012 05:15:36 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{34ABA258-14C1-4290-B2EF-5787B6218996}

Error: (08/02/2012 10:39:49 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (08/02/2012 10:39:44 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{F40211E8-05C9-4430-B832-041A5ECD7FA2}

Error: (08/02/2012 10:39:38 AM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{34ABA258-14C1-4290-B2EF-5787B6218996}

Error: (08/01/2012 06:59:01 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\ACEngSvr.exe -Embedding2{F40211E8-05C9-4430-B832-041A5ECD7FA2}


Microsoft Office Sessions:
=========================
Error: (07/23/2012 09:08:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1940 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/30/2010 06:45:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6850 seconds with 5760 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
ABC Amber LIT Converter
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Amazing Adventures Riddle of the Two Knights
Anki
Any Video Converter 3.0.3
Apple Application Support (Version: 1.3.1)
Apple Software Update (Version: 2.1.1.116)
ASUS CopyProtect (Version: 1.0.0009)
ASUS Data Security Manager (Version: 1.00.0008)
ASUS LifeFrame3 (Version: 3.0.14)
ASUS Live Update (Version: 2.5.7)
ASUS MultiFrame (Version: 1.0.0018)
ASUS Power4Gear Hybrid (Version: 1.1.09)
ASUS SmartLogon (Version: 1.0.0005)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0023)
ASUS Virtual Camera (Version: 1.0.11)
Atheros Client Installation Program (Version: 7.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0045)
ATK Media (Version: 2.0.0001)
ATKOSD2 (Version: 7.0.0002)
AudioShell 1.3.5 (Version: 1.3.5)
Avira Free Antivirus (Version: 12.0.0.1125)
BearShare (Version: 9.0.0.99482)
Bonjour (Version: 1.0.106)
calibre (Version: 0.8.46)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MX320 series MP Drivers
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 3.2.0.10)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.3 (Version: 3.3.0.0)
Canon Utilities EOS Utility (Version: 2.8.1.0)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities Original Data Security Tools (Version: 1.3.0.0)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.2.0.1)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.1209.2131.38627)
Catalyst Control Center Graphics Full Existing (Version: 2008.1209.2131.38627)
Catalyst Control Center Graphics Full New (Version: 2008.1209.2131.38627)
Catalyst Control Center Graphics Light (Version: 2008.1209.2131.38627)
Catalyst Control Center Graphics Previews Common (Version: 2008.1209.2131.38627)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1209.2131.38627)
Catalyst Control Center InstallProxy (Version: 2008.1209.2131.38627)
Catalyst Control Center Localization All (Version: 2008.1209.2131.38627)
ccc-core-static (Version: 2008.1209.2131.38627)
ccc-utility (Version: 2008.1209.2131.38627)
CCC Help Chinese Standard (Version: 2008.1209.2130.38627)
CCC Help Chinese Traditional (Version: 2008.1209.2130.38627)
CCC Help Czech (Version: 2008.1209.2130.38627)
CCC Help Danish (Version: 2008.1209.2130.38627)
CCC Help Dutch (Version: 2008.1209.2130.38627)
CCC Help English (Version: 2008.1209.2130.38627)
CCC Help Finnish (Version: 2008.1209.2130.38627)
CCC Help French (Version: 2008.1209.2130.38627)
CCC Help German (Version: 2008.1209.2130.38627)
CCC Help Greek (Version: 2008.1209.2130.38627)
CCC Help Hungarian (Version: 2008.1209.2130.38627)
CCC Help Italian (Version: 2008.1209.2130.38627)
CCC Help Japanese (Version: 2008.1209.2130.38627)
CCC Help Korean (Version: 2008.1209.2130.38627)
CCC Help Norwegian (Version: 2008.1209.2130.38627)
CCC Help Polish (Version: 2008.1209.2130.38627)
CCC Help Portuguese (Version: 2008.1209.2130.38627)
CCC Help Russian (Version: 2008.1209.2130.38627)
CCC Help Spanish (Version: 2008.1209.2130.38627)
CCC Help Swedish (Version: 2008.1209.2130.38627)
CCC Help Thai (Version: 2008.1209.2130.38627)
CCC Help Turkish (Version: 2008.1209.2130.38627)
CDBurnerXP (Version: 4.4.0.2905)
Chikka Messenger
Chinese Simplified Fonts Support For Adobe Reader 8 (Version: 8.0.0)
Chinese Traditional Fonts Support For Adobe Reader 8 (Version: 8.0.0)
Cisco EAP-FAST Module (Version: 2.2.9)
Cisco LEAP Module (Version: 1.0.15)
Cisco PEAP Module (Version: 1.1.2)
Citrix online plug-in (DV) (Version: 12.0.3.6)
Citrix online plug-in (HDX) (Version: 12.0.3.6)
Citrix online plug-in (USB) (Version: 12.0.3.6)
Citrix online plug-in (Web) (Version: 12.0.3.6)
Citrix Presentation Server Client (Version: 10.00.52110)
COL Chart For IE7
Connect (Version: 1.0.0.1)
ConvertXtoDVD 3.8.0.193h (Version: 3.8.0.193h)
Cooking Academy 3 Recipe for Success 1.00
CrypTool 1.4.21 (Version: 1.4.21)
CyberLink LabelPrint (Version: 2.0.2908)
CyberLink Power2Go (Version: 6.0.1924)
DAEMON Tools Toolbar (Version: 1.1.2.0185)
Delicious - Emily's Childhood Memories PE (Version: 1.0)
Delicious - Emily's Childhood Memories Premium Edition (Version: 1.0)
Delicious 4 - Emilys Taste of Fame (Version: 1.000)
Documents To Go (Version: 7.006.940)
e-Manage2 USB Device Driver Set
eMule
EOS USB WIA Driver (Version: 6.0.1.5)
ESET Online Scanner v3
Express Gate (Version: 1.0.5.3)
FastStone Image Viewer 4.2 (Version: 4.2)
FrostWire 4.18.6 (Version: 4.18.6.0)
Google Desktop (Version: 5.9.1005.12335)
Google SketchUp Pro 8 (Version: 3.0.3117)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GReddy e-manage Ultimate (Version: 1.00.0000)
Hoyle Casino (Version: 1.0.0)
inSSIDer (Version: 1.2.8)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.7.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
K-Lite Codec Pack 7.0.0 (Full) (Version: 7.0.0)
KeyHoleTV
kuler (Version: 2.0)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MediaInfo 0.7.47 (Version: 0.7.47)
MetaStock Professional 11.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Million Dollar Password 2009 Edition
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.01.0000.00)
NetBeans IDE 6.8 (Version: 6.8)
Nokia Connectivity Cable Driver (Version: 7.1.16.0)
Nokia Flashing Cable Driver (Version: 8.6.0.2)
Nokia Ovi Application Installer (Version: 6.85.3011)
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier (Version: 6.85.3011)
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi Suite (Version: 3.1.311)
Nokia Ovi System Utilities (Version: 6.85.3016)
Nokia Ovi System Utilities 6.85.3016
Nokia Photos (Version: 1.6.145)
Nokia Software Updater (Version: 01.04.035.32590)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.5.197)
Norton Internet Security (Version: 16.0.0.125)
Notepad++ (Version: 6.1.2)
oDesk Team
Palm Desktop by ACCESS (Version: 6.4.0.0)
PalmSource Package Installer 1.5 (Version: 1.5)
PC Connectivity Solution (Version: 9.39.0.0)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Picasa 3 (Version: 3.8)
PLDT WatchPad (Version: 1.0.0.49)
PokerStars
PSEGet3 (Beta) (Version: 3.0.0)
QuickTime (Version: 7.67.75.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5767)
Recuva (Version: 1.42)
Reel Deal Slots Adventure World Tour (Version: 1.00.0000)
Sandlot Games Client Services 1.2.2
Sid Meier's Civilization 4 (Version: 1.00.0000)
Sid Meier's Civilization 4 (Version: 1.74)
SimCity 4 Deluxe
Skins (Version: 2008.1209.2131.38627)
Skype™ 5.5 (Version: 5.5.113)
SMART BRO (Version: 1.0.0.0)
Sony PC Companion 2.10.065 (Version: 2.10.065)
SRS Premium Sound (Version: 1.07.0300)
Stand O Food 3 (Version: 1.0)
STATISTICA Trial 10.0.1011.0 (Version: 10.0.1011.0)
STATNOVAPDF (novaPDF 7.4 printer)
Suite Shared Configuration CS4 (Version: 1.0)
Sun GlassFish Enterprise Server v3
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
Synaptics Pointing Device Driver (Version: 11.2.2.0)
SyQic Yoonic Engine - PLDT Watchpad (Version: 1.0.0)
TeamViewer 7 (Version: 7.0.12979)
The Sims 3 Ultimate Bundle (Version: 1.0)
The Sims™ 3 (Version: 1.33.2)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
Top Chef (Version: 1.0)
Tradewinds Odyssey v1.001
Trojan Killer 2.0
Tropico 4 1.00 (Version: 1.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
USB 2.0 UVC 1.3M WebCam
V-Ray for SketchUp (Version: 1.49.01)
Venice Lobby (Version: 3.035)
VLC media player 1.1.11 (Version: 1.1.11)
VoiceOver Kit (Version: 1.20.128.0)
Westward IV - All Aboard v1.004 (Version: 1.004)
WIDCOMM Bluetooth Software (Version: 5.2.0.800)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFlash
WinRAR archiver
Wireless Console 2 (Version: 2.0.10)
XMind (Version: 3.1.1)
Yahoo! BrowserPlus 2.7.1
Yahoo! Detect
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Youda Sushi Chef (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3070.58 MB
Available physical RAM: 1929.09 MB
Total Pagefile: 6363.43 MB
Available Pagefile: 5186.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.53 MB

========================= Partitions: =====================================

1 Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:0.29 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:139.28 GB) (Free:22.45 GB) NTFS

========================= Users: ========================================

User accounts for \\USER

Administrator Guest user


**** End of log ****




Farbar Service Scanner Version: 26-07-2012
Ran by user (administrator) on 02-08-2012 at 17:56:35
Running from "C:\Users\user\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 15:31] - [2012-03-30 20:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 10:24] - [2008-01-21 10:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



# AdwCleaner v1.800 - Logfile created 08/02/2012 at 17:57:47
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : user - USER
# Running from : C:\Users\user\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

*************************

AdwCleaner[S1].txt - [4983 octets] - [02/08/2012 17:57:47]

########## EOF - C:\AdwCleaner[S1].txt - [5111 octets] ##########




Thanks!

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:39 PM

Posted 02 August 2012 - 09:27 AM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Restart the PC

Run a malwarebytes FULL SCAN,remove infections and post the log

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\user\AppData\Local\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}

delete the folders

Download

MpsSvc
BFE
wscsvc
defender
wscsvc
windefend
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#12 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 03 August 2012 - 07:53 AM

Hi Narenxp!! I think the virus is already deleted. so far no more pop-ups from Avira. here is the log of Malwarebytes before deletion of virus folders:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER [administrator]

8/2/2012 11:07:54 PM
mbam-log-2012-08-02 (23-07-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 536962
Time elapsed: 5 hour(s), 28 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


FSS log:

Farbar Service Scanner Version: 26-07-2012
Ran by user (administrator) on 03-08-2012 at 05:00:50
Running from "C:\Users\user\Documents\Desktop\services sakit"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 15:31] - [2012-03-30 20:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


here is the Malwarebytes log after all the steps:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER [administrator]

8/3/2012 5:01:58 AM
mbam-log-2012-08-03 (05-01-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228181
Time elapsed: 14 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:39 PM

Posted 03 August 2012 - 08:08 AM

Please post the new system look log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}

Click on LOOK,post the generated log



#14 marts_8

marts_8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 03 August 2012 - 08:32 AM

here is the systemlook log. thanks!!!

SystemLook 30.07.11 by jpshortstuff
Log created at 21:26 on 03/08/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache\services.exe --a---- 279552 bytes [09:52 02/11/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe --a---- 279552 bytes [06:27 22/07/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:24 21/01/2008] [02:24 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [06:27 22/07/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{8a4d8a2c-79c3-2758-aa72-a4b7d803397b}"
No folders found.

-= EOF =-

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:39 PM

Posted 03 August 2012 - 08:39 AM

Download

wuauserv

Launch it,click YES

Delete this file

C:\windows\system32\services.exe.old


Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 03 August 2012 - 08:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users